I’m testing Windows 10 Always on VPN in our environment and I’ve followed the following sites on creating the NPS and certificate templates.
On the NPS server the network policy authentication methods is set to Microsoft: Protected EAP (PEAP) and the EAP type is set to Secured password (EAP-MSCHAP V2)
The client are configured the same.
The VPN fails with the following error on the NPS server
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 2/13/2018 2:41:40 PM
Event ID: 6273
Task Category: Network Policy Server
Level: Information
Keywords: Audit Failure
User: N/A
Computer: NPS.domain.local
Description:
Network Policy Server denied access to a user.
"Reason"No credentials are available in the security package
The error on the VPN is:
Log Name: System
Source: RemoteAccess
Date: 2/13/2018 2:48:57 PM
Event ID: 20255
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: VPN.domain.local
Description:
CoId={108AE838-1D9D-B57F-772F-9C5E930B6E58}: The following error occurred in the Point to Point Protocol module on port: VPN2-127, UserName: <Unauthenticated User>. The connection was prevented because of a policy configured on your RAS/VPN server. Specifically, the authentication method used by the server to verify your username and password may not match the authentication method configured in your connection profile. Please contact the Administrator of the RAS server and notify them of this error.
The connection was prevented because of a policy configured on your RAS/VPN server. Specifically, the authentication method used by the server to verify your username and password may not match the authentication method configured in your connection profile. Please contact the Administrator of the RAS server and notify them of this error
If I change the EAP authentication type to secured password(EAP-MSCHAP v2) then the VPN works