Came across a user who was unable to establish a vpn connection on his Dell laptop, running Win10. After entering his username and password, the user was stuck in a "connecting" state.
MX Appliances did update a few days ago, however all other users could connect to vpn without issue.
Dell laptop was newly imaged to Win10
Meraki gave multiple errors -
Feb 5 13:07:45 | Non-Meraki / Client VPN negotiation | msg: failed to begin ipsec sa negotiation. | |
Feb 5 13:07:45 | Non-Meraki / Client VPN negotiation | msg: no configuration found for 6.1.0.1. | |
Feb 5 13:06:15 | Non-Meraki / Client VPN negotiation | msg: IPsec-SA established: ESP/Transport xxxxxx spi=60769056(0x39f4320) | |
Feb 5 13:06:15 | Non-Meraki / Client VPN negotiation | msg: IPsec-SA established: ESP/Transport xxxxxx spi=213759384(0xcbdb598) | |
Feb 5 13:06:15 | Non-Meraki / Client VPN negotiation | msg: ISAKMP-SA xxxxxx | |
Feb 5 13:06:14 | Non-Meraki / Client VPN negotiation | msg: invalid DH group 19. | |
Feb 5 13:06:14 | Non-Meraki / Client VPN negotiation | msg: invalid DH group 20. |
DH 19&20 Most commonly for me, when a client didn't have Client VPN configured to properly authenticate with AD etc - Since it only affected one user, this is not the issue
Confirmed FW wasn't blocking
Confirmed that adapter settings were correct
Confirmed PSK was accurate
Uninstalled/Reinstalled all Miniports including registry entries
Confirmed TLS settings
Confirmed Dell apps Smartbyte and Killer Control Center not installed
No dice.
Came across https://www.geekshangout.com/vpn-connection-hangs-in-connecting/#comment-32375
This article allowed me to connect the user. Win10 issue FTW.
Just figured I'd post to save you all the time.
If it is a Dell machine also means sure you remove SmartByte.
https://community.meraki.com/t5/Network-Wide/Dell-Laptops-and-VPN-access/m-p/12826#M321
Thanks Philip, it was not installed on user's laptop.
Same thing happens on our set of Dell laptops too with Windows 10 Pro.
It does not connect even from the VPN page.
After a long trying to connect "connecting" it fails with the following error "The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer"
Any suggestions? Or work arounds?
All the steps in the troubleshooting page were performed, but no luck.
Hi Nolan,
This is a brand new Dell latitude 3490 laptop.
No updates were done.
Thanks,
Bonifas
Bonifas - that's 789, right?
Assuming this is a one PC error and you know the PSK/all settings are right: I have had luck before with uninstalling the WAN Miniport L2TP device under Device Manager, then have DM scan for new hardware. Sometimes I'm lazy and just reboot instead, because I have bad habits.
If you don't see the WAN Miniports, click View and select Show Hidden Devices. Make sure you don't uninstall the drivers themselves,
@Bonifas What errors are you getting in Meraki? You confirmed that the adapter settings are reflecting the correct security configuration?
https://documentation.meraki.com/MX/Client_VPN/Client_VPN_OS_Configuration
The adapter settings keeps reverting back to MS CHAP V2 though PAP is selected.
Thanks,
Bonifas
@Bonifas Is the end user saving their credential? This can also cause Win10 to change the password protocol away from PAP. Since my help desk has told end users to no longer save credentials, but to enter it every time, it's reduced the incidence of this behavior.
Assuming an AD environment where all client VPN users have an AD account... It's easier on the end user if you can integrate the VPN with their AD account, either via RADIUS or the straight up AD integration. We typically use RADIUS, since not all customers are willing to get a valid certificate for their AD server.
You can also try changing the encryption level to Optional. Windows 10 does not actually support Required encryption for PAP. It will assume the encryption level is correct and then helpfully change the password protocol to one that supports required encryption.
My Home VPN was working before using Windows 10 Laptop and Desktop. Then after the updates it stopped working. Modified the VPN Properties and allowed the protocols below and it started working again.
I'm having what looks like the same issue ever since a W-10 Pro 64b update on Feb 12 or Feb 16
I can no longer login to this vpn on my W-10 PC. I tried recreating the vpn 5 times with the same error message after a long negotiating attempt. The same login information works on my W-7 laptop without fail.
I had changed no settings on the W-10 Pro 64b machine when the error began appearing. I looked through all the 'fixes' listed in this discussion and cannot find a fix. I've thought of trying to restore my Pc to a date earlier in Feb but have some other valuable data I don't want to lose. HELP!!