This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 82%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWZ%3C/text%3E%3C/svg%3E)
I'm working on piloting always on vpn. Currently I have a RAS server setup and a separate server with NPS set up for authentication. I'm at the point where I need to verify if the client can connect successfully and access the network before moving on to connection profiles to deploy.
On the client side the client has a proper certificate and is set to use EAP to authenticate. On the RAS side RADIUS is set to send to the NPS server where a network policy is set up for EAP. I am able to get the client to connect to the RAS server, but the client workstation has no internet access and cannot access or ping an internal resource when connected. On the RAS server I receive the following warning:
Event ID 20271
The user [username] connected from [ip address] but failed an authentication attempt due to the following reason: the connection was prevented because of a policy configured on your RAS/VPN server. Specifically, the authentication mentod used by the server to verify your username and password may not match the authentication method configured in your connection profile. Please contact the admin off the RAS server and notify them of this error.
Looking in the NPS logs on the RADIUS server, I'm not seeing any authentication failures. I'm scratching my head on this one. I'm sure this might be a configuration issue, but I don't see how it could be authentication if the connection is succeeding and there are no errors in NPS.