Windows OS Hub
  • Windows Server
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Group Policies
  • Windows Clients
    • Windows 10
    • Windows 8
    • Windows 7
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
  • PowerShell
  • Exchange
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Group Policies
  • Windows Clients
    • Windows 10
    • Windows 8
    • Windows 7
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
  • PowerShell
  • Exchange

 Windows OS Hub / Windows 8 / Fix: Windows Modern Apps Don’t Work Over VPN Connection

June 18, 2015 Windows 8

Fix: Windows Modern Apps Don’t Work Over VPN Connection

You might have come across some modern Windows 8 apps (Metro apps) don’t see the Internet (failed to connect to the server, etc.) when using certain types of VPN connections to ISPs. However, as a rule, this issue doesn’t occur to all Metro apps. I. e., some apps work (usually these are standard Metro apps), and some don’t. At the same time classic Windows applications work with the Internet without any problems.

If you place a hardware router that initiates VPN connection to the provider before the computer, the issue doesn’t occur. It means that the problem occurs only in Windows 8 which has to set up a VPN tunnel itself.

The problem is quite old, but there is no official Microsoft solution so far (At least, I wasn’t able to find it).  In this article, we’ll examine the reason why it appears and how to solve it.

As you know, Modern Windows 8 Apps differ from classic Windows apps. In this context, we are interested in the fact that they are run in an isolated environment with the access to the loopback computer interface disabled by default. Since all tunnel interfaces (pptp, l2tp, pppoe), which use VPN, are loopback interfaces, the majority of Metro Apps cannot send network traffic to them, and, consequently, to access the Internet. The same is applies to local proxy servers (from the simplest ad removers, like Privoxy, to full-fledged proxy servers).

To give a Metro app full network access, you have to add privateNetworkClientServer to APPX manifest. When developing applications in Visual Studio, this access is enabled, but after the app has been published in Windows Store, the developer has to enable this feature manually in the manifest file.

While the tunnel interfaces on Windows are loopbacks, you will have either to ask developers to modify the apps or to use a workaround solution to make Metro Apps work correctly.

To implement a workaround, we’ll use a free HTTP/HTTPS proxy server Fiddler, meant for web apps debugging and inspecting all HTTP traffic between a computer and Internet servers (in particular, it can be used to get a direct link to download an installation APPX file of any Metro app from Windows Store).

  • Download Fiddler Web Debugger from this webpage (http://www.telerik.com/download/fiddler). For Windows 8 or later you’ll need Fiddler for .Net 4. (It is supposed that you have .NETv4 Framework installed on your computer)
  • Install Fiddler with the standard settings.
  • By default, Modern Apps cannot be debugged using Fiddler, since it works as a local proxy server on your computer (Metro Apps cannot send traffic through local proxy interface by default). You can remove this restriction (Loopback Restriction) in the program container AppContainers for a certain Metro app using Fiddler extension — Windows 8 AppContainer Loopback Utility (enableloopbackutility.exe). Download and install this extension.
  • After the utilities are installed, start Fiddler and in Tools menu select Win8 Loopback Exemptions (you can do the same, if you click the first Windows 8 button in the toolbar). Fiddler - Windows 8 AppContainer Loopback Utility  
  • Before performing the next step, make sure that your VPN is established (or a local proxy server is started).
  • Select Windows 8 Metro apps, which traffic should go through Fiddler and the loopback access restriction to be removed. If you have to select all apps, click Exempt All and save the configuration (Save Changes). AppContainer Loopback Exemption Utility
    Tip. As you can see, it is specified in this window that for security and reliability reasons Windows blocks Metro apps from sending network traffic to the local computer. AppContainer Loopback Exemption Utility disables this restriction for debugging and testing.
  • Minimize Fiddler (don’t close it!) and check network access from the Metro apps.
Important. If you install a new modern app, you will have to manually add it to Loopback Exemption list.

Fiddler is not suitable for productive use in corporate environment due to some inconveniences in its deployment and management. But as a workaround solution allowing to work with Metro apps in a VPN configuration, it is quite useful.

