I´m piloting VPN Always ON solution on Windows 10. Previously I had only VPN Server 2016 running without NPS and everything was working (I used MS Chap v2 + IKEv2). This solution was not secure enough and certificates didn´t matter, only the user account.
Okay, now I got NPS installed on my other DC and the client/server refuses to connect with the error: The connection was prevented because of a policy configured on your ras/vpn server
Troubleshoting I already made;
- Firewall is off everywhere
- Double checked the security configurations from Whitepaper on W10 Client, VPN server and on NPS server to matchMicrosoft Protected EAP (PEAP)
- Certificates are not expired
- Re-created VPN profile manually on W10, (tried with sign-in info=Certificate or User & Password).
Whitepaper was located somewhere here before:
https://docs.microsoft.com/en-us/windows-server/remote/remote-access/vpn/always-on-vpn/deploy/always-on-vpn-deploy-deployment
I´m good with RRAS but NPS is new for me.
MCSE Mobility 2018. Expert on SCCM, Windows 10 and MBAM.