Azure Radius Point to Site VPN

Question

Azure Radius Point to Site VPN

Greg Thomas 121

Hi,

I've been following a number of walkthroughs on setting up a Point to Site VPN with Radius in Azure.

We seem to have things setup properly, but our users cannot connect via VPN. Unfortunately, when we check the client logs, we see no errors...

[cmdial32] 9:54:54 03 Pre-Init Event CallingProcess = C:\WINDOWS\system32\rasautou.exe
[cmdial32] 9:55:21 04 Pre-Connect Event ConnectionType = 1
[cmdial32] 9:55:21 06 Pre-Tunnel Event UserName = buser@GuillaumeB .mc Domain = DUNSetting = bfc80066-4b44-4072-bb6b-ab979140f85e Tunnel DeviceName = TunnelAddress = azuregateway-3727CDBA-0436-458C-9216-73A5BC27D215.vpn.azure.com
[cmdial32] 9:57:19 21 On-Error Event ErrorCode = 619 ErrorSource = RAS

This is all we get (NOTE: not the real azuregateway address).

Is there somewhere on the Radius or on the Gateway we can troubleshoot errors?

Currently we have one Radius server up and running with one policy. The Radius server has the IP address of our VPN Gateway configured on it and we have a group of users who are allowed to VPN in.

We have tried with MFA and non-MFA enabled users.

Whereabouts can we go about troubleshooting things?

Thanks.

1 answer

Your answer

Answer 1

GitaraniSharma-MSFT 50,096 Microsoft Employee Moderator

Hello @Greg Thomas ,

Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

I see the below error in the log you provided:
[cmdial32] 9:57:19 21 On-Error Event ErrorCode = 619 ErrorSource = RAS

Error 619 occurs when VPN gateway could not reach RADIUS NPS server. And the cause for this error is NPS firewall actively ignoring local firewall rules (which were configured to accept incoming rules for ports 1812,1813,1645 and 1646).
Check your Firewall rules and make sure the allowed rules are enabled for all profiles. And make sure that the Windows Firewall rules for these ports shows "Any" under the Program column. If it is not "Any", then you could try adding custom rules for the same ports(1812,1813,1645 and 1646) and allow them again in your Firewall. You can also test by disabling the Windows Firewall.

Kindly let us know if the above helps or you need further assistance on this issue.

----------------------------------------------------------------------------------------------------------------

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Greg Thomas 121 Reputation points

2021-05-31T13:45:33.923+00:00

Hi - thanks for the response.

Do I make these changes on the local client that I am connecting with or the RAD server or in the Network Security Group I have monitoring things?

Thank you.
GitaraniSharma-MSFT 50,096 Reputation points Microsoft Employee Moderator

2021-05-31T14:18:37.1+00:00

Hello @Greg Thomas , You need to make the changes in the Windows Firewall of the local Radius server.
Greg Thomas 121 Reputation points

2021-06-01T13:48:39.25+00:00

Hi - These rules were already on our RAD server.

I extended the port rules (inbound) for these ports on my network security group).

Same issue, the VPN tries to connect for 60 seconds, then starts a new connection, no errors in the log.

[cmdial32] 9:36:50 21 On-Error Event ErrorCode = 619 ErrorSource = RAS

Even when I shut down the Windows Firewall on My RAD server (which already had the rules there), I get the same error.

Thanks
GitaraniSharma-MSFT 50,096 Reputation points Microsoft Employee Moderator

2021-06-28T01:28:56.747+00:00

Hello @Greg Thomas ,

Apologies for the delay in response.

This issue would require a deeper investigation, so if you have a support plan, I request you file a support ticket, else please do let us know, we will try and help you get a one-time free technical support.

Thanks,
Gita

Share via

Azure Radius Point to Site VPN

1 answer

Your answer