J
Jordan4501
Hello,
I've followed this guide to the exact specifications, and everything was going well until I actually tried to connect with a client. I get "13801: IKE credentials are unacceptable" when I try to connect. This doesn't give a lot of detail, so I looked at the event viewer on the VPN server, and saw the following error:
CoId={DB9815D5-DABB-5E2C-F8A5-0E8B88259632}: The following error occurred in the Point to Point Protocol module on port: VPN2-127, UserName: <Unauthenticated User>. Negotiation timed out
I'm assuming this error means that the VPN server was unable to get a response from the NPS/RADIUS server before the timeout?
I've tried everything I can think of, and that I can find online:
- ensured VPN server certificate has "server authentication" EKU
- ensured certificates are valid on client, VPN server, and NPS server
- ensured client, VPN server, and NPS server all have trusted root certificate from the DC (CA administrator)
- ensured the VPN server name on client matches the VPN server certificate's subjectName
- ensured appropriate port (1812, for RADIUS authentication) is open on VPN server and NPS server
- ensured NPS server is reachable (ping-able) from VPN server
So, now I'm out of ideas. Can anyone provide some advice on how to resolve this timeout error?
Continue reading...
I've followed this guide to the exact specifications, and everything was going well until I actually tried to connect with a client. I get "13801: IKE credentials are unacceptable" when I try to connect. This doesn't give a lot of detail, so I looked at the event viewer on the VPN server, and saw the following error:
CoId={DB9815D5-DABB-5E2C-F8A5-0E8B88259632}: The following error occurred in the Point to Point Protocol module on port: VPN2-127, UserName: <Unauthenticated User>. Negotiation timed out
I'm assuming this error means that the VPN server was unable to get a response from the NPS/RADIUS server before the timeout?
I've tried everything I can think of, and that I can find online:
- ensured VPN server certificate has "server authentication" EKU
- ensured certificates are valid on client, VPN server, and NPS server
- ensured client, VPN server, and NPS server all have trusted root certificate from the DC (CA administrator)
- ensured the VPN server name on client matches the VPN server certificate's subjectName
- ensured appropriate port (1812, for RADIUS authentication) is open on VPN server and NPS server
- ensured NPS server is reachable (ping-able) from VPN server
So, now I'm out of ideas. Can anyone provide some advice on how to resolve this timeout error?
Continue reading...