One user account can't connect to VPN on Server 2012

November 30

Problem with Server 2012 VPN Access.  I have one user account that won't connect to RAS and I am stumped.  No other account is having a problem.  The permissions are correct, the connection settings are correct.  But it will not connect
no matter what I do.  The account will not connect from any computer.  But if I use another account in the connection it connects no problem.   The account will connect to Remote Web Workplace no problem, Outlook is connecting to exchange,
she connects to Sharepoint 2013 no problem.  Just the RAS connection won't authenticate.
I get the errors.
Error 20271 CoId={79DB7056-D8F6-489E-8988-66A171AE49B9}: The user  connected from IP but failed an authentication attempt due to the following reason: The connection was prevented because of a policy configured on your RAS/VPN server. Specifically,
the authentication method used by the server to verify your username and password may not match the authentication method configured in your connection profile. Please contact the Administrator of the RAS server and notify them of this error.
Error 20258 CoId={79DB7056-D8F6-489E-8988-66A171AE49B9}: The account for user  connected on port VPN1-127 does not have Remote Access privilege.  The line has been disconnected.
And this account was connecting fine for a while now.  Nothing has changed on the Server or her computer.
I have researched the errors, none of the fixes apply because it's only one account having problems and it looks exactly the same as other accounts that can connect
Any help would be great



Hi Karama,
Does this account belongs the same group with other accounts?
To verify if it is a issue of policy configuration, please try to create a temporary policy with no restrictions.
To create a policy with no restrictions, please follow the steps below,
Create a network policy.
Add Day and Time Restrictions into the Conditions.
In the Day and Time Restrictions, choose permit all.
In Constraints, allow all authentication methods.
Leave other settings to default value.
Move the policy to the top of the list.
If it works, please check your original policy, it should be a policy configuration issue.
If it doesn't work, please check the event of NPS, the policy preventing the authentication is logged there.
If the request matches the temporary policy, please try to reset the password of the account.
Best Regards.
Steven Lee
TechNet Community Support

View 3 Replies


  1. 3 G net worksettings of apple l phone
  2. macbook pro periodic sound
  3. error: err_wis_30270 how to restore file
  4. fb02 auth objects
  5. ILF8
  6. PTI7
  7. lasteka
  8. weigho5t
  9. carriedz2s
  10. wintery8y
Copyrights 2019 Fcffair BigData Resource, All rights reserved