20,212 questions
The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 88%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESC%3C/text%3E%3C/svg%3E)
Sebastian Cerazy
321
Reputation points
I have completely mad situation
AlwaysON VPN on Server 2019, configured for both iKEv2 & SSTP with user certificates authentication via NPS (AD group membership). SSL certificate is issued by commercial CA (it is fine because all works sometimes)
iKEv2 always work, never fails (unless client has some ISP/router connectivity problems that prevent iKE protocol)
SSL VPN (SSTP) used to work and since few weeks I can see it working one day but not next (same client), then again starts working & works fine for few days and again goes off (no changes happen on the server, not even reboot)
On the client I can see in logs:
`CoId={ADF6FFFD-330F-0001-2FAA-FEAD0F33D901}: The user machine\user dialed a connection named AO which has failed. The error code returned on failure is -2147014836.
CoId={ADF6FFFD-330F-0001-2FAA-FEAD0F33D901}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again.
A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.`
On the VPN server log states:
CoId={752D3057-CBE3-5326-112D-82F585B1672D}: The following error occurred in the Point to Point Protocol module on port: VPN2-160, UserName: <Unauthenticated User>. The connection was prevented because of a policy configured on your RAS/VPN server. Specifically, the authentication method used by the server to verify your username and password may not match the authentication method configured in your connection profile. Please contact the Administrator of the RAS server and notify them of this error.
The request never even gets to the NPS server to authenticate!
I would be fine if it never worked, or even better if it always worked, but the on / off is just mad. How can I explain it to the users that need it?
Anybody any ideas?
Seb
Windows for business | Windows Server | User experience | Other
Sign in to answer