Sort of losing my mind here. We have 3 computers that the VPN refuses to work with after they are joined to the domain. All different users, all different model computers, I already uninstalled as many windows updates from the past 3 months, this only started happening maybe a week ago.
It does throw an 811 error indicated a shared key mismatch, but I know for a fact it’s not that.
I am going to perform a firmware upgrade on the MX tonight. Does anyone have any thoughts?
EDIT:
Solved the problem, it was a granular GPO that caused the issue. Removed it and works now.
There were windows updates recently, I don’t remember which update it was but you could definitely find it on Google, that were wreaking havoc on LT2TP VPN connections. It wasn’t throwing out the error message that you’re getting but still might be something to look into.
Are you using CMAK to deploy VPNs? Regardless, the issue might not be limited to those, try this.
After you join to the domain, try connecting to the VPN but elevate the connection process. For example, create a shortcut to the VPN connection if you don’t have one and right click and run as Administrator. You can probably also initiate the VPN connection from an elevated CMD or PowerShell prompt.
Doesn’t appear to be windows updates as not all our computers are affected, even those within the same band. It also didn’t work through the Draytek client, not sure if it’s a client issue or not.
I am not using CMAK, and the elevated process results in the same return. We have relatively few VPN users, so I confirmed with the rest of them that their VPN was functional and that is backed up via the client monitor within the dashboard.
They are not, they are all in different groups, with other computers that work fine.
I reformatted one just now, and the VPN works fine on initial setup. The computer was then added to the domain and an AD user logged in and now the VPN does not function at all. Completely at a loss here.
if you log in as. say, local admin account on the machine (not a domain account) after it’s been joined to the domain does the vpn work under that account?