Windows 10 won't connect to RRAS VPN

11,009

As you already stated, you have to make sure that protocol settings, encryption, and authentication settings all match.

When you are sure everything is alright, there is one more thing I had quite often in Microsoft RRAS configurations: The RRAS server will ask Active Directory about the authentication and sometimes, Windows "thinks" it is not on a domain network anymore (check network and sharing center about the network profile). Most of the times it is a DNS problem you have to fix, but I also had cases where I did not see anything wrong and disabling/re-enabling the internal network adapter of the RRAS server solved the problem.

If it is due to incompatible encyrption settings check the correct server (RRAS server if you do not use NPS, NPS server if you do use NPS) policies. Always go for highest encryption standard possible.

Also check that your firewall you might have in between does not block your VPN protocol(s).

Share:
11,009

Related videos on Youtube

Zach85
Author by

Zach85

Updated on September 18, 2022

Comments

  • Zach85
    Zach85 about 1 year

    Studying MCSA, currently working on a Server 2012 R2 server lab I have set up on a custom built computer.

    Current configuration, I have a host computer that is just that, a host, with RRAS installed for internal network (which I call my virtual office) to be able to reach the internet.

    In my VIRTUAL OFFICE (via Hyper-V):

    I have a DC server set up with Active Directory, DNS and DHCP and a few client computers (mix of Win 7 and 8), all connected with internal switch. I also have an NPS server with two network connections, one to the internal network and an external connection straight to my home router that connects to the ISP.

    It took me hours as this is my first time, but I was able to successfully set up a PPTP VPN connection and test it with my physical laptop connected through my cellphone's mobile hot-spot. Configurations are through RRAS and NPS.

    I then deleted my nps/vpn server and deleted the vpn connection on my laptop to set everything up again for experience. Then the problems started. I can get authenticated to the RRAS and I can see my connection in the RRAS console, but on the laptop it gets stuck on "creating a connection" for 10-15 and then disconnects. Event viewer on server gives me an error about encryption. I've restarted back to scratch (delete and reinstall server) several times and I always get stuck at this point. I've gone as far as taking 30 minutes to slowly go through every setting on both the laptop and server to make sure it matches. I've even removed any form of encryption for unsecured connection and still failed.

    I am lost here. Any ideas? I can't remember the error code in event viewer, will get that tomorrow

    • Admin
      Admin over 6 years
      EDIT: I have once again reset the server back to after it was originally installed. Going to give this another try this morning before I need to head to work. In addition, the error message in Event Viewer is 20255. Don't remember exactly word for word and forgot to copy it before resetting the server, but it had to do with the remote computer (I'm assuming my laptop) not accepting the encryption or something like that
    • Admin
      Admin over 6 years
      LAST UPDATE: after activating NPS, I am connected to my VPN via mobile hotspot to post this update. It seems that patience is a virtue when running these kinds of settings. and just my luck, using checkpoints along the way seem to have upped my chances of this working this time. Thanks everyone who has helped along the way
  • Zach85
    Zach85 over 6 years
    I have ports 1723 and 47 both open for PPTP and GRE. As for DNS... I have the internal adapter assigned with a reserved address from DHCP, and it's DNS is set to the DC that has DNS enabled. For my external adapter, I have a static IP address with the gateway pointed to the physical router that connects to my ISP. But, for DNS, I've been going back and forth between using the DNS on my DC and the physical router. Both are on separate subnets. My home network is on the 192.168.1.0 network while my virtual network is 192.168.10.0 network.
  • Daniel S. Gurrola II
    Daniel S. Gurrola II over 6 years
    Have you done any packet traces? I am not sure I am following the packet path here. VPN Client device (physical) ---> Client device's WAN Network (mobile) --> HOST WAN Router's ISP --> HOST WAN Router --> Host (physical) passes to RRAS server (virtual) via Hyper-V virtual switch. If I find some time I will look at this and see if I can ping back. Sorry that did not work out for you.
  • Zach85
    Zach85 over 6 years
    After spending extra time to make sure the RRAS settings were absolute and being successful with that, I've activated NPS and guess what... I'm posting this comment through my VPN via my laptop connected to my mobile hotspot. Authenticated and passed encryption test, I am in a tunnel! Finally excited to have this working again. Thanks for the suggestions. Could you tell me though, when you say "packet trace", are you talking like using WireShark or something?
  • Zach85
    Zach85 over 6 years
    I have done some fiddling around with WireShark before, but you're right, it can get complicated. Once I get my MCSA, I will focus on tools like WireShark that will help me whenever I get into a SysAdmin position, hopefully in the near future :) Thanks again for your help!
  • Klaus
    Klaus over 6 years
    it is very easy to screw something up in NPS ;)
  • Klaus
    Klaus over 6 years
    First, make sure your policy actually hits - check order on connection request and network policies. Then, check all the tabs in your network policy for compatibility with your client. from your error message, i assume the problem lies in encryption settings in settings tab. Just select 'strongest' only which is best practise anyway