Always On VPN non join domain

Marlis Septian Nurhalim 1 Reputation point
2022-01-04T11:51:05.517+00:00

Hello,

So I deploy a Always on VPN on Windows Server 2019.
I follow guidance from this YouTube video
https://www.youtube.com/watch?v=aZ-thDAfuBM&t=2027s

Basically I'm deploying 3 windows server (RAS, NPS, and AD with CA) and all of this server is join domain.
I setting the VPN to use IKE protocol and authenticate to radius server.
I create 2 policy on radius server, first one is authenticate using certificate and the second one is authenticate using user and password only.

For join domain endpoint there's a auto enroll certificate policy and can connect to the VPN seamlessly.
But I have problem to connect VPN for non join domain endpoint.
I've import the client certificate from join domain endpoint and also CA certificate and then export it to non join domain endpoint and setting the VPN like this but not work with the error IKE authentication credentials are unacceptable
https://social.technet.microsoft.com/Forums/en-US/001e8311-37b8-46ae-9d73-96ae690785f2/ikev2peap-for-nondomain-computers?forum=winserverNIS

Can someone give me enlightenment of what could be wrong?

Note:
Both radius policy (using user or certificate for authentication) is tested with join domain endpoint and it works fine.

Windows for business | Windows Client for IT Pros | Networking | Network connectivity and file sharing
Windows for business | Windows Server | User experience | Other
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Limitless Technology 39,926 Reputation points
    2022-01-05T15:02:43.287+00:00

    Hi @Marlis Septian Nurhalim

    The problem occurs if the version of Windows does not have support for IKE fragmentation or the client certificate is missing from Certificates - Current User\Personal\Certificates.

    IKEv2 is supported on Windows 10 and Server 2016. However, in order to use IKEv2, you must install updates and set a registry key value locally. OS versions prior to Windows 10 are not supported and can only use SSTP.

    Here is a link for a detailed description of the process that you must follow.
    https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-troubleshoot-vpn-point-to-site-connection-problems

    Hope this resolves your Query!!

    ----------

    --If the reply is helpful, please Upvote and Accept it as an answer--

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.