none
L2TP/IPsec VPN Event ID's 20226 20227 20271 20255 RRS feed

  • Question

  • Hello,

    I am on my last lap with a new L2TP VPN server using EAP/PEAP cert auth. At this point the connection is created from the client to the VPN server, it makes it a few steps then closes the connection. The errors below do not compute, at lest to me. The client error has absolutely nothing to do with the server error. I have reviewed the client connection and idle time out is disabled. I have also viewed the NPS connection and network policy and neither has an idle timeout.

    So, this leads me to believe that the error on the VPN Server is the one we really need to be looking at. In NPS I have both the connection policy and the network policy is set to PEAP and Smart Card or Other Certificate, then selected the certificate it should use.

    When I try to connect I get "The Toke Supplied To The Function Is Invalid" on the client VPN connection window.

    Windows Server 2016 Standard

    Event Viewer Info From Client

    Error Event 20227 - CoId={17F2583B-ECD0-4CFE-8E9A-4AA31F24CE1C}: The user domain\user dialed a connection named PEAP VPN which has failed. The error code returned on failure is -2146893048.

    Info Event 20226 - CoId={17F2583B-ECD0-4CFE-8E9A-4AA31F24CE1C}: The user domain\user dialed a connection named PEAP VPN which has terminated. The reason code returned on termination is 828.

    Event Viewer Info From Server

    Warning Event 20271 - CoId={17F2583B-ECD0-4CFE-8E9A-4AA31F24CE1C}: The user user@domain.com connected from 12.0.7.170 but failed an authentication attempt due to the following reason: The connection was prevented because of a policy configured on your RAS/VPN server. Specifically, the authentication method used by the server to verify your username and password may not match the authentication method configured in your connection profile. Please contact the Administrator of the RAS server and notify them of this error

    Error Event 20255 - CoId={NA}: The following error occurred in the Point to Point Protocol module on port: VPN3-127, UserName: user@domain.com. The connection was prevented because of a policy configured on your RAS/VPN server. Specifically, the authentication method used by the server to verify your username and password may not match the authentication method configured in your connection profile. Please contact the Administrator of the RAS server and notify them of this error.

    NPS doesn't seem to like me, I could use some help.

    Thanks,

    Jeff

    Wednesday, May 17, 2017 9:26 PM