I have an existing Windows 2012 Server with RRAS setup and working. I have installed the Duo Authentication Proxy on the server and configured it to use Active Directory as my primary authenticator. I have created a test user and set Network Access Permission to “Allow Access” on the Dial-in tab of the user account’s properties.
The test user successfully connected through RRAS before I started the Duo setup. I have made no changes to Network Policy Server, it is as it came, out of the box. I changed the authentication protocol, on my VPN connection, from MS-CHAP v2 to PAP and I noticed that the type of sign in has automatically changed from “Username and Password” to “General Authentication Method”.
I followed Duo’s knowledgebase article for setting up Microsoft RRAS. I manually created a user in my Duo account with the same username is my AD user.
I have run the Duo Authentication Proxy Connectivity Tool and it reports no errors however when I try to connect I receive the error “The connection was prevented because of a policy configured on your RAS/VPN server. Specifically, the authentication method used by the server to verify your username and password may not match the authentication method configured in your connection profile. Please contact the Administrator of the RAS server and notify them of this error.”
Can anybody suggest how to troubleshoot this issue to determine why the VPN connection is failing?