SOLVED: VPN won't work on Windows Server 2012

VPN

6 min. read

Updated on October 4, 2023

by Milan Stanojevic

updated on October 4, 2023

Readers help support Windows Report. We may get a commission if you buy through our links.

Key notes

Installing and configuring your VPN on a Windows Server 2012 should be hassle-free.
If the VPN won't work, then you should use our quick fixes for the error you’re encountering.
In case of looking for similar handy tips, feel free to check out VPN Errors & Solutions.
It’s most likely in your best interest to also bookmark our VPN Troubleshooting Hub.

A VPN can be installed and configured on a Windows Server 2012 by running the Setup Anywhere Access wizard and selecting the VPN option.

When you choose to enable this option using the wizard, roles or features such as Remote Access, DirectAccess and VPN (RAS), IP and Domain Restrictions, IIS Management Scripts and Tools, Network Policy and Access Services Tools, and Windows Internal Database are installed on the server.

It is also possible to enable these roles and/or features from the Server Manager or PowerShell command-lets, but it is however recommended to enable it through the wizard itself.

Windows Server 2012 allows client machines to join their server without being in the company network through the Remote Domain Join feature.

So, if VPN is enabled on the server, you can connect a remote client to the local network via your VPN, and run the Connect wizard then join the remote client to the server – a simple and straightforward process.

It is important to note, however, that the Server 2012 automatically manages to route for the VPN, so Routing and Remote Access (RRAS) UI is hidden on the server to prevent tampering of these settings.

VPNs are also deployed such that there’s little need for manual configurations on the server or client.

If correct TCP ports are open on the firewall and sent to the server, and the VPN was enabled while running the wizard, the VPN should work instantly, with proper protocols selected.

Users of the Windows Server 2012 have reported concerns when their VPN is not working with server 2012, and this article looks at some of the common issues and their solutions.

BEST PRICES FOR FEBRUARY 2024

ExpressVPN

Browse the web from multiple devices with increased security protocols.

4.9/5

Grab the discount ►

Private Internet Access

Access content across the globe at the highest speed rate.

4.7/5

Grab the discount ►

Cyberghost

Connect to thousands of servers for persistent seamless browsing.

4.6/5

Grab the discount ►

What can I do if VPN won’t work on Windows Server 2012?

Error 850
Error 800
Error 720

1. Error 850

Go to your VPN’s settings on the Networking tab of the VPN connection, open the properties of IPv4, and click Advanced.
Under Advanced TCP/IP settings, clear the checkbox for Use default gateway on remote network to ensure the network and Internet connection are running.

When this error displays, the message reads: The Extensible Authentication Protocol type required for authentication of the remote access connection is not installed on your computer.

If you set up the VPN connection manually, then you’ll get this error when VPN is not working with server 2012.

This error shows that none of the protocols have been selected in the VPN connection properties, so to fix this, you need to select Allow these protocols on the Security tab of the VPN connection.

Microsoft CHAP Version 2 (MS-CHAP v2) would be automatically selected if you click this option, then click OK to apply the changes.

If you get Internet or network resource access issues, you could be using the default gateway of the remote network. Use the steps detailed above to fix this in no time.

2. Error 800

Ensure that 443 is allowed and sent to the Windows Server 2012 and that the correct SSL certificate is bound to the default website for the 443 port and the same with the SSTP port.
If you want to know that port 443 is blocked, you need to check if you can browse RWA from outside, if you can then it is open, otherwise it is blocked.
To verify certificates (RRAS and IIS), open the IIS Manager on Server Essentials, and click Open Bindings for the default website.
Go to Site Bindings page and select the binding for port 443 with the blank hostname, and click Edit.
On Edit Site Binding page, click View.
On Certificate Windows, chose Details and make a note of the Thumbprint of the certificate.
You can also use this PowerShell command to display the thumbprint of the certificate active on the default website: Get-WebBinding | Where-Object {$_.bindinginformation -eq "*:443:"} | fl certificateHash
Open Routing and Remote Access Management, right-click the server name, open its properties.
Click on the Security and click View next to the Certificate. You should have the same certificate thumbprint here as well.

Note: If this is a different certificate, change the certificate to match the one on the IIS. Otherwise, you may use this command to modify the thumbprint of this certificate for the Secure Socket Tunneling Protocol (SSTP) Service:

reg add HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSstpSvcParameters /v SHA1CertificateHash /t REG_BINARY /<thumbprint recorded from previous step> /f

This error displays as The remote connection was not made because the attempted VPN tunnels failed.

When this happens, the VPN server might be unreachable. If this connection is attempting to use an L2TP/IPsec tunnel, the security parameters required for IPsec negotiation might not be configured properly.

This connection failure could be because either 443 isn’t allowed on the firewall or there’s a certificate mismatch in the RRAS and IIS (default website).

To resolve this issue, pay attention to the guidelines above.

Once you ensure that the certificate on the Default Web Site and SSTP are the same, the problem should go away.

3. Error 720

Open Routing and Remote Access console.
Open the server Properties.
On the server properties, assign a valid static IPv4 address pool for the VPN clients, and exclude it from DHCP server scope.

Note: On certain occasions, it has been noted that the on-premise client would show connected to the hosted Windows Server 2012 R2 Essentials.

However there may not be any connectivity between the VPN client and the Server Essentials.

In such scenarios, check the events for RemoteAccess-MgmtClient and RemoteAccess-RemoteAccessServer on the Event Viewer.

This error displays as A connection to the remote computer could not be established. You might need to change the network settings for this connection.

If a VPN client is unable to obtain an IP address from the VPN server, then you may get Error 720 when the VPN is not working with server 2012.

In Server Essentials, usually, the DHCP is hosted on a different device.

Did any of these solutions help with the VPN not working server 2012 issue on your computer? Let us know by leaving a comment in the section below.

When this doesn’t happen, VPNs can be installed and configured. That’s what you can clearly do on Windows Server 2012.

Is Windows Server 2012 r2 still supported?

Yes, it’s still supported. The end-of-extended support date for Windows Server 2012 r2 is Oct. 10, 2023.

[wl_navigator]

Milan Stanojevic

Windows Toubleshooting Expert

Milan has been enthusiastic about technology ever since his childhood days, and this led him to take interest in all PC-related technologies. He's a PC enthusiast and he spends most of his time learning about computers and technology. Before joining WindowsReport, he worked as a front-end web developer. Now, he's one of the Troubleshooting experts in our worldwide team, specializing in Windows errors & software issues.