Hi,
We've configured an always on vpn environment with NPS proxies, NPS radius servers, and AOVPN servers.
We're connecting the AOVPN manually from our Win10 client machines (mix 1709/1909) >> will be upgraded to 1909 soon.
The strange thing is that the first time(s) we start the VPN connection after a reboot of the Win10, we're unable to connect :
Win10 :
The connection was prevented because of policy configured on your RAS/VPN server.
Specifically... the authentication method used by the server...
event 20227 :
CoId={C00A8050-6FBA-4AF5-8594-A13860D9842F}: The user domain\user1 dialed a connection named AlwaysOnVPN which has failed. The error code returned on failure is 812.
On the NPS Proxy we get :
event 6274
Network Policy Server discarded the request for a user.
Account Session Identifier:333031
Reason Code: 117
Reason: The remote RADIUS (Remote Authentication Dial-In User Service) server did not respond.
On the RADIUS :
Account Session Identifier:333031
Reason Code: 96
Reason: Authentication failed due to an EAP session timeout; the EAP session with the access client was incomplete.
The strange thing is that this happens 1, 2 or max 3 times when manually connecting, and then connections are created correctly. Even disconnect/reconnect is working right away afterwards.
To be sure I already configured FRAMED-MTU : https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc771164(v=ws.10)?redirectedfrom=MSDN
I also raised the timeouts on the NPS (doubled the default values)
But no luck..
We've configured an always on vpn environment with NPS proxies, NPS radius servers, and AOVPN servers.
We're connecting the AOVPN manually from our Win10 client machines (mix 1709/1909) >> will be upgraded to 1909 soon.
The strange thing is that the first time(s) we start the VPN connection after a reboot of the Win10, we're unable to connect :
Win10 :
The connection was prevented because of policy configured on your RAS/VPN server.
Specifically... the authentication method used by the server...
event 20227 :
CoId={C00A8050-6FBA-4AF5-8594-A13860D9842F}: The user domain\user1 dialed a connection named AlwaysOnVPN which has failed. The error code returned on failure is 812.
On the NPS Proxy we get :
event 6274
Network Policy Server discarded the request for a user.
Account Session Identifier:333031
Reason Code: 117
Reason: The remote RADIUS (Remote Authentication Dial-In User Service) server did not respond.
On the RADIUS :
Account Session Identifier:333031
Reason Code: 96
Reason: Authentication failed due to an EAP session timeout; the EAP session with the access client was incomplete.
The strange thing is that this happens 1, 2 or max 3 times when manually connecting, and then connections are created correctly. Even disconnect/reconnect is working right away afterwards.
To be sure I already configured FRAMED-MTU : https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc771164(v=ws.10)?redirectedfrom=MSDN
I also raised the timeouts on the NPS (doubled the default values)
But no luck..