Error 812 when connecting to Windows Server 2008 R2 VPN

We recently took over a network where the previous in-house IT guy was fired.  He was unbecoming of any credentials, so we've had to reset devices or crack passwords in order to be able to administer properly.

The site was using a Sonicwall TZ215 to act as a VPN server.  I've given up on getting that to work--the Sonicwall Global VPN client appears to connect but then throws an error.  (I don't remember what but it doesn't matter since I've scrapped it anyway.)  I also tried to configure the TZ215's SSL VPN which I seemed to make progress on, until I realized that I couldn't find anywhere to download the Sonicwall VPN client.

So I defaulted to the lowest common denominator--the Windows Server '08 R2 VPN server.  I started out by trying to fix the existing RRAS configuration, but eventually gave up on that.  I deleted all of the existing NPS policies (Server Manager -> Roles -> Network Policy and Access -> NPS -> Policies -> Network Policies -> delete everything under Policy Name), disabled RRAS so it would delete its settings (Server Manager -> Roles -> Routing and Remote Access -> right click and Disable Routing and Remote Access), and then I uninstalled RRAS and NPS and rebooted the server.  

I reinstalled RRAS using one of the many how-tos on the internet.  Some of the specified installing NPS; others didn't.  Most recently, I used this one which did not include NPS:

When I attempt to connect via the (internal local Windows 7 Pro) client, I get Error 812: The connection was prevented because of a policy configured on your RAS/VPN server.  Specifically, the authentication method used by the server to verify your username and password may not match the authentication method configured in your connection profile.

I have disabled the firewall on the server for testing purposes.  

I am using the administrator account for testing.  I have gone to ADUC -> Administrator properties -> Dial-in tab -> Network Access Permission -> Allow Access is bulleted.  

When I check the Event Viewer, I see EventID 20258 – “The account for user \domain\administrator connected on port VPN3-127 does not have Remote Access privilege.  The line has been disconnected.”

I created a new user called admintest and it gets the same error in the event log.  

I’ve gone to Computer -> Properties -> Remote Settings -> Remote tab.  The bullet is next to Allow connections from computer running any version of Remote Desktop.  Under Select Users, I have verified that administrator and admintest are listed.  

I am out of ideas.  Please advise.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Gajendra RathodSr. System AdministratorCommented:
Configure VPN on Sonicwall  TZ 215

You can download NetExtender after login using using HTTPS and either the IP address and port or URL and port to access the Virtual Office VPN connect site
SINC_dmackAuthor Commented:
Gajendra, I have seen that link (and quite a few on how to configure the SSL VPN on the TZ215) but I don't understand where to install the NetExtender client.  

You say "You can download NetExtender after login using using HTTPS and either the IP address and port or URL and port to access the Virtual Office VPN connect site" but I have no idea what the IP address or port or URL are for the Virtual Office VPN connect site.
SINC_dmackAuthor Commented:
It appears that even though I deleted the NPS policies and removed the NPS role, when I reinstalled the RRAS role, NPS came right back.  (Or maybe it was never gone to begin with.)
There don't appear to be any policies, however.
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

Gajendra RathodSr. System AdministratorCommented:
Please check this link

Log out of your Network Security Appliance administration panel to return to the login page.
Click the link in the lower right-hand corner of the dialog that points you to the SonicWALL Virtual Office.
Enter the user name and password you entered and click "Login" to access the SonicWALL Virtual Office.
Download and install the provided NetExtender application.
Double-click the NetExtender icon in your system tray once the installation is complete.

You need to install NetExtender on client machine.
SINC_dmackAuthor Commented:
Hi Gajendra, I logged out of the TZ215, but there's no Sonicwall Virtual Office link at the login page.  I also logged in and browsed through the menus (not too closely, but I did check the VPN and SSL VPN menu trees) but didn't see any mention of the Virtual Office.

SINC_dmackAuthor Commented:
We've got a few TP-Link VPN routers on hand and they support LAN to LAN VPN as well as Client to LAN VPN.  We've already used the LAN to LAN VPN with positive results, so I decided to try out the Client to LAN VPN.  In this case, I used a TL-ER604W.   TP-Link has a detailed step-by-step guide available here:  It even includes links and setup steps for two VPN clients, one of which is the free Shrew Soft VPN client.  The TP-Link only supports the client authenticating against the router itself, so there is no there is no Active Directory integration.  I'll have to configure a separate tunnel for each user (in order to keep their credentials separated), but that's not a big deal as there are only a handful of users that need VPN access.

Following the instructions in the PDF, I was able to create and connect a VPN from my laptop to the TL-ER604W.  I could ping the IP address of a computer on the TL-ER604W's network and browse to its shares via its IP address--the only thing that didn't work was browsing to the computer by name, and I'm aware of the DNS issue that's preventing that from working.  So at this point, I am going to propose to the client that we scrap the Sonicwall in favor of the TL-ER604W and user the TP-Link's VPN connectivity.  

I appreciate the assistance.  I'll leave this open for a few more days in case anyone has any magical solutions for my Windows or Sonicwall VPN connection issues but if not, I'll mark this as the answer.  Thanks!

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SINC_dmackAuthor Commented:
My solution resolved the problem, but it didn't fix it using the existing hardware or software, so I feel like I sort of cheated.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.