Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2577
Views
1
Helpful
5
Replies

Windows VPN client fails to connect

infologicit
Level 1
Level 1

‎09-30-2021 06:40 AM

I have an existing Windows 2012 Server with RRAS setup and working. I have installed the Duo Authentication Proxy on the server and configured it to use Active Directory as my primary authenticator. I have created a test user and set Network Access Permission to “Allow Access” on the Dial-in tab of the user account’s properties.

The test user successfully connected through RRAS before I started the Duo setup. I have made no changes to Network Policy Server, it is as it came, out of the box. I changed the authentication protocol, on my VPN connection, from MS-CHAP v2 to PAP and I noticed that the type of sign in has automatically changed from “Username and Password” to “General Authentication Method”.

I followed Duo’s knowledgebase article for setting up Microsoft RRAS. I manually created a user in my Duo account with the same username is my AD user.

I have run the Duo Authentication Proxy Connectivity Tool and it reports no errors however when I try to connect I receive the error “The connection was prevented because of a policy configured on your RAS/VPN server. Specifically, the authentication method used by the server to verify your username and password may not match the authentication method configured in your connection profile. Please contact the Administrator of the RAS server and notify them of this error.”

Can anybody suggest how to troubleshoot this issue to determine why the VPN connection is failing?

Thanks

David

Labels:
0 Helpful
5 Replies 5

Amy2
Level 5
Level 5

‎09-30-2021 12:50 PM

Hi there! Please take a look at the responses in this thread for help with this issue. Let me know if you have any additional questions

0 Helpful

infologicit
Level 1
Level 1
In response to Amy2

‎09-30-2021 02:29 PM

Hi @Amy thank you for reply. I had already seen the thread you referred to, and your suggested solution, and confirmed that my RRAS client connection profile was set to use the “General authentication method” rather than the “Username and password method”.

0 Helpful

Amy2
Level 5
Level 5
In response to infologicit

‎10-01-2021 07:10 AM

Thank you for clarifying that! I misread that portion of your initial post. Is your configuration set to use port 1812? It’s possible that could be causing the issue. I found a similar support case that states if you’re running an NPS, you won’t be able to use port 1812 because the NPS consumes all radius traffic by default.
Your best bet for solving this though would be to work with the Duo Support team, as they can take a look at your exact configuration and make recommendations or walk you through the steps to troubleshoot and solve for any issues you’re experiencing. I hope that helps!

0 Helpful

infologicit
Level 1
Level 1

‎10-08-2021 06:02 AM

Thanks @Amy I spoke to Duo support who provided some guidance on configuring Duo Authentication Proxy when installed on a server running RRAS, although they did advise it was unsupported. I couldn’t get it to work so moved Duo Authentication Proxy to a second server, tweaked the config for the new server and that fixed it!

Thanks for the advice.

Amy2
Level 5
Level 5
In response to infologicit

‎10-08-2021 06:57 AM

Great, I am glad you were able to find a solution that worked for you!

0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents