LTP2 VPN Connection issue - Windows Server 2022 Standard

Kim134
Comes here often

LTP2 VPN Connection issue - Windows Server 2022 Standard

My organization has been using a Meraki LTP2-VPN connection for over a year without any issues. The connection is made via a MX67 (firmware 18.107.2) to a Windows 2012 R2 Active Directory server. 

 

But recently we upgraded the AD server to Windows 2022 Standard. But since the upgrade the Client VPN no longer works. When a user tries to connect using the same settings, they get a "The LTP2-VPN server did not respond" .

 

This happens both on Windows and Mac devices.using the native VPN connection.

 

The MX67 firmware was updated to 18.207 last weekend but the connection still does not work.

 

Has anyone had a similar experience?

 

 

10 Replies 10
alemabrahao
Kind of a big deal
Kind of a big deal

It's a problem related to the Windows update, this is quite common and it's not the first time this problem has occurred after the Windows update.

 

Solved: Re: Client VPN Error After January Windows Updates - The Meraki Community

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Kim134
Comes here often

Also, oth the Mac and Windows clients are using the latest, patched OSes. The 2022 server is also fully patched.

alemabrahao
Kind of a big deal
Kind of a big deal

Check the troubleshooting guide.

 

https://documentation.meraki.com/MX/Client_VPN/Guided_Client_VPN_Troubleshooting/Unable_to_Connect_t...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
BlakeRichardson
Kind of a big deal
Kind of a big deal

Have you updated Firewall rules and the VPN config to point to the new AD server?

 

If you run a packet capture can you see authentication requests hitting the server? 

Kim134
Comes here often

I do see one error message showing up on the new server showing this error:

 

No suitable default server credential exists on this system. This will prevent server applications that expect to make use of the system default credentials from accepting SSL connections. An example of such an application is the directory server. Applications that manage their own credentials, such as the internet information server, are not affected by this.

 

alemabrahao
Kind of a big deal
Kind of a big deal

Why don't you use Anyconnect?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Kim134
Comes here often

We haven't explored the use of AnyConnect (yet) and we do not have any licenses. We are workling with our provider to see what options are available for us to get by this problem

 

Thanks.

alemabrahao
Kind of a big deal
Kind of a big deal

Anyconnect is more stable and much better than L2TP connection. You can test without a license and there will be no problem. But it is recommended that you purchase licensing when possible.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Kim134
Comes here often

Thanks. I will do some reading up on Anyconnect

Kim134
Comes here often

After much effort, I was able to get AnyConnect configured, but the same problem still happens.

 

"This will prevent server applications that expect to make use of the system default credentials from accepting SSL connections"

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels