billhicksghostMemberOct 15, 2015 at 8:07 am #165874
I’m having a really strange problem with a RRAS-NPS Server. I’m hoping someone out there can point me in the right direction. We are using RRAS and NPS to connect to a SSTP VPN. We have two separate RRAS servers in two separate AD sites. One of the servers works fine, the other is where we have the problem.
When we connect from the client side we see the following error
“The connection was prevented because of a policy configured on your RAS/VPN server. Specifically, the authentication method used by the server to verify your username and password may not match the authentication method configured in your connection profile. Please contact the Administrator of the RAS server and notify them of this error.”
The only authentication method we have selected on both client and server side is MSCHAP-V2. Checking the security logs on the RRAS server shows the following:
The Network Policy Server was unable to connect to a domain controller in the domain where the account is located. Because of this, authentication and authorization for the RADIUS request could not be performed.
Now, the RRAS server is in the same IP subnet as the domain controllers so that should rule out any firewall or port problems. The IP settings on the RRAS Ethernet adapter has the primary and secondary DCs set as DNS Servers.
There are no problems visible on either DC, dcdiag reports no errors and replication is working fine.
Currently we are having to use Radius to bounce the authentication over to the RRAS server in the seperate site to authenticate. The network policy server is registered in Active Directory, all servers are running Server 2012R2.
I ran a network monitor trace and I can see when the VPN connection is initiated the DCs respond with EPT_S_NOT_REGISTERED.
Also, if I logon to the RRAS server first and then initiate a VPN connection using the same account it works.
This happens sporadically and usually reoccurs after a windows update and reboot cycle. In the past this has been resolved by rebooting the domain controllers, however this hasnt helped this time.
Any help would be much appreciated.
You must be logged in to reply to this topic.