Source: NCP engineering GmbH


Description:

After upgrading from Windows 7 to Windows 8/8.1 or Windows 10, users report that VPN connections over WLAN are unstable.

In some cases the WLAN disconnects as soon as the VPN connection is established, while in other cases it is impossible to reconnect to the WLAN while a VPN connection is active.

In most cases the connection is described as being more stable if the WLAN Manager of the LANCOM Advanced VPN Client is used instead of the operating system's on-board WLAN manager.


Causes and solutions:

These instabilities may occur in following situations:

Note:
Please be aware that negligence when making changes to the registry of the operating system can cause considerable damage which may, under certain circumstances, be irreparable. If you are inexperienced in modifiying the registry, always contact an administrator who is skilled in this.


1) Group Policy from Windows 8 (most common cause):

With Windows 8, Microsoft clients were given capabilities to minimize multiple parallel connections to the Internet or to domains. This can lead to the active disconnection of WLAN connections, and also you may be unable to reconnect should there be an active LAN connection to the domain network or the Internet.

The LANCOM Secure Client Adapter appears to the operating system as a LAN connection, which makes the feature described above unsuitable for stable operation. Please check and, if necessary, correct the following settings on the affected clients:

fminimizeConnections (0/1 or disabled/enabled) SHOULD be "disabled"
  • Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WcmSvc\GroupPolicy
  • Policy: Computer Configuration\Policies\Administrative Templates\Network\Network Connections\Windows Connection Manager, minimize number of simultaneous connections to the Internet or to a Windows domain


fBlockNonDomain (0/1 or disabled/enabled) SHOULD be "disabled"
  • Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WcmSvc\GroupPolicy
  • Policy: Computer Configuration\Policies\Administrative Templates\Network\Network Connections\Windows Connection Manager, prevent connections to non-domain networks in case of existing...


2) Energy options:

Some manufacturers' tools, and also the BIOS settings of some notebooks, include energy options that allow wireless connections to be disabled for energy saving if a LAN connection exists.

The LANCOM Secure Client Adapter appears to the operating system as a LAN connection, which makes the functions described above unsuitable for stable operation. Please check whether options of this type have been configured.

If group policies are not desired or not feasible for these settings in the Windows Connection Manager, then this setting should be carried out, at least in part, in the registry of the affected clients. The default setting for "fMinimizeConnections" is "enabled", unless this has been modified by a policy.

With Windows 8/8.1 an later, the following registry key allows WLAN connections to be established and kept open even in case of an existing VPN connection:

“HKLM\Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy”
“fMinimizeConnections” = "0"

Regardless of whether the computer belongs to a domain or not, please proceed as follows:
  • Start "Regedit.exe"
  • Search for the entry "HKLM\Software\Policies\Microsoft\Windows\WcmSvc"
  • If the "GroupPolicy" key does not exist, create it now
  • In "HKLM\Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy" create a new DWORD (32-bit) with the name "fMinimizeConnections" and leave the value at "0".

After restarting the operating system, and if so configured, WLAN connections are automatically established and kept open even if a VPN connection or LAN connection is active.


3) Finding the current settings:

To find and, if necessary, modify the operating system settings for "fminimizeConnections" and "fBlockNonDomain", you start the Microsoft Local Group Policy Editor (you will need the necessary permissions).
  • To do this, enter command "gpedit.msc".
  • The current settings can be viewed and/or modified under "Computer Configuration\Administrative Templates\Network\Windows Connection Manager".

Alternatively you can display the current group policy by using the command "rsop.msc" for the Resultant Set of Policy. This also displays the policy that was used to implement the setting in case it does not meet the requirements.