Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, May 1, 2013 8:20 PM
Hello,
I have a problem connecting to my VPN server (Server 2008 R2). I have successfully configured the VPN server along with Network Policy Server. I can connect to the VPN server with the Administrator account and that's it. I configured the NPS policies to allow also a special group (VPN Users), which can connect to the VPN server.
The problem is that the users that are in the group can't connect to the server, although the policy should allow them to connect. Everytime I try to connect I get error 645: There was an internal authentication error.
Any clues what could have gone wrong?
All replies (3)
Friday, May 3, 2013 7:49 AM ✅Answered
Hi,
Firstly, would you please let us know what authentication protocol do you use.
Selecting an Authentication Protocol
http://technet.microsoft.com/en-us/library/cc776833(v=ws.10).aspx
Meanwhile, regarding the issue, please check if the following article could help:
Authentication of VPN clients
http://technet.microsoft.com/en-us/library/cc782786(v=ws.10).aspx
VPN connection authentication and data encryption
http://technet.microsoft.com/en-us/library/cc785072(v=ws.10).aspx
Hope this helps.
Jeremy Wu
TechNet Community Support
Saturday, May 4, 2013 4:42 PM ✅Answered
It appears the the user is not in a group allowing them to connect, such as a policy or condition that's being hit first that doesn't allow non-admins to connect.
You might want to take look at the “Authentication Type” properties which is included in the connection properties condition group of network policy conditions.
Authentication Type - Specifies the authentication methods that are required for the connection request to match the network policy.
Network Policy Conditions Properties
http://technet.microsoft.com/en-us/library/cc731220(WS.10).aspx
RRAS Remote Access Policy
(creating multiple policies)
http://blogs.technet.com/b/rrasblog/archive/2006/06/19/rras-remote-access-policy.aspx
Ace Fekay
MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/
This post is provided AS-IS with no warranties or guarantees and confers no rights.
Friday, May 3, 2013 3:05 PM
Hi,
I got some more info about the error from the server:
Description:
CoId={8EA277D4-AFA5-336A-5D5A-600B0A15447A}: The following error occurred in the Point to Point Protocol module on port: VPN1-49, UserName: <Unauthenticated User>. Negotiation timed out.
It is still weird that the Admin account can connect, but others cannnot. I tried manually configuring user's settings under Dial-In and then allowed access to Network Access Permission but still the same error.