Error 628 launching Meraki Client VPN from a script

Thecatsfan
Just browsing

Error 628 launching Meraki Client VPN from a script

I have tried a simple batch file or a powershell script to launch a VPN connection, but no matter how I configure it, I get :

 

"Remote Access error 628 - The connection was terminated by the remote computer before it could be completed."

 

I found some security settings reverted ti default and after fixing them the error changes to:

 

"Remote Access error 691 - The remote connection was denied because the user name and password combination you provided is not recognized."

 

I know they are correct because I can click on my VPN connection and say connect and it works every time.  Has anyone encountered this error and do you have any ideas what causes it?

11 Replies 11
PhilipDAth
Kind of a big deal
Kind of a big deal

What command line are you using to initiate the client VPN connection?

Thecatsfan
Just browsing

I have tried simply using a batch file that reads "rasdial (vpnname)".  

 

I have also tried a powershell script as follows:

 

while ($true)
{
$vpnname = "VPNName"
$vpnusername = "YOURUSERNAME"
$vpnpassword = "YOURPASSWORD"
$vpn = Get-VpnConnection | where {$_.Name -eq $vpnname}
if ($vpn.ConnectionStatus -eq "Disconnected")
{
$cmd = $env:WINDIR + "\System32\rasdial.exe"
$expression = "$cmd ""$vpnname"" $vpnusername $vpnpassword"
Invoke-Expression -Command $expression
}
start-sleep -seconds 30
}

 

I have tried the powershell script with and without the username and password.  The interesting thing is, I ran the above powershell script this morning and it worked.  Absolutely nothing was changed on my end.  I did submit a case with Meraki to see if they would help.  They claimed they could not assist, but I find it very odd that this worked this morning.

PhilipDAth
Kind of a big deal
Kind of a big deal

Perhaps try:

 

rasdial vpnname <username> <password>

DaltonWoolsey
Conversationalist

Hi - 

 

To resolve error message 628 in Event Viewer when attempting to connect to a Meraki VPN, do the following:

 

1. Navigate to Control Panel > Network and Internet > Network Connections > right-click the VPN profile > Properties

2. Security tab > click "Allow these protocols" then select:

Unencrypted Password (PAP) 

Challenge Handshake Authentication Protocol (CHAP) 

Microsoft CHAP Version 2 (MS-CHAP v2) 

 

3. Save the changes

4. Reconnect 

merakivpn.JPG

Regards,

 

Dalton Woolsey

ShadowoftheD
Here to help

Hi @DaltonWoolsey I tried that configuration above and my users still can't connect.

 

They're using Windows Home 10, and I we found that they can only connect when they're using Admin accounts from Meraki but unable to when they're only using Users. 

 

Thanks

HCryspin
New here

Hi,

 

some of our users are experiencing the same issue: only the admin account can be used to connect to VPN. Their own account give the "the connection was terminated by the remote computer before it could be completed" error.

 

These users are enrolled by Intune, and all have Windows 10 business.

 

Any idea what's causing this?

 

Thanks

 

 

D-A
Here to help

Hey guys,

 

Did you get any further with this? I am experiencing the same issue with a couple of our users.

I setup the VPN client using Windows 10 but get the same error about incorrect credentials when trying to connect to the vpn with a standard user. All our users are authenticated via Azure AD and most work fine but a few get 691 errors in the event logs and errors about incorrect credentials when using the client. I can then use the same connection but with my admin account and connect first time. 

 

I'm going to have a look at the account in AD and see if they have any groups they belong to which have different permissions other than admin that might be causing this.

 

Any other tips would be appreciated.

 

D-A

 

 

CruzNet
Conversationalist

We were having these issues with our staff at an office that we were migrating off FortiGate VPN.  The FortiGate VPN had made some changes to the WAN mini-port so I did the following steps:

 

To fix this problem, uninstall and reinstall WAN Miniport drivers.

STEP 1

Uninstall and reinstall WAN Miniport drivers

  1. Press the Windows + R keys to open the Run dialog box.
  2. Type in the following text, and then press Enter.

devmgmt.msc

  1. In the Device Manager window, double-click Network adapters to expand it.
  2. Under Network adapters, double click WAN Miniport drivers (IKEv2) to open driver properties.

If you cannot find WAN Miniport drivers (IKEv2) under Network adapter, from the top menu bar, click View > Show hidden devices.

  1. On the Driver tab, click Uninstall or Uninstall Device.
  2. Follow the on-screen instructions.
  3. Repeat lines 4 to 6 to remove the following drivers:
    • WAN Miniport drivers (IP)
    • WAN Miniport drivers (IPv6)

Follow the on-screen instructions and remove the WAN Miniport and TAP drivers.

  1. In the Device Manager window, from the top toolbar, click Action and then click Scan for hardware changes.
  2. Follow the on-screen instructions to install WAN Miniport device drivers.

STEP 2

Reset network adapter and TCP/IP stack

  1. Press the Windows + R keys to open the Run dialog box.
  2. Type in the following text, and then press Enter.

cmd

  1. In the Command Prompt window, type the following and press Enter:

netsh winsock reset

When the Winsock reset is complete, the message "Winsock reset completed successfully" appears in the Command Prompt window.

  1. In the Command Prompt window, type the following and press Enter:

netsh int ipv4 reset

  1. Exit all programs and restart your computer.

 

JohnAgunbiade
New here

Thanks!

This works.

What protocols exactly does Meraki require?

DRSinger
New here

After updating to Windows 11 Pro, I was receiving this error when trying to connect to my VPN: "the connection was terminated by the remote computer before it could be completed".

 

In reviewing the Event Viewer logs, I saw the following error: CoId={47DD9B6D-A8EC-0007-5147-DE47ECA8D701}: The user SYSTEM dialed a connection named VPN which has failed. The error code returned on failure is 628.

 

After an hour of troubleshooting (re: googling), I came across this page which worked for me and resolved the issue: https://documentation.meraki.com/MX/Client_VPN/Client_VPN_OS_Configuration#Windows_10.

Evidently, the upgrade fiddled with my VPN > Properties > Security settings. I had to enable "Require encryption (disconnect if server declines)", and then select "Allow these protocols" > Unencrypted Password (PAP). 

 

Screenshot 2021-09-13 184253.png

 

After this change, I was able to successfully connect to my VPN. 

Note: Your mileage may vary depending on OS version, VPN requirements, and other unseen factors which may come into play.

DRSinger
New here

btw... selecting all the protocols, or any other protocols than PAP, failed to allow me to login... 
My company has disallowed those protocols specifically. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels