Connection Failed on AWS Client VPN - netsh command failed: external program did not execute -- returned error code -1

I have a AWS Client VPN set up and connecting to the endpoint on a Mac is fine, but some windows devices are not having it. The logs show the following:

2020-09-25 11:36:11.154 +01:00 [DBG] [TI=4] [9796] Fri Sep 25 11:36:11 2020 NETSH: C:\Windows\system32\netsh.exe interface ip set address Local Area Connection 2 dhcp
2020-09-25 11:36:11.154 +01:00 [DBG] [TI=4] [9796] Fri Sep 25 11:36:11 2020 ERROR: netsh command failed: external program did not execute -- returned error code -1

There is also:

2020-09-25 11:35:56.154 +01:00 [DBG] [TI=4] [9796] Fri Sep 25 11:35:56 2020 WARNING: External program may not be called unless '--script-security 2' or higher is enabled. See --help text or man page for detailed info.

However 'script-security' isn't allowed in the AWS Client configuration, so not sure how I am supposed to do that.

The connection initially works, and SAML authentication goes through without a hitch, but finalising the connection is not happening.

This happens for certain builds of company laptops - a different image is no problem, but I wouldn't mind trying to find out what is causing the difference. Any thoughts would be very welcomed.


Solution 1:

This problem occurs when TAP adapter is configured with static IP instead of DHCP. You should check the configuration of the TAP adapter.

  1. Go into Control Panel -> Network and Internet -> Network and Sharing Center
  2. Click "Change adapter settings"
  3. Select the TAP adapter
  4. Right click on it, and choose "Properties"
  5. Select IPv4 settings
  6. Click on "Properties"
  7. Select "Obtain an IP address automatically" and "Obtain DNS server address automatically"
  8. Click "OK" to apply
  9. If needed, repeat steps 5 to 8 for IPv6 settings

You may need to reboot the computer (or restart AWS client and service) before it works.