Solved

VPN error 812 when using Smartcard certificate with TMG

Posted on 2012-03-09
1
1,471 Views
Last Modified: 2012-03-26
Hello

Yesterday unexeptedly our VPN connection rejecting logins. The error code:

"
812: The connection was prevented because of a policy configured on your RAS/VPN server. Specifically, the authentication method used by the server to verify your username and password may not match the authentication method configured in your connection profile. Please contact the Administrator of the RAS server and notify them of this error."

We are using Smartcard certificate with L2TP/IPSEC preshared key.


Both MS CHAP2 and EAP Smartcard certificate enabled in NPS.

When users use Username and password the connection was working. But when we use user certificate (which is a deployed configuration):

VPN disconnected with error 812.

In the event log:

EventID 20271
"CoId={ADD905DC-FBCA-4641-BDB4-0181A8ADCD96}: The user Andorn@xxx.hu connected from 195.xxx.xxx.xxx but failed an authentication attempt due to the following reason: The connection was prevented because of a policy configured on your RAS/VPN server. Specifically, the authentication method used by the server to verify your username and password may not match the authentication method configured in your connection profile. Please contact the Administrator of the RAS server and notify them of this error.
"

and EventID 20255:
"
CoId={ADD905DC-FBCA-4641-BDB4-0181A8ADCD96}: The following error occurred in the Point to Point Protocol module on port: VPN2-49, UserName: Andorn@xxx.hu. The connection was prevented because of a policy configured on your RAS/VPN server. Specifically, the authentication method used by the server to verify your username and password may not match the authentication method configured in your connection profile. Please contact the Administrator of the RAS server and notify them of this error.
"


We have also Entry in Security log:

EventID 6274
"
Network Policy Server discarded the request for a user.
...
...
...
Reason:                        The Active Directory global catalog cannot be accessed
"

We traced RAS and attached ppp.log file from windows\tracing

Please help us
Thanks
PPP.LOG
0
Comment
Question by:BajuszP
1 Comment
 
LVL 10

Accepted Solution

by:
simonlimon earned 500 total points
ID: 37705724
Can you check the functioning of the domain controller that is the Global Catalog?
Also check if time is set correctly on the TMG. Also check the System Event Viewer on the TMG for any errors.


Reason:                        The Active Directory global catalog cannot be accessed
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In Africa (and potentially where you live…), reliability of ISPs is questionable.  With the increased reliance on e-mail as one of the primary forms of communication, the costs to business are significant based on interuption of ISP Connectivity.  T…
There are several problems reported according slow link speeds or poor performance in TMG 2010, UAG 2010 or ISA 2006. I want to collect here some of the common issues together to give a brief overview what can be the reason. Nevertheless, not all of…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question