I want to preface this by saying this is the most ridiculous problem I have ever encountered.
The client is using a Meraki connection and using the built-in Windows VPN tool (I know, it’s garbage).
Whenever the user attempts to sign in, they get an error stating that the remote computer refused the connection. I restarted the computer, re-added the connection, tried every combination of adapter settings, nothing was working. I had the user type their credentials in a notepad, and then I copied it and pasted in, and wala, it connected. I had the user do the exact same thing and it didn’t work. I even had them show me the password that was in the sign-in window and it was the same.
The only difference is that I was connected to their computer via the Ninja RMM remote connect tool. But even so, from the VPN’s perspective it should be the exact same whether I’m the one copying and pasting the credentials or the user is?
I have no clue what’s going on. This isn’t the first user to have this exact same issue either. With the previous user, we replaced their computer and they still had the problem. Someone please tell me you’ve encountered this and know a fix.
I’ve ran into similar with the Meraki client VPN and it’s usually for different reasons. The most common is a Windows update borking things, compare and see if they have an update that you don’t (or maybe vice-versa).
Make sure unencrypted password is checked and CHAP is unchecked. I also noticed in some cases when a client VPN fails to connect, Windows VPN will change some of the settings I just set, so my common practice is to go in and re-set everything up upon any failures to connect.
Also make sure that your DNS entries are taking them to whatever WAN port is configured as your primary WAN on the MX, the MX’s seem to put all client VPNs on your primary WAN link so if they’re trying to connect to the secondary, you’ll get 789 errors.
Then if problems persist, check the Meraki event viewer for all client VPN events and see what it’s telling you. The common error is 789 which is incredibly vague and could be caused by anything.
We’re looking at moving to AnyConnect which, allegedly, there’s less problems associated with it.
We ran into this all the time with meraki VPN and using the built in windows. Go into device manager and delete the network adapter for the VPN and rescan. Always fixed it for us.
in our org we had it where the isp was the root cause of the vpn not working, we had to keep telling a bunch of users on the same isp to reboot their modem and that fixed the issue on our end. VPN into the org network from home that is.
Have the user type in their username and password into notepad just like they would into the box to connect to VPN
Have them type the username and password 3 time in a row. Are there any missing characters? Typos? Could be an issue with user’s laptop keyboard. Maybe one key is “sticky” or only works “sometimes”
You already know the user’s credentials, maybe try changing/updating their password to something “easy” to just test with, and see if that works.
Just tossing this out there, as it appears most others have covered most everything I’d think of…
Is their internet connection over cell data, or having quality issues (packet loss)? I know we’ve had issues with RDP, generally VPN, over cell data, due to latency issues, or the ISP themselves doing something squirrelly. TMobile’s Home Internet (HINTs), Watchguard’s VPN doesn’t work over it. We’ve even fought with iOS’s VPN setup to work with Watchguard’s VPN.
(Long shot) Maybe an unintended VPN left open? Had this a month ago, the user’s cell phone was using a third party VPN, they didn’t realize they had running. Though this didn’t relate to a RDP issue, just a clock-in limitation, as their “WAN” IP wasn’t their office’s WAN IP, for clocking in with their wifi.
Does your end user have the same subnet as the network they’re connecting to? I ran into this with a user who has a 172.16.21.xx at home (her husband is in IT) and our VPN subnet was the same. It would get through the first phases and timeout after. This doesn’t sound like your issue, but I figured I’d share it with you.
Another issue with a user at home who had Spectrum router that was CGNAT and for some reason it couldn’t connect at all. Had the user connect to a Hotspot, and it worked. Don’t bash your head on getting it to connect, keep ruling things out.
Your first instinct to test the vpn on yours is a great idea. Now you have a general idea of where the issue is.
I remember having this problem before (or similar.) Mind you, it was mid 2020, but I remember connecting from the system tray/wifi icon was bugged in Win10. If you used a shortcut to rasphone or a pbk file, it worked more consistently
Make sure the VPN app isn’t being blocked by windows firewall. You’ve already determined it’s not the user’s account or the service you’re connecting to, the only things left are the network settings on the endpoint and the network settings on the user’s home network.
Dollars to donuts it’s Windows firewall, but also have the user reboot their home router, try a wired connection, etc. I’ve seen home networks that just straight dont like VPN connections, and if they’re travelling I’ve seen a lot of hotel networks use guest portal software that absolutely hates VPNs.
Also if he’s connecting from China, they’ve really upped their Great Firewall game to interfere with a lot of VPN tech over the last few years.
HAHAHAHAHAHAHAHAHA you guys are over thinking this.
Willing to bet you money there is a keyboard issue.
Had this happen on multiple machines I used and found out windows was not accepting the P button input until i restarted. Both times it was the letter P two different computers, two different companies.
Does their locale and keyboard match yours? I’m guessing that there is a character set variation between your computer and theirs. I suspect that your session is sending a different character set than theirs, even though they appear the same on screen.
There is probably a special character in the password that has different character codes, depending on who is sending it. Check to see if there is any variation between the computers and reset the password, for testing, to a simple plain text password of numbers and letters only. No special characters, or length, or complexity.
I would also look into *where* it happens, long time ago, we had netextender consistently fail for one user, turned out to be her home rural wireless internet through t-mobile.
Funny thing is it was an ATT tower, could hotspot my phone (ATT) it worked, hotspot hers (T-Mobile) or her home internet, failed.
So depending on where sometimes if bandwidth is a constraint, providers can get terribly judgmental, emphasis on the mental…
Get them to go to Starbucks or the library and try
Go into device manager and remove everything under network listed with wan and restart, maybe everything that’s not the VPN. Just right click and uninstall
Connect from the VPN page in Windows and not from the network icon tray
We have countless issues with the Windows VPN tool. We use Cisco Firepower that has AnyConnect available as a tool. We’re in the process of rolling that out to everyone and eliminating the Windows tool. Most already had it, but there are a few stray devices. Seeing as how Metal is from Cisco, can you have them use a Cisco provided option?