SOLVED: VPN won’t work on Windows Server 2012

Milan Stanojevic
by Milan Stanojevic
Deputy Editor
0 Comments
Download PDF
Affiliate Disclosure

  • Installing and configuring your VPN on a Windows Server 2012 should be hassle-free.
  • If the VPN won't work, then you should use our quick fixes for the error you’re encountering.
  • In case of looking for similar handy tips, feel free to check out VPN Errors & Solutions.
  • It’s most likely in your best interest to also bookmark our VPN Troubleshooting Hub.
VPN won't work

A VPN can be installed and configured on a Windows Server 2012 by running the Setup Anywhere Access wizard and selecting the VPN option.

When you choose to enable this option using the wizard, roles or features such as Remote Access, DirectAccess and VPN (RAS), IP and Domain Restrictions, IIS Management Scripts and Tools, Network Policy and Access Services Tools, and Windows Internal Database are installed on the server.

It is also possible to enable these roles and/or features from the Server Manager or PowerShell command-lets, but it is however recommended to enable it through the wizard itself.

Windows Server 2012 allows client machines to join their server without being in the company network through the Remote Domain Join feature.

So, if VPN is enabled on the server, you can connect a remote client to the local network via your VPN, and run the Connect wizard then join the remote client to the server – a simple and straightforward process.

It is important to note, however, that the Server 2012 automatically manages to route for the VPN, so Routing and Remote Access (RRAS) UI is hidden on the server to prevent tampering of these settings.

VPNs are also deployed such that there’s little need for manual configurations on the server or client.

If correct TCP ports are open on the firewall and sent to the server, and the VPN was enabled while running the wizard, the VPN should work instantly, with proper protocols selected.

Users of the Windows Server 2012 have reported concerns when their VPN is not working with server 2012, and this article looks at some of the common issues and their solutions.

What can I do if VPN won’t work on Windows Server 2012?

  1. Error 850
  2. Error 800
  3. Error 720

1. Error 850

  1. Go to your VPN’s settings on the Networking tab of the VPN connection, open the properties of IPv4, and click Advanced.
  2. Under Advanced TCP/IP settings, clear the checkbox for Use default gateway on remote network to ensure the network and Internet connection are running.

VPN not working server 2012

When this error displays, the message reads: The Extensible Authentication Protocol type required for authentication of the remote access connection is not installed on your computer.

If you set up the VPN connection manually, then you’ll get this error when VPN is not working with server 2012.

This error shows that none of the protocols have been selected in the VPN connection properties, so to fix this, you need to select Allow these protocols on the Security tab of the VPN connection.

Microsoft CHAP Version 2 (MS-CHAP v2) would be automatically selected if you click this option, then click OK to apply the changes.

If you get Internet or network resource access issues, you could be using the default gateway of the remote network. Use the steps detailed above to fix this in no time.

2. Error 800

  1. Ensure that 443 is allowed and sent to the Windows Server 2012 and that the correct SSL certificate is bound to the default website for the 443 port and the same with the SSTP port.
  2. If you want to know that port 443 is blocked, you need to check if you can browse RWA from outside, if you can then it is open, otherwise it is blocked.
  3. To verify certificates (RRAS and IIS), open the IIS Manager on Server Essentials, and click Open Bindings for the default website.
  4. Go to Site Bindings page and select the binding for port 443 with the blank hostname, and click Edit.VPN not working server 2012
  5. On Edit Site Binding page, click View.VPN not working server 2012
  6. On Certificate Windows, chose Details and make a note of the Thumbprint of the certificate.
  7. You can also use this PowerShell command to display the thumbprint of the certificate active on the default website:  Get-WebBinding | Where-Object {$_.bindinginformation -eq "*:443:"} | fl certificateHash
  8. Open Routing and Remote Access Management, right-click the server name, open its properties.VPN not working server 2012
  9. Click on the Security and click View next to the Certificate. You should have the same certificate thumbprint here as well.

Note: If this is a different certificate, change the certificate to match the one on the IIS. Otherwise, you may use this command to modify the thumbprint of this certificate for the Secure Socket Tunneling Protocol (SSTP) Service:

reg add HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSstpSvcParameters /v SHA1CertificateHash /t REG_BINARY /<thumbprint recorded from previous step> /f

This error displays as The remote connection was not made because the attempted VPN tunnels failed.

When this happens, the VPN server might be unreachable. If this connection is attempting to use an L2TP/IPsec tunnel, the security parameters required for IPsec negotiation might not be configured properly.

This connection failure could be because either 443 isn’t allowed on the firewall or there’s a certificate mismatch in the RRAS and IIS (default website).

To resolve this issue, pay attention to the guidelines above.

Once you ensure that the certificate on the Default Web Site and SSTP are the same, the problem should go away.

3. Error 720

  1. Open Routing and Remote Access console.
  2. Open the server Properties.VPN not working server 2012
  3. On the server properties, assign a valid static IPv4 address pool for the VPN clients, and exclude it from DHCP server scope.

Note: On certain occasions, it has been noted that the on-premise client would show connected to the hosted Windows Server 2012 R2 Essentials.

However there may not be any connectivity between the VPN client and the Server Essentials.

In such scenarios, check