No announcement yet.

VPN user can't connect after having tried EAP-mschap v2

  • Filter
  • Time
  • Show
Clear All
new posts

  • VPN user can't connect after having tried EAP-mschap v2

    First of all hi! New user here! Can't say that I'm any good with IT but I get around the basics...

    Anyways I have Win 12 Essentials and have had it up and running for quiet a while with workgroup setup for a laptop and deskttop computer. It's been working great with home network, remote desktop and vpn. I have two users I primarily use, administrator and a standard user account.

    The last couple of days I've been setting up a SSTP client on my raspberry pi running debian (yeah that was scary as I've been strict windows user all my life). I got it to work but as I was experimenting with the VPN I read that I should use EAP-MSCHAP v2 instead of just regular MS-chapv2. So I installed the NPS and edited the network policy to use EAP-MSCHAP v2. I tried logging on from my laptop through VPN with the standard user and it worked! However I wasn't able to set up the SSTP client for linux with the EAP. Therefore I went back to regular MS-chapv2 as I really need the VPN service on the raspberry pi (this runs a Kodi mediacenter that I want to connect remotely to my server).

    This is where the problem begun. After reverting back I couldn't log into the VPN neither on my windows7-laptop or the raspberry pi. I have tried everything within NPS and googled like crazy. After extensive troubleshooting I realized that this only applies for the standard user. If I use the administrator credentials it works. Next I tried to create a new user (standard) for VPN access within the dashboard and VPN works for this user as well.

    They have the exact same permissions in AD users and group membership that is used with the network policy. I tried changing the password for my standard user, I tried removing it and adding it again, but the problem still remains. I can't understand why my user seems locked out. Note it's just VPN affected. Remote desktop and network folders are available for that user. Did the EAP- login somehow lock that user out from VPN without it? Note enabling EAP again doesn't work either for the user.

    The error code given below. The same error code is given regardless if entering wrong password, trying to connect while the user was removed or when all settings are correct.

    Error 812: The connection was prevented because of a policy configured on your RAS/VPN server. Specifically, the authentication method used by the server to verify your username and password may not match the authentication method configured in your connection profile. Please contact the Administrator of the RAS server and notify them of this error.

    Would appreciate any suggestions! It's not the biggest of problems as I can just set a new user only to have VPN access but I still want to solve this...
    Last edited by nisse99; 9th July 2016, 16:47.

  • #2
    Fixed by simple disabling and reenabling the vpn in the dashboard users. I don't really understand how this worked as I had removed the user from the vpn access group in ad and readded before, and deleted the whole user and readded before to no success. Seems to have been some lock in situation that was fixed by probably the most easy solution of them all!