Hello everyone
We deployed a meraki VPN client.
For some PCs we don't have any problem to connect to the VPN.
Others, however, we have error 789.
We looked at the meraki documentation and did the actions but it still doesn't work.
Do you have an idea?
Thanks
Solved! Go to solution.
Errr, are your users behind the VPN terminating-firewall when they're trying to connect? Because yes, you're going to get weird errors when you do that. You can't connect to the outside when you're inside like that.
For testing, I recommend a hotspot that is 100% not on the same network as your firewall. If it's a cellphone, you may need to disconnect it from any wireless networks you have. Cellphones can be weird.
Windows 10 or Windows 7?
789 is classically bad PSK, but it can also pop up when you've got a bad credential OR when Windows has changed the password protocol on you.
If Windows 10, check out the scripts in my signature.
Regardless of version, set Encryption to "optional": Windows doesn't support PAP with 'required' encryption.
Tell your users: Do not save your credential.
They're Windows 10.
I used your script and I still have an error.
The psk is correct.
Do you have another idea ?
Does your PSK end in a special character? If so, make the last char alphanumeric.
Are your devices with 789 fully up to date on Windows updates?
What's your user's authentication? If Windows (AD or RADIUS), does it work correctly on another device?
If Meraki cloud, can you log in with that credential on account.meraki.com?
My psk has no special characters.
The users where I noticed the problem was not last updated.
I did the updates and testing. I still have the same errors.
I use meraki cloud authentication and I can access it with my login.
To confirm: You're able to connect on these PCs with your credential? Or did you mean on a working device?
I can connect to the vpn with my pc without any problem.
Where are your end users connecting from? Do you see connection attempts from their public IP(s) hitting your firewall event log? Some networks block 500/4500 and then whoops no IPSEC for you.
My users connect from our network. I'm trying to access the network which is in a datacenter.
On my workstation no problem. On some users' workstations I have the error 789.
This is what I did:
- Enabling IPsec Policy agent
- Enabling IKE and AuthIP IPsec service
- Disabling the windows firewall
I think the problem is Windows, what do you think?
Errr, are your users behind the VPN terminating-firewall when they're trying to connect? Because yes, you're going to get weird errors when you do that. You can't connect to the outside when you're inside like that.
For testing, I recommend a hotspot that is 100% not on the same network as your firewall. If it's a cellphone, you may need to disconnect it from any wireless networks you have. Cellphones can be weird.
I also have the problem with a vpn. I had a user on it today. There home internet must have blipped and got kicked off. I can not get her back on. I get the 789 error or L2TP error. I have deleted the vpn, recreated it, turned off firewall, restarted services, patch computer. VPN on meraki has been great many people on it but this is a individual thing. The only thing I can not try is get her off her home wireless and plug in but she has not cable. Trying to eliminate her home internet but she says has not changed in months. Any other Items to check would be great.
David
Solved it. Had her plug in directly and got a login. Then I deleted all the WAN items in the device manager. Got her on while plugged in. Then went to wireless and it worked. So not sure if it was just a corruption, or security setting in their router. I also did all the resets on netsh and nbtstat.
I ran into the same issue and it ended up being a windows update breaking L2TP.
from administrative command prompt:
Windows 10 Type: wusa /uninstall /kb:5009566
Windows 11 Type: wusa /uninstall /kb:5009543
This worked for me today. Thank you.
This solved all our VPN problems, thank you! However you have Windows 10/11 switched on the kb uninstalls.
Worked for me on 2 different PC. Connecting to 2 different MXs. Many thanks!!!
This solved our issues too! Although I had to run both commands on a windows 10 21H2 client. It didn't find 5009566 but did find 5009543. Great solution, M$ get it together!
The update keeps reinstalling itself few days after. Any thoughts on how to block it?
Thank you!
After Windows 10 auto update of KB5009543 the VPN client fails to connect to Meraki VPN giving 789 error.
Microsoft has release patch KB5010793, download and install, then restart your Windows 10 PC to fix it. Best wishes.