SOLVED: VPN won’t work on Windows Server 2012

Milan Stanojevic
by Milan Stanojevic
Deputy Editor
Loading Comments
Affiliate Disclosure

VPN not working server 2012

A VPN can be installed and configured on a Windows Server 2012 by running the Setup Anywhere Access wizard and selecting the VPN option.

When you choose to enable this option using the wizard, roles or features such as Remote Access, DirectAccess and VPN (RAS), IP and Domain Restrictions, IIS Management Scripts and Tools, Network Policy and Access Services Tools, and Windows Internal Database are installed on the server.

It is also possible to enable these roles and/or features from the Server Manager or PowerShell command-lets, but it is however recommended to enable it through the wizard itself.

Windows Server 2012 allows client machines to join their server without being in the company network through the Remote Domain Join feature, so if VPN is enabled on the server, you can connect a remote client to the local network via your VPN, and run the Connect wizard then join the remote client to the server – a simple and straightforward process.

It is important to note, however, that the Server 2012 automatically manages routing for the VPN, so Routing and Remote Access (RRAS) UI is hidden on the server to prevent tampering of these settings.

VPN is also deployed such that there’s little need for manual configurations on the server or client. So if correct TCP ports are open on the firewall and sent to the server, and the VPN was enabled while running the wizard, the VPN should work instantly, with proper protocols selected.

Users of the Windows Server 2012 have reported concerns when their VPN is not working with server 2012, and this article looks at some of the common issues and their solutions.

FIX: VPN not working server 2012

  1. Error 850
  2. Error 800
  3. Error 720

1. Error 850

When this error displays, the message reads: The Extensible Authentication Protocol type required for authentication of the remote access connection is not installed on your computer.

If you set up the VPN connection manually, then you’ll get this error when VPN is not working with server 2012.

This error shows that none of the protocols have been selected in the VPN connection properties, so to fix this, you need to select Allow these protocols on the Security tab of the VPN connection. Microsoft CHAP Version 2 (MS-CHAP v2) would be automatically selected if you click this option, then click OK to apply the changes.

If you get internet or network resource access issues, you could be using the default gateway of the remote network. Here’s how to fix it:

  • Go to your VPN’s settings on the Networking tab of the VPN connection, open the properties of IPv4 and click Advanced.
  • Under Advanced TCP/IP settings, clear the check box for Use default gateway on remote network to ensure the network and internet connection are running

VPN not working server 2012

We highly recommend CyberGhost, a leading VPN provider which has not been reported with errors, so you can relax about connectivity and enjoy enhanced security. Get now CyberGhost (currently 77% off) on the official webpage.

2. Error 800

This error displays as: The remote connection was not made because the attempted VPN tunnels failed.

When this happens, the VPN server might be unreachable. If this connection is attempting to use an L2TP/IPsec tunnel, the security parameters required for IPsec negotiation might not be configured properly.

This connection failure could be because either 443 isn’t allowed on the firewall or there’s a certificate mismatch in the RRAS and IIS (default website).

To resolve this issue, do the following:

  • Ensure that 443 is allowed and sent to the Windows Server 2012, and that the correct SSL certificate is bound to the default website for the 443 port, and the same with the SSTP port.
  • If you want to know that port 443 is blocked, you need to check if you can browse RWA from outside, if you can then it is open, otherwise it is blocked.
  • To verify certificates (RRAS and IIS), open the IIS Manager on Server Essentials, and click Open Bindings for the default website.
  • Go to Site Bindings page and select the binding for port 443 with the blank host name, and click Edit

VPN not working server 2012

  • On Edit Site Binding page, click View

VPN not working server 2012

  • On Certificate Windows, chose Details and make a note of the Thumbprint of the certificate.
  • You can also use this PowerShell command to display the thumbprint of the certificate active on the default website: Get-WebBinding | Where-Object {$_.bindinginformation -eq “*:443:”} | fl certificateHash
  • Open Routing and Remote Access Management, right-click the server name, open its properties

VPN not working server 2012

  • Click on the Security and click View next to the Certificate. You should have the same certificate thumbprint here as well.

Note: If this is a different certificate, change the certificate to match the one on the IIS. Otherwise, you may use this command to modify the thumbprint of this certificate for the Secure Socket Tunneling Protocol (SSTP) Service: reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SstpSvc\Parameters /v SHA1CertificateHash /t REG_BINARY /<thumbprint recorded from previous step> /f

Once you ensure that the certificate on the Default Web Site and SSTP are the same, the problem should go away.

3. Error 720

This error displays as: A connection to the remote computer could not be established. You might need to change the network settings for this connection.

If VPN client is unable to obtain an IP address from the VPN server, then you may get Error 720 when the VPN is not working with server 2012.  In Server Essentials, usually the DHCP is hosted on a different device.

To resolve this error, do the following:

  • Open Routing and Remote Access console
  • Open the server Properties.

VPN not working server 2012

  • On the server properties, assign a valid static IPv4 address pool for the VPN clients, and exclude it from DHCP server scope.

Note: On certain occasions, it has been noted that the on-premise client would show connected to the hosted Windows Server 2012 R2 Essentials, however there may not be any connectivity the between the VPN client and the Server Essentials. In such scenarios, enable and analyze additional Routing and Remote Access information logs at the %windir%\tracing directory.

Moreover, you can also check the events for RemoteAccess-MgmtClient and RemoteAccess-RemoteAccessServer on the Event Viewer.

VPN not working server 2012

Did any of these solutions help with the VPN not working server 2012 issue on your computer? Let us know by leaving a comment in the section below.