Meraki

Community

LTP2 VPN Connection issue - Windows Server 2022 Standard

Kim134
Comes here often
‎Jan 26 2024 6:32 AM
‎Jan 26 2024 6:32 AM

LTP2 VPN Connection issue - Windows Server 2022 Standard

My organization has been using a Meraki LTP2-VPN connection for over a year without any issues. The connection is made via a MX67 (firmware 18.107.2) to a Windows 2012 R2 Active Directory server. 

 

But recently we upgraded the AD server to Windows 2022 Standard. But since the upgrade the Client VPN no longer works. When a user tries to connect using the same settings, they get a "The LTP2-VPN server did not respond" .

 

This happens both on Windows and Mac devices.using the native VPN connection.

 

The MX67 firmware was updated to 18.207 last weekend but the connection still does not work.

 

Has anyone had a similar experience?

 

 

Labels:
0 Kudos
10 Replies 10
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jan 26 2024 7:06 AM
‎Jan 26 2024 7:06 AM

It's a problem related to the Windows update, this is quite common and it's not the first time this problem has occurred after the Windows update.

 

Solved: Re: Client VPN Error After January Windows Updates - The Meraki Community

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Kim134
Comes here often
‎Jan 26 2024 10:00 AM
‎Jan 26 2024 10:00 AM

Also, oth the Mac and Windows clients are using the latest, patched OSes. The 2022 server is also fully patched.

0 Kudos
In response to Kim134
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jan 26 2024 10:03 AM
‎Jan 26 2024 10:03 AM

Check the troubleshooting guide.

 

https://documentation.meraki.com/MX/Client_VPN/Guided_Client_VPN_Troubleshooting/Unable_to_Connect_t...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
BlakeRichardson
Kind of a big deal
Kind of a big deal
‎Jan 28 2024 2:02 PM
‎Jan 28 2024 2:02 PM

Have you updated Firewall rules and the VPN config to point to the new AD server?

 

If you run a packet capture can you see authentication requests hitting the server? 

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Kudos
In response to BlakeRichardson
Kim134
Comes here often
‎Jan 30 2024 9:34 AM
‎Jan 30 2024 9:34 AM

I do see one error message showing up on the new server showing this error:

 

No suitable default server credential exists on this system. This will prevent server applications that expect to make use of the system default credentials from accepting SSL connections. An example of such an application is the directory server. Applications that manage their own credentials, such as the internet information server, are not affected by this.

 

0 Kudos
In response to Kim134
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jan 30 2024 10:43 AM
‎Jan 30 2024 10:43 AM

Why don't you use Anyconnect?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Kim134
Comes here often
‎Jan 30 2024 10:51 AM
‎Jan 30 2024 10:51 AM

We haven't explored the use of AnyConnect (yet) and we do not have any licenses. We are workling with our provider to see what options are available for us to get by this problem

 

Thanks.

0 Kudos
In response to Kim134
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jan 30 2024 11:26 AM
‎Jan 30 2024 11:26 AM

Anyconnect is more stable and much better than L2TP connection. You can test without a license and there will be no problem. But it is recommended that you purchase licensing when possible.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
Kim134
Comes here often
‎Jan 31 2024 3:59 AM
‎Jan 31 2024 3:59 AM

Thanks. I will do some reading up on Anyconnect

0 Kudos
In response to alemabrahao
Kim134
Comes here often
‎Mar 8 2024 6:22 AM
‎Mar 8 2024 6:22 AM

After much effort, I was able to get AnyConnect configured, but the same problem still happens.

 

"This will prevent server applications that expect to make use of the system default credentials from accepting SSL connections"

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.