We are using RRAS and NPS to connect to a SSTP VPN. We have two separate RRAS servers in two separate AD sites. One of the servers works fine, the other is where we have the problem.
When we connect from the client side we see the following error
"The connection was prevented because of a policy configured on your RAS/VPN server. Specifically, the authentication method used by the server to verify your username and password may not match the authentication method configured in your connection profile. Please contact the Administrator of the RAS server and notify them of this error."
The only authentication method we have selected on both client and server side is MSCHAPV2. Checking the security logs on the RRAS server shows the following:
The Network Policy Server was unable to connect to a domain controller in the domain where the account is located. Because of this, authentication and authorization for the RADIUS request could not be performed.
Now, the RRAS server is in the same IP subnet as the domain controllers so that should rule out any firewall or port problems. The IP settings on the RRAS Ethernet adapter has the primary and secondary DCs set as DNS Servers.
There are no problems visible on either DC, dcdiag reports no errors and replication is working fine.
Currently we are having to use Radius to bounce the authentication over to the RRAS server in the seperate site to authenticate.
Any help would be much appreciated.
thanks,
Darren