Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Unable to access Windows Store (Windows 10 + GP 3.0.2)

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Unable to access Windows Store (Windows 10 + GP 3.0.2)

L7 Applicator

Hello,

 

Does anyone else also have problems to access the windows store when connected with global protect vpn?

Actually the problem really only is the windows store app. Everything else works perfectly (internet access, accessing corporate ressources, internal websites, fileshares, ...). The store app only displays that I should check my internet connection and the error code 0x80072EFD.

The firewall has 7.0.6 installed and we have configured the vpn with the default route into the vpn tunnel.

 

Regards,

Remo

2 accepted solutions

Accepted Solutions

L7 Applicator

Has anybody tried this fix.

we had issues with win 10 and store a while ago, i was playing with various reg settings with some success but not credible as issue would come and go... our win 10 device users, not many, just accept that they need to connect via lan to use the store but our rollout is about to go to 4000 devices, sorry for waffleing on but i now have to look into this again, i found this online which seems to have worked for some... i have yet to try as waiting for test device.

 

Open up gpedit on your local device

Computer Configuration/Administrator Templates/Network/Network Isolation

Enable Subnet Definitions are authoritative

Private Network ranges for Apps Enable

Then add your internal network subnet range IE 10.0.0.0/8

Restart your device and hopefully your windows store is working

 

i will be able to test next week so will keep posted...

 

 

View solution in original post

55 REPLIES 55

L6 Presenter

Hi,

 

So when you are not using GP windows store work fine?

Did you try "nslookup" from the client with Wireshark PCAP to get more details?

 

Thx, 

Myky 

 

exactly, as soon as I disable GP --> the store app is able to connect

and I did also capture the traffic with vpn enabled and disabled ... on both captures I can see the dns queries related to the windows store app, but with vpn enabled there are ONLY the dns requests but no store-related https connection attemps

How about Palo logs? Do you see the traffic from the client (GP Zone) going outside (untrust) to the Microsoft store IP as destination. Threat logs?

one of the various fqdn's is storeedgefd.dsx.mp.microsoft.com (when I tried it resolved to 23.50.97.152).

on the firewall I have not one packet towards this ip and also nothing in the threatlog (actually if there was traffic I would be surprised because of the fact that I had no packets in the local packet capture)

Sure you said before no attempts from the client, my bad. This is strange. Did you try to do PCAP when connected through the GP on the local interface, not GP adapter? This is strange that you getting DNS but the client making desition not to initiate a connection after.

Yes, I also captured on that interface. For whatever reason I also see the dns requests there going out directly, but still only the dns requests and no https traffic

When did you notice this first time, any os update GP? All Windows 10 clients or just you unable to access? l cannot think of anything else what could be an issue. Don't have much experience with GP

this problem probably existst since we are testing with windows 10 ...

My answer would not help you but l have noticed that Windows 10 causing a lot of issues not just with your case.

is really no one using global protect on windows 10? 😛

Personally we don't run GP at all and have chosen to just continue to use ASAs for the VPN and have the PA do everything else. The issue with GP had more to do with it not being near as user friendly as AnyConnect has been and given the choice users didn't want to switch. 

L1 Bithead

Hello,

Did you solve this issue?

A customer of mine is having the same, and he pointed me to a checkpoint URL where it states that the microsoft Virtual Adaptor for the VPN tunnel is hiddent by default, and hence prevents the connection to the store.

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

Let me know...

Thanks,

Jérôme

Hi Jérôme

 

Unfortunately, now we stil haven't solve this issue. We just lowered the priority of this/had to accept that it does not work (actually our users don't really need this store on their working computers, so the problem is not that important)

I tried to adapt the checkpoint solution to the PANGB network adapter. But there the initial "characteristics" value was 81 (129 in decimal). I changed this to "1" but so far I am still not able to access the store when connected with VPN.

 

Thanks,

Remo

 

 

  • 2 accepted solutions
  • 34670 Views
  • 55 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!