Our SBS 2011 recently had some hardware trouble, so we decided to migrate everything to a new server which we also installed with SBS 2011.
Since the migration, I've been having trouble to get our VPN to work. The connection fails with the following error dialog:
So I checked out the Security event log on our server and found this corresponding event:
Authentication Details
- Connection Request Policy Name: Microsoft Routing and Remote Access Service Policy
- Network Policy Name: -
- Authentication Provider: Windows
- Authentication Server: SBS0.example.local
- Authentication Type: MS-CHAPv2
- EAP Type: -
- Account Session Identifier: 34
- Logging Results: Accounting information was written to the local log file.
- Reason Code: 48
- Reason: The connection request did not match any configured network policy.
So I went into the Network Policy and Access Services snap-in and opened the Network Policy Server panel to edit the Network Policies. There's a policy labeled Virtual Private Network (VPN) Access Policy which looks pretty similar to the one we had on the old server. Except for one difference.
Our old server was installed in German, the new server is installed in English. So the conditions now list the new Windows SBS Virtual Private Network Users group. But a group like that doesn't exist in our AD. So I added our old, German Windows SBS-VPN Benutzer group to the conditions as well.
I'm not sure if that change was even relevant or if both names point to the same group anyway. Either way, this didn't resolve the issue and I'm out of ideas how to approach the problem.
I saw Error 812 when connecting to office VPN and made sure that I'm still a member of the VPN Users group (which I am).
