rras-error1

Random VPN Error 812 Solved

For the past 6 months I have been periodically receiving an error connecting to one of our VPN servers of:

Error 812: The connection was prevented because of a policy configured on your RAS/VPN server. Specifically, the authentication method used by the server to verify your username and password may not match the authentication method configured in your connection profile. Please contact the Administrator of the RAS server and notify them of this error.

rras-error1

This error occured on both Windows 7 and Window 8 workstations, but only periodically, and most frequently after a disconnect has occurred and the user is trying to reconnect to the VPN.  Sometimes starting and stopping RRAS on the server will resolve the issue, sometimes rebooting the RRAS server will resolve it, and other times simply trying again an hour later will result in success.  I did some searching on the Internet, but virtually all of the resolutions for this issue are related to setup or configuration problems that would result in the VPN either consistently working or not-working for a specific workstation, not a random occurrence of this error.  I tried changing a number of the NPS policies, since the error seemed to point to an NPS issue, but this did not resolve the problem.

nps screen

Eventually I was able to isolate the issue to a periodic problem with the RRAS server not being able to connect to the Active Directory server for account authentication.  One of the reason codes occasionally generated in the security event log was:

The Network Policy Server was unable to connect to a domain controller in the domain where the account is located. Because of this, authentication and authorization for the RADIUS request could not be performed.

The cause of the problem ended up being very simple:  The primary DNS of the RRAS server was no longer pointing at the domain controller.  Changing the primary DNS to the domain controller and setting the secondary DNS to an external server (the primary google 8.8.8.8 DNS in this case) eliminated the issue.

In case you are having error 812 problems consistently here are some additional links on other common configuration issues:

http://blogs.technet.com/b/rrasblog/archive/2009/08/12/troubleshooting-common-vpn-related-errors.aspx

http://social.technet.microsoft.com/Forums/windowsserver/en-US/f17ec934-821c-4fe7-bb44-679bdf0e4ad3/2012-essentials-vpn-error-812-rasvpn-authentication-method?forum=winserveressentials

 

 

8 Responses to Random VPN Error 812 Solved

  1. Gopi June 17, 2014 at 4:54 pm #

    Thank You for the tip.

    although this method did not work for me.

    i deleted the RADIUS Client in the NPS server and deleted the NPS RADIUS server in the Radius client and re-tried and it worked. I’m using MS Routing and Remote Access as a Radius Client.

    Thanks

  2. Ion January 7, 2015 at 5:54 am #

    Setting the primary DNS of the VPN to the one of AD server and secondary DNS to an external one, solved the problem for me. Thank you a lot!

  3. Bob March 23, 2015 at 7:57 am #

    You shouldn’t set the secondary DNS server to anything other than another Internal DNS server.

    You should use forwarders or Root Hints to find things outside of your network.

    • Doug Wardrope May 31, 2016 at 3:00 pm #

      Andreas – that Dial in AD attribute set to “allow” was my issue, thank you!

  4. Nick Klotz September 30, 2016 at 1:39 pm #

    I’m having the same problem. So far everything i’ve tried has failed. This contains:

    1. Setting the user to dial In as allowed
    2. Setting the network policies to allow VPN connections
    3. Changing the raidus client policy to allow connection through remote Desktop.

  5. vpnreview June 29, 2017 at 7:35 am #

    I had reslove it by read this https://itday.com/vpn/best-vpn-services-of-2017/

  6. Anonymous July 25, 2017 at 10:42 pm #

    Thank you, this was driving me crazy!!!

Leave a Reply

Powered by WordPress. Designed by WooThemes