Solved

VPN error 812 when using Smartcard certificate with TMG

Posted on 2012-03-09
1
1,470 Views
Last Modified: 2012-03-26
Hello

Yesterday unexeptedly our VPN connection rejecting logins. The error code:

"
812: The connection was prevented because of a policy configured on your RAS/VPN server. Specifically, the authentication method used by the server to verify your username and password may not match the authentication method configured in your connection profile. Please contact the Administrator of the RAS server and notify them of this error."

We are using Smartcard certificate with L2TP/IPSEC preshared key.


Both MS CHAP2 and EAP Smartcard certificate enabled in NPS.

When users use Username and password the connection was working. But when we use user certificate (which is a deployed configuration):

VPN disconnected with error 812.

In the event log:

EventID 20271
"CoId={ADD905DC-FBCA-4641-BDB4-0181A8ADCD96}: The user Andorn@xxx.hu connected from 195.xxx.xxx.xxx but failed an authentication attempt due to the following reason: The connection was prevented because of a policy configured on your RAS/VPN server. Specifically, the authentication method used by the server to verify your username and password may not match the authentication method configured in your connection profile. Please contact the Administrator of the RAS server and notify them of this error.
"

and EventID 20255:
"
CoId={ADD905DC-FBCA-4641-BDB4-0181A8ADCD96}: The following error occurred in the Point to Point Protocol module on port: VPN2-49, UserName: Andorn@xxx.hu. The connection was prevented because of a policy configured on your RAS/VPN server. Specifically, the authentication method used by the server to verify your username and password may not match the authentication method configured in your connection profile. Please contact the Administrator of the RAS server and notify them of this error.
"


We have also Entry in Security log:

EventID 6274
"
Network Policy Server discarded the request for a user.
...
...
...
Reason:                        The Active Directory global catalog cannot be accessed
"

We traced RAS and attached ppp.log file from windows\tracing

Please help us
Thanks
PPP.LOG
0
Comment
Question by:BajuszP
1 Comment
 
LVL 10

Accepted Solution

by:
simonlimon earned 500 total points
ID: 37705724
Can you check the functioning of the domain controller that is the Global Catalog?
Also check if time is set correctly on the TMG. Also check the System Event Viewer on the TMG for any errors.


Reason:                        The Active Directory global catalog cannot be accessed
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
TMG 2010 ISP Redudancy 29 976
SFTP Behind ISA 2000 22 562
Issue with ISA 2006 Automatic Detection 5 632
TMG Firewall website policy 2 160
I have been asked to explain on many, many occasions the correct way to setup network cards and DNS settings on ISA Server 2004, 2006 and forefront Threat management gateway (FTMG) and have willing done so. I have also promised my self everytime tha…
In Africa (and potentially where you live…), reliability of ISPs is questionable.  With the increased reliance on e-mail as one of the primary forms of communication, the costs to business are significant based on interuption of ISP Connectivity.  T…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now