So, we have considered how to use Fiddler for giving Metro apps Internet access  through any VPN connection or local proxy server.

5 comments
0
Facebook Twitter Google + Pinterest
previous post
How to Repair a Corrupt Outlook PST File with Scanpst
next post
How Windows Determines That the File Has Been Downloaded from the Internet

Related Reading

How to Restore Deleted EFI System Partition in...

July 29, 2020

Internal SSD/SATA Drive Shows as a Removable in...

December 16, 2019

0x80092004: .NET Framework Install Error on Windows Server

September 16, 2019

Fix: The Local Print Spooler Service Not Running...

July 9, 2019

Resetting Windows Update Agent Settings

May 31, 2019

5 comments

Evan October 6, 2016 - 9:36 am

Thank you so much for the info! Worked great for restoring connecectivity of my Apps while using IPvanish

Reply
tal February 17, 2018 - 11:28 pm

Thanks! this solved my problem now with Cisco VPN and Windows 10 🙂
However Why do Fiddler needs to Capture or still run if the modern apps are exempt?
why does fiddler’s proxy behavior allows these modern apps to run through the cisco vpn when exempt?

Reply
Max February 19, 2018 - 11:15 am

As I already wrote, the problem is the limited access of modern apps to the loopback interface.
In order for modern applications to have access to the Internet, you need to constantly keep Fiddler running

Reply
Kazim February 22, 2018 - 10:53 am

Thanks for the tutorial Max, I tried the above on Win 10 + Nord VPN (trying to get Cortana to connect while using a VPN)- however, it didn’t work out for me. Any idea if this method still works on Win 10 (considering it worked for ‘tal’ on Win 10, not sure why its not working for me.) Thanks again!!

Reply
Adam June 12, 2019 - 7:58 pm

I thought this solution was a bit complicated so I looked for something else. I found this link which is just 2 settings to check and it worked for me with NordVPN. https://answers.microsoft.com/en-us/windows/forum/all/windows-store-not-working-while-running-on-a-vpn/90d51e9b-4f4c-4b63-b542-dfb1b6862239

Reply

Leave a Comment Cancel Reply

Categories

  • Active Directory
  • Group Policies
  • Exchange
  • Windows 10
  • Windows 8
  • Windows 7
  • Windows Server 2016
  • Windows Server 2012 R2
  • Windows Server 2008 R2
  • PowerShell
  • VMWare
  • MS Office

Recent Posts

  • MS SQL Server 2019 Installation Guide: Basic Settings and Recommendations

    January 19, 2021
  • USB Device Passthrough (Redirect) to Hyper-V Virtual Machine

    January 15, 2021
  • Windows 10: No Internet Connection After Connecting to VPN Server

    January 13, 2021
  • Updating the PowerShell Version on Windows

    December 24, 2020
  • How to Enable and Configure User Disk Quotas in Windows?

    December 23, 2020
  • Restoring Deleted Active Directory Objects/Users

    December 21, 2020
  • Fix: Search Feature in Outlook is Not Working

    December 18, 2020
  • Zabbix: Single Sign-On (SSO) Authentication in Active Directory

    December 17, 2020
  • Preparing Windows for Adobe Flash End of Life on December 31, 2020

    December 15, 2020
  • Auditing Weak Passwords in Active Directory

    December 14, 2020

Follow us

woshub.com
  • Facebook
  • Twitter
  • RSS
Popular Posts
  • How to Create a 4GB Windows 8.1 x64 Bootable USB Flash Drive
  • Access to more than 4GB of RAM on 32bit Windows 8 (x86)
  • Activation of Data Deduplication in Windows 8.1
  • How to Hide a Windows Service from Users
  • How to create a UEFI bootable USB flash drive for install Windows 8 / Server 2012
  • Windows 8 / 2012 Fix: “Failure configuring Windows updates. Reverting changes”
  • Driver Verifier: How to Troubleshoot & Identify Windows Driver Issues
Footer Logo

@2014 - 2018 - Windows OS Hub. All about operating systems for sysadmins


Back To Top