Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Anyconnect Radius Reason Code 16

rndadhdman
Comes here often
‎Aug 29 2023 10:29 AM
‎Aug 29 2023 10:29 AM

Anyconnect Radius Reason Code 16

After working with the deployment team at Meraki, we are all lost for words. We have the Meraki VPN setup according to the documentation. I can watch the radius come into the system and be rejected each and every time. We are getting an reason code of 16. Thus, it's reaching radius and radius is saying it's a bad password. This isn't the case as we have confirmed the password. The Radius and CA are both on their own servers. From what I can tell event id 6273 normally accompanies reason code 16. However, i'm not seeing this event id.

 

The Radius server has the RAS and IAS cert from the currently active CA.

I can ping between each machine with no issues.

DNS names resolve with no issues between machines. However, using the troubleshooting tools, when i try the hostname to the DC, it does not start, but I can ping the IP address from the same tool no problem. 

 

Any idea's would help.

 

Documentation Links:

https://documentation.meraki.com/MX/Client_VPN/Configuring_RADIUS_Authentication_with_Client_VPN

 

Edit:
Discovered the mobile app will not prompt for user name or password if I use the DDNS name provided by the meraki unit, but if I use the ip address, it will prompt. Which makes it even weirder.

 

Edit:

Under the Connection Request Policy > Settings > Authentication, radio check "Accept users without validating Credentials" I get an radius accept, but the app crashes at this point. (Every Time on the laptop)

Labels:
0 Kudos
Subscribe
6 Replies 6
Ryan_Miles
Meraki Employee
Meraki Employee
‎Aug 29 2023 10:41 AM
‎Aug 29 2023 10:41 AM

As a test have you tried disabling the cert auth part and just connect with a username/password to make sure that works? That might help determine if the cert auth is the culprit.

0 Kudos
Subscribe
In response to Ryan_Miles
rndadhdman
Comes here often
‎Aug 29 2023 10:43 AM
‎Aug 29 2023 10:43 AM

I"m not to sure how to do that in radius. The Meraki has the certificate requirement disabled.

0 Kudos
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Aug 29 2023 2:21 PM
‎Aug 29 2023 2:21 PM

Those are the wrong instructions.  They are for Microsoft client VPN.  These are the correct instructions for AnyConnect:
https://documentation.meraki.com/MX/Client_VPN/AnyConnect_on_the_MX_Appliance/Authentication#RADIUS_... 

 

@JohnIngram , even the instructions for Microsoft client VPN are not correct.  It's just that the errors are not enough to break it.  I am happy to help correct the documentation error if you could get someone to reach out to me.

Also, I think it makes it hard for users to have two sets of instructions for configuring RADIUS and client VPN.  Perhaps a single document could be made or a link created from one set of instructions to the other to make it clear which set of instructions users should be using.

Subscribe
In response to PhilipDAth
rndadhdman
Comes here often
‎Aug 30 2023 3:51 AM
‎Aug 30 2023 3:51 AM

After following these instructions, I am still receiving the same error messages. Any idea? The problem is on the radius side.

0 Kudos
Subscribe
rndadhdman
Comes here often
‎Sep 5 2023 6:02 AM
‎Sep 5 2023 6:02 AM

After about 100 failed attempts, I have reached out to a local msp. I will post updates here.

0 Kudos
Subscribe
Drew325
Conversationalist
‎Jan 10 2024 4:02 PM
‎Jan 10 2024 4:02 PM

Did this ever get resolved? I'm getting the same error message and support is as confused as I am.

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.