VPN error 812 when using Smartcard certificate with TMG

Hello

Yesterday unexeptedly our VPN connection rejecting logins. The error code:

"
812: The connection was prevented because of a policy configured on your RAS/VPN server. Specifically, the authentication method used by the server to verify your username and password may not match the authentication method configured in your connection profile. Please contact the Administrator of the RAS server and notify them of this error."

We are using Smartcard certificate with L2TP/IPSEC preshared key.


Both MS CHAP2 and EAP Smartcard certificate enabled in NPS.

When users use Username and password the connection was working. But when we use user certificate (which is a deployed configuration):

VPN disconnected with error 812.

In the event log:

EventID 20271
"CoId={ADD905DC-FBCA-4641-BDB4-0181A8ADCD96}: The user Andorn@xxx.hu connected from 195.xxx.xxx.xxx but failed an authentication attempt due to the following reason: The connection was prevented because of a policy configured on your RAS/VPN server. Specifically, the authentication method used by the server to verify your username and password may not match the authentication method configured in your connection profile. Please contact the Administrator of the RAS server and notify them of this error.
"

and EventID 20255:
"
CoId={ADD905DC-FBCA-4641-BDB4-0181A8ADCD96}: The following error occurred in the Point to Point Protocol module on port: VPN2-49, UserName: Andorn@xxx.hu. The connection was prevented because of a policy configured on your RAS/VPN server. Specifically, the authentication method used by the server to verify your username and password may not match the authentication method configured in your connection profile. Please contact the Administrator of the RAS server and notify them of this error.
"


We have also Entry in Security log:

EventID 6274
"
Network Policy Server discarded the request for a user.
...
...
...
Reason:                        The Active Directory global catalog cannot be accessed
"

We traced RAS and attached ppp.log file from windows\tracing

Please help us
Thanks
PPP.LOG
BajuszPAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

simonlimonCommented:
Can you check the functioning of the domain controller that is the Global Catalog?
Also check if time is set correctly on the TMG. Also check the System Event Viewer on the TMG for any errors.


Reason:                        The Active Directory global catalog cannot be accessed
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Forefront ISA Server

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.