This surely is a known issue, but I would like someone to confirm that this IS a problem in Windows 8 that NEEDS to be fixed. It's a simple as that: when I connect to my corporate network through a VPN connection that becomes the default gateway, all Windows 8 UI apps report that there is no Internet connectivity and therefore do not work. Obviously the apps do not check for Internet connectivity and depend on the status of the network adapter that is provided by Windows - when the VPN connection is active, the status of the underlying Internet connection reads "Limited" or "No Internet access". This was not the case in Windows 7 - when the VPN connection was active, both connections reported "Internet access".

Please do not advise me to disable the "Use default gateway on remote network" option in the VPN adapter. I need all traffic to be routed through the VPN and what happens now is a BUG in Windows 8, not in other products. And a bug needs an acknowledgment and a fix, right?

• Changed type Niki HanModerator Wednesday, October 17, 2012 8:47 AM potential bug

I have exactly the same issue as the original poster, tested on two completely different machines with Wi-Fi.

Not only to the metro apps show "offline" in the top corner, they are indeed apparently unable to access the internet (i.e. their content doesn't update, they can't access streaming servers, etc)... so it seems a critical issue.

It's not possible to diagnose the problem using tracert, etc, because the VPN works perfectly fine at the Desktop, it's only metro apps that are unable to connect.

Based on the above comments, two theories come to mind

- a bug related to VPN over Wi-Fi (rather than Ethernet), possibly even certain Wi-Fi chipsets/drivers??

- a bug or fundamental restriction related to the "network isolation" features of Metro apps??
http://technet.microsoft.com/en-us/library/hh768193(v=vs.110).aspx

• Edited by tomdjpn Tuesday, October 16, 2012 7:02 AM

Bob, I tried this with PPTP and SSTP VPN - the first one created manually, the second using a Connection Manager profile. The result is the same. The idea of Tom is interesting - it might be a problem with the Wi-Fi stack since the same issue appears when I am using Mobile Broadband which appears as an SSID in the list of networks. I haven't tested this using a cable connection yet.

• Edited by Yordan Yordanov Tuesday, October 16, 2012 9:19 AM

i am unable to find a solution to this since Windows 8 CR. There is quite a number of complaints but no useful help as far as I may gather from the web.

I believe this is someting by design. Windows Apps (or Metro) have limited authority to use Windows resources. This is necessary to provide an additional layer of security as these apps are available in Windows Store and Microsoft wants to be damn sure that these apps will have no chance to mess up its Windows resources. I don't know if "authorization" can be individually altered using Visual Studio 2012 but it certainly won't be difficult to allow these Windows Apps to use VPN. I believe this is not a bug but a policy issue regarding Apps available from the Windows Store.

• Edited by usb0 Sunday, October 21, 2012 9:51 PM

I think the problem is not in the Metro apps - they are just consumers of the status that is being shown by the networking components of Windows, NLA maybe. Previous versions of Windows did not set the adapter's status to LIMITED when a VPN connection was active. Exactly that causes the behaviour with the Metro apps (or should we say "Windows 8 UI apps"). They just rely on what Windows reports on the status of the connection - if it was not LIMITED, but "Local and Internet", the problem would not be experienced. But that's just my speculation on the issue, I am not into Windows development at all.

Another problem with this status can occur when e.g. the DHCP server assigns a default domain suffix on the connection, but for some reason the status of the network connection hangs on "Identifying" in stead of listing the suffix. In this case, if I try to RDP a server without entering its FQDN, but only it's name and the RDP client has also a Remote Desktop Gateway server configured in its properties, the RDP client tries to connect using the configured Remote Desktop Gateway in stead of connecting directly to the server, although there IS direct connectivity through this connection.

In general - applications in Windows 8 seem to depend too much on what the network adapter reports in stead of trying to access the resource themselves.

• Edited by Yordan Yordanov Sunday, October 21, 2012 10:02 PM

I too am experiencing this issue. And the only "solution" listed anywhere is to untick Use Default Gateway, which completely negates the use of the VPN for my purposes. I have submitted several bug reports in the Apps mentioning this issue.

• Edited by jeisurii Saturday, October 27, 2012 5:50 AM

I spent some time looking deeper at this issue today. Here's the main points I found:

- behaviour is exactly the same no matter whether the physical network connection is Ethernet or Wi-Fi

- when a VPN is connected (in my case, using native Win8 VPN client), some (but not all) metro apps do not work properly

- apps that work fine include Mail (the preinstalled app), Store (again, preinstalled), SkyDrive (metro client), Skype (download from store) and MusixMatch (download from store)

- IE (metro browser) also works fine

- Bing (the preinstalled app) reports being offline (icon in top right corner), but actually works completely normally

- there are many apps that don't work - either reporting the PC is offline at launch, or some time later when try to access content not already cached. These non-working apps include Engadget, XBox Music and Video (they work ok for local content but say offline when try to access online content), Weather (preinstalled) and News (preinstalled)

- in conclusion, I have three theories but to get a definite answer we will need feedback from an expert Metro app developer and/or Microsoft:

(1) actually connectivity works fine on VPN, but some apps are checking the physical connection status (limited) and just refuse to go further [implies need fix by app developers and maybe guidance from MS regarding style guidelines]. Here is a very relevant link on how to correctly check connectivity:

http://quawp.azurewebsites.net/2012/10/checking-connectivity-the-correct-way/

(2) as above, but some app developers are implementing in this way on purpose so as to prevent them working on VPN, for whatever reason (e.g. restrictions imposed by content providers per region, DRM, etc)

(3) there is some other specific functionality in the Metro API which allows apps developers to check whether VPN is being used or not, and some app developers are deciding to disallow use on VPN

Anyway, for the many people who travel frequently and spend a lot of time with their PCs connected to their company's VPN, having many/most of the metro apps stop working is sure going to be inconvenient. (and constantly connecting/deconnecting from VPN when wanting to use a given app is hardly a suitable solution)

Comments from anyone who can narrow this down further would be appreciated...

• Edited by tomdjpn Sunday, October 28, 2012 5:43 AM

It only happens with Metro style apps, normal applications are unaffected by this. I almost don't use any, so it's not a big deal, but it is a bug that needs a fix. Microsoft went a step back with this behaviour - applications should always try accessing the network and if there is a problem with the connectivity, they would rely on the networking stack returning "no route to host" and not on some buggy status reported by the adapter. This breaks the whole idea of the OSI model in my opinion...

• Edited by Yordan Yordanov Sunday, October 28, 2012 4:06 PM

I'm having a similar problem but I believe I've traced it down to there being no IPv6 Network Protocol installed for my mobile broadband device, an issue caused by my ISP. Its the only difference I've found between a connection that works and one that doesn't! I believe these apps receive their updates through IPv6 networks and will not work without that connection. Check for IPv6 connectivity @ www.test-ipv6.com

Hmm... I just found out my ISP not provide Ipv6 support. Nevertheless I don't think It's the cause. It would be strange, if Metro apps rely on ipv6 so heavily, ipv6 is not so common nowadays, I believe.

To solve the problem you can try to configure you router (if you have one) to connect to VPN automatically. Thereby you will have only one connection on you PC, which provides Internet. Check your router manual and your provider's site how to do it.

• Edited by iZerw Wednesday, October 31, 2012 10:06 AM

Same problem with VPN here, confirmed both with ethernet and wifi, and different VPNs.

I cannot install the Hyper-V role because I'm using vmware and I don't want to mess up things. I hope that a fix will appear very soon...

I think that apps need an update, not the os, because some metro apps work perfectly, some others no... So maybe it's not a fault from the os, but as someone already said, it's a problem in the connectivity checkings done by some apps (some even first party...)

• Edited by cenit Tuesday, November 20, 2012 5:12 AM

Well the problem is that Microsoft refuse to provide solution for us because they think it's not massive issue. Tho it really drive me nuts. I already uninstalled Windows 8 and came back to Windows 7 with UI tweaks, which looks amazingly similar to Windows 8 one, so I'm happy with that. I was really crazy about getting Windows 8 ASAP, but Microsoft with their awful support killed all enthusiasm within me, so I probably wont use their products until I check them thousand times first.

• Edited by MrGuard Thursday, December 13, 2012 9:51 AM

I dont know exactly which one is the update needed for the matter, but this is a list of updates which were downloaded on 2/14/2013

• Edited by Ariana2008 Monday, February 18, 2013 7:18 PM

This fixed it for me! Thanks!

As reported above: http://support.microsoft.com/kb/2797356

• Edited by FunSideOfSteve Monday, March 04, 2013 10:05 PM Added Link

I work for a VPN company and just had to diagnose this exact problem with our VPN.  The problem that our customer reported was that Metro/Modern/Tiled (whatever they are called now) apps would not download data from the Internet, and the Metro version of IE would report an error that said something like "msn.com is not enabled in the Private profile".  In some configurations of our VPN, there was no default gateway on our virtual adapter (gateway address was equal to the IP address of the interface), and this apparently was the source of the problem.  You can tell if you have no gateway address by running "ipconfig" at a command prompt.  The default gateway for the adapter will be listed as 0.0.0.0.  We were able to fix the problem in our VPN configuration by adding the ability to specify a default gateway address, but for others who are having the problem, you might want to specify a default gateway for your VPN adapter in advanced IPv4 properties for the adapter.  Open "Network and Sharing Center", client "Change adapter settings" in the left pane, right click the adapter used by your VPN, click Properties, highlight the IPv4 protocol, click Properties, Advanced, and add a default gateway.  You may need to reboot the machine after adding the gateway address.  It apparently does not even have to be the address of an actual machine; as long as a default gateway is specified for the adapter, then Metro apps should work.  If that does not work, then try using a static IP address instead (if that will work with your VPN), and be sure to specify the gateway address when doing so.  Good luck!

• Edited by JoeSo Thursday, July 18, 2013 1:18 AM update2

Not in my case. I don't use VPN.

Desktop application can access internet but Windows Store Apps can't, untill one of services mentioned by MyPC8MyBrain is restarted ("Network Location Awareness" and "Network List Service").

Edited: System is up to date.

• Edited by Mirek_MS Monday, January 13, 2014 5:21 PM

I am surprised you report Skype as working for you. I am using Cisco Systems VPN Client Version 5.0.07.0440. When I open Skype, it claim to be offline, but not immediately. No messages ever get delivered and I never receive any messages until the connection is closed. When I check Allow Local LAN Acess in the cisco VPN client, which is the closest I can find to allowing non-VPN routing, that doesnt help.

So, why does the Modern Skype app work for everyone other than me? ;-) I do know that all of the Modern Windows apps work fine when I connect to another place using Cisco AnyConnect.

I had a similar issue and found that this Answers post had the solution that worked for me - turning sharing off on the VPN connection.

I had this issue and this solution seems to work for me (at least for the Xbox Music app--haven't tested it with others yet).

I did want to point out, though, that I only saw a lack of internet connectivity for most, but not all, of the Windows Store apps. Notably, Tweetium never experienced a loss in internet connectivity. I asked the author of the app about this and he had never even heard of the VPN-internet connectivity issue before. It might be useful for Microsoft to try and debug why this is occurring, and what difference there might be between how Tweetium accesses the network and most other Windows Store apps access the network.

The solution linked in the post I quoted works, but it's merely a work-around. I believe that this should be considered a bug and that Microsoft should look into it.

• Edited by sidran32 Tuesday, February 10, 2015 9:14 PM