VPN Connection error 789

SOLVED
KmZ_78
Just browsing

VPN Connection error 789

Hello everyone

 

We deployed a meraki VPN client.

For some PCs we don't have any problem to connect to the VPN.
Others, however, we have error 789.

 

We looked at the meraki documentation and did the actions but it still doesn't work.

 

Do you have an idea?

 

Thanks

1 ACCEPTED SOLUTION
Nash
Kind of a big deal

Errr, are your users behind the VPN terminating-firewall when they're trying to connect? Because yes, you're going to get weird errors when you do that. You can't connect to the outside when you're inside like that.

 

For testing, I recommend a hotspot that is 100% not on the same network as your firewall. If it's a cellphone, you may need to disconnect it from any wireless networks you have. Cellphones can be weird.

View solution in original post

18 REPLIES 18
Nash
Kind of a big deal

Windows 10 or Windows 7?

 

789 is classically bad PSK, but it can also pop up when you've got a bad credential OR when Windows has changed the password protocol on you.

 

If Windows 10, check out the scripts in my signature. 

 

Regardless of version, set Encryption to "optional": Windows doesn't support PAP with 'required' encryption.

 

Tell your users: Do not save your credential.

 

KmZ_78
Just browsing

They're Windows 10.

 

I used your script and I still have an error.
The psk is correct.

 

Do you have another idea ?

Nash
Kind of a big deal

Does your PSK end in a special character? If so, make the last char alphanumeric. 

 

Are your devices with 789 fully up to date on Windows updates?

 

What's your user's authentication? If Windows (AD or RADIUS), does it work correctly on another device?

 

If Meraki cloud, can you log in with that credential on account.meraki.com?

KmZ_78
Just browsing

My psk has no special characters.

 

The users where I noticed the problem was not last updated.
I did the updates and testing. I still have the same errors.

 

I use meraki cloud authentication and I can access it with my login.

Nash
Kind of a big deal

To confirm: You're able to connect on these PCs with your credential? Or did you mean on a working device?

KmZ_78
Just browsing

I can connect to the vpn with my pc without any problem.

Nash
Kind of a big deal

Where are your end users connecting from? Do you see connection attempts from their public IP(s) hitting your firewall event log? Some networks block 500/4500 and then whoops no IPSEC for you.

KmZ_78
Just browsing

My users connect from our network. I'm trying to access the network which is in a datacenter.

 

On my workstation no problem. On some users' workstations I have the error 789.

 

This is what I did:

- Enabling IPsec Policy agent
- Enabling IKE and AuthIP IPsec service
- Disabling the windows firewall

 

I think the problem is Windows, what do you think?

Nash
Kind of a big deal

Errr, are your users behind the VPN terminating-firewall when they're trying to connect? Because yes, you're going to get weird errors when you do that. You can't connect to the outside when you're inside like that.

 

For testing, I recommend a hotspot that is 100% not on the same network as your firewall. If it's a cellphone, you may need to disconnect it from any wireless networks you have. Cellphones can be weird.

I also have the problem with a vpn.  I had a user on it today.  There home internet must have blipped and got kicked off.  I can not get her back on.  I get the 789 error or L2TP error.  I have deleted the vpn, recreated it, turned off firewall, restarted services, patch computer.  VPN on meraki has been great many people on it but this is a individual thing.  The only thing I can not try is get her off her home wireless and plug in but she has not cable.  Trying to eliminate her home internet but she says has not changed in months.   Any other Items to check would be great.

 

David

Solved it.  Had her plug in directly and got a login.  Then I deleted all the WAN items in the device manager.  Got her on while plugged in.  Then went to wireless and it worked.  So not sure if it was just a corruption, or security setting in their router.  I also did all the resets on netsh and nbtstat.

OneNetSpace
New here

I ran into the same issue and it ended up being a windows update breaking L2TP. 

 

from administrative command prompt:

Windows 10 Type: wusa /uninstall /kb:5009566

Windows 11 Type: wusa /uninstall /kb:5009543 

 

This worked for me today. Thank you.

This solved all our VPN problems, thank you!  However you have Windows 10/11 switched on the kb uninstalls.

Tolik
Conversationalist

Worked for me on 2 different PC. Connecting to 2 different MXs. Many thanks!!!

This solved our issues too!  Although I had to run both commands on a windows 10 21H2 client.  It didn't find 5009566 but did find 5009543.  Great solution, M$ get it together!

Tolik
Conversationalist

The update keeps reinstalling itself few days after. Any thoughts on how to block it?

Thank you!

PankajB
New here

KB5009543.PNG

 

VPNerror.png

KB5010793-G.PNG

 

KB5010793.PNG

KB5010793-B.PNG

KB5010793-D.PNG

 

KB5010793-E.PNG

KB5010793-F.PNG

VPNfixed.png

 After Windows 10 auto update of KB5009543 the VPN client fails to connect to Meraki VPN giving 789 error.

Microsoft has release patch KB5010793, download and install, then restart your Windows 10 PC to fix it. Best wishes.

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels