Fault discovery and repair of Windows-based Virtual Private Network

VPN is the most impressive Network Technology launched in the past few years. Employees outside the company do not have to pay a lot of telephone fees to directly access the company's network. Instead, they can use existing network connections and the connection is free of charge. Although this technology is great, it does not work in the way it should, so we need to do some minor repairs for it.

Considering the complexity of the VPN structure, we cannot provide comprehensive VPN repair guidance in this article. I will discuss some common reasons why remote users are in trouble when establishing a VPN connection.

When users encounter problems when establishing a connection (especially creating a VPN connection), it is easy to think that the VPN settings are incorrect. However, before you check the settings, you 'd better check the account description of the user in question. Some users may cause VPN connection failure.

For example, the account may be locked or disabled. Similarly, if your user is set to Allow Logon at a specific time, the remote user may be connected to the VPN outside the permitted time.

In another case, the user has never been granted the permission to log on remotely. If you check the Active Directory Users and Computers console user toolbar, you can find a 'dial-in' flag that allows you to grant or deny remote login permissions to a user. Although its name is 'dial-in', it actually affects the VPN connection.

If all these user permissions are verified, you need to check whether the Routing and Remote Access Services of the VPN Server are enabled. Sometimes the server closes these services for unknown reasons, so it is necessary to determine that they are enabled.

In this case, user connection problems may be caused by PPTP or L2TP ports not being set to accept remote login requests from the mainland. Check how the two ports are set. Open the Routing and Remote Access console and enter your server through the Console Directory. Then, right-click the port window and select the tool command from the drop-down menu. In this way, you open the Windows port toolbar. Select a device from the port list and click set. You can see the device Settings dialog box. Confirm that the Remote Access Connection (Mainland China only) and Demand Dial Routing Connections (both at home and abroad) have been selected.

When you see the device Settings dialog box, pay attention to the maximum port installation. A common cause of VPN connection failure is that the allocated port is idle. You can use the Routing and Remote Access console to find out how many ports are currently in use and their detailed usage.

The last question I want to talk about is that the server running IAS may be using an invalid authentication. When IAS uses the EAP-TLS authentication method, TLS uses the attachment of the certificate in the cache instead of reading it from the authentication library each time. Normally, this will not be a problem. However, if you use a new authentication, TLS will continue to use the expired authentication until the cache entry is terminated. However, you can restart the server to update the cache.

As you can see, some minor problems may cause Windows VPN to reject user logon. I hope this article will help you solve them.