none
RRAS 942 error

    Question

  • I am trying to connect to my windows 2008 server standard Via VPN. I get the 942 error with an explanation below.

    The connection could not be established because the authentication method used by your connection profile is not permitted for use by an access policy configured on the RAS/VPN server. Specifically, this could be due to configuration differences between the authentication method selected on the RAS/VPN server and the access policy configured for it.

    The client is a wireless notebook with windows 7 home Premium.

    Help!

    Dante

    Saturday, February 25, 2012 8:57 PM

Answers

  •  

    Hi Dante7,

    Thanks for update .

    I can only see your first picture about the authentication methods setting in network policy on NPS and it seems we are using certificate based method , am I correct ? so have we already  issued user, computer certificates or both user and computer certificates to domain users and domain member client computers yet ?

    Perhaps we can follow the procedures in the check list below and recheck our whole current settings include the policies on NPS and also the VPN settings at client side :

    Checklist: Configure NPS for Dial-Up and VPN Access

    http://technet.microsoft.com/en-us/library/cc754114.aspx

    Thanks.

    Tiger Li


    Tiger Li

    TechNet Community Support

    • Marked as answer by Tiger Li Monday, March 05, 2012 2:09 AM
    Thursday, March 01, 2012 6:52 AM

All replies

  • Hi

    This could be due to configuration differences between the authentication method selected on the RAS/VPN server and the authentification method configuresd in access policy.


    Renato Kurti CCNA,CCNP Security,CCAI,MCP,MCTS,MCITP:EA

    Monday, February 27, 2012 3:18 PM
  •  

    Hi Dante,

    Thanks for posting here.

    Agree with Renato, it seems we might misconfigured the authentication method at client side which do not match the policy we defined on server side .

    May I know the authentication method at server side in RRAS or in network policies if we have set RADIUS/NPS on it ?

    RRAS Server Properties Page - Security Tab

    http://technet.microsoft.com/en-us/library/dd469839(WS.10).aspx

    Network Policy Constraints Properties

    http://technet.microsoft.com/en-us/library/cc770641(WS.10).aspx

    NPS Authentication Methods

    http://technet.microsoft.com/en-us/library/cc731694(WS.10).aspx3

    Thanks.

    Tiger Li


    Tiger Li

    TechNet Community Support

    Tuesday, February 28, 2012 7:16 AM
  • I am trying to connect to my windows 2008 server standard Via VPN. I get the 942 error with an explanation below.

    The connection could not be established because the authentication method used by your connection profile is not permitted for use by an access policy configured on the RAS/VPN server. Specifically, this could be due to configuration differences between the authentication method selected on the RAS/VPN server and the access policy configured for it.

    The client is a wireless notebook with windows 7 home Premium.

    Help!

    Dante

    • Merged by Tiger Li Wednesday, February 29, 2012 8:42 AM
    Tuesday, February 28, 2012 11:09 PM
  • Thursday, March 01, 2012 12:59 AM
  • I took a few screen shots they are below...
    Thursday, March 01, 2012 1:00 AM
  •  

    Hi Dante7,

    Thanks for update .

    I can only see your first picture about the authentication methods setting in network policy on NPS and it seems we are using certificate based method , am I correct ? so have we already  issued user, computer certificates or both user and computer certificates to domain users and domain member client computers yet ?

    Perhaps we can follow the procedures in the check list below and recheck our whole current settings include the policies on NPS and also the VPN settings at client side :

    Checklist: Configure NPS for Dial-Up and VPN Access

    http://technet.microsoft.com/en-us/library/cc754114.aspx

    Thanks.

    Tiger Li


    Tiger Li

    TechNet Community Support

    • Marked as answer by Tiger Li Monday, March 05, 2012 2:09 AM
    Thursday, March 01, 2012 6:52 AM
  • Tiger-

    Thanks for the checklist. Do you have any idea on what my defaults should be?

    Dante

    Friday, March 02, 2012 10:42 PM
  •  

    Hi Dante 7,

    Thanks for update.

    I’d rather suggest to first check the settings at client side and make sure they are using the same authentication method as we defined in policies on server side . otherwise please go and also ensure the certificate settings we mentioned previously .

    Thanks.

    Tiger Li


    Tiger Li

    TechNet Community Support

    Monday, March 05, 2012 2:09 AM