After working with the deployment team at Meraki, we are all lost for words. We have the Meraki VPN setup according to the documentation. I can watch the radius come into the system and be rejected each and every time. We are getting an reason code of 16. Thus, it's reaching radius and radius is saying it's a bad password. This isn't the case as we have confirmed the password. The Radius and CA are both on their own servers. From what I can tell event id 6273 normally accompanies reason code 16. However, i'm not seeing this event id.
The Radius server has the RAS and IAS cert from the currently active CA.
I can ping between each machine with no issues.
DNS names resolve with no issues between machines. However, using the troubleshooting tools, when i try the hostname to the DC, it does not start, but I can ping the IP address from the same tool no problem.
Edit: Discovered the mobile app will not prompt for user name or password if I use the DDNS name provided by the meraki unit, but if I use the ip address, it will prompt. Which makes it even weirder.
Under the Connection Request Policy > Settings > Authentication, radio check "Accept users without validating Credentials" I get an radius accept, but the app crashes at this point. (Every Time on the laptop)
@JohnIngram , even the instructions for Microsoft client VPN are not correct. It's just that the errors are not enough to break it. I am happy to help correct the documentation error if you could get someone to reach out to me.
Also, I think it makes it hard for users to have two sets of instructions for configuring RADIUS and client VPN. Perhaps a single document could be made or a link created from one set of instructions to the other to make it clear which set of instructions users should be using.