VPN error 812 when using Smartcard certificate with TMG

Hello

Yesterday unexeptedly our VPN connection rejecting logins. The error code:

"
812: The connection was prevented because of a policy configured on your RAS/VPN server. Specifically, the authentication method used by the server to verify your username and password may not match the authentication method configured in your connection profile. Please contact the Administrator of the RAS server and notify them of this error."

We are using Smartcard certificate with L2TP/IPSEC preshared key.


Both MS CHAP2 and EAP Smartcard certificate enabled in NPS.

When users use Username and password the connection was working. But when we use user certificate (which is a deployed configuration):

VPN disconnected with error 812.

In the event log:

EventID 20271
"CoId={ADD905DC-FBCA-4641-BDB4-0181A8ADCD96}: The user Andorn@xxx.hu connected from 195.xxx.xxx.xxx but failed an authentication attempt due to the following reason: The connection was prevented because of a policy configured on your RAS/VPN server. Specifically, the authentication method used by the server to verify your username and password may not match the authentication method configured in your connection profile. Please contact the Administrator of the RAS server and notify them of this error.
"

and EventID 20255:
"
CoId={ADD905DC-FBCA-4641-BDB4-0181A8ADCD96}: The following error occurred in the Point to Point Protocol module on port: VPN2-49, UserName: Andorn@xxx.hu. The connection was prevented because of a policy configured on your RAS/VPN server. Specifically, the authentication method used by the server to verify your username and password may not match the authentication method configured in your connection profile. Please contact the Administrator of the RAS server and notify them of this error.
"


We have also Entry in Security log:

EventID 6274
"
Network Policy Server discarded the request for a user.
...
...
...
Reason:                        The Active Directory global catalog cannot be accessed
"

We traced RAS and attached ppp.log file from windows\tracing

Please help us
Thanks
PPP.LOG
BajuszPAsked:
Who is Participating?
 
simonlimonConnect With a Mentor Commented:
Can you check the functioning of the domain controller that is the Global Catalog?
Also check if time is set correctly on the TMG. Also check the System Event Viewer on the TMG for any errors.


Reason:                        The Active Directory global catalog cannot be accessed
0
All Courses

From novice to tech pro — start learning today.