I have a few users on Windows 10 who all reported they were unable to connect to their VPN after Thursday’s Windows update. Mine still works, and I didn’t apply the update.
I noticed that in the authentication options I use “General Authentication Method” which has now disappeared, only allowing them to select username and password.
The error you get when trying to connect is:
The remote connection was denied because the user name and password combination you provided is not recognized, or the selected authentication protocol is not permitted on the remote access server
Check the security settings on the adapter options. I’ve found that after major updates Microsoft resets the authentication setting to MS-CHAP v2 instead of PAP
I find if you go back into the gui and force the encryption to required that it then goes back to general authentication. The update may have reset this and it might be a trend going forward.
You can’t make that change through powers he’ll do if they’ve stopped you doing it through the gui then Meraki is going to need to update its client vpn quick style.
Windows Error 809
If this error appears, the Event Log won’t have any relevant logs, as the traffic doesn’t reach the MX’s WAN interface.
Possible causes and solutions:
Client behind NAT devices
Solution: Modern Windows devices do not support L2TP/IPsec connections when the Windows computer or VPN server are located behind a NAT. If the Windows VPN client fails with Error 809 when trying to establish a VPN connection to an MX located behind a NAT, add the “AssumeUDPEncapsulationContextOnSendRule” DWORD value to the Windows registry. This DWORD value allows Windows to establish security associations when both the VPN server and the Windows based VPN client computer are behind NAT devices.
Note that after creating this key you will need to reboot the machine. For more information, reference the Microsoft Support Knowledge Base.
Note: Some third party network programs can also Windows Error 809 to occur. SmartByte is one such program known to cause this issue. Disabling the program should resolve the issue and allow the VPN to connect.
Yup. This all the way. Or restart again. It seems to get stuck in Windows and requires a restart to connect again. That’s usually a different error though.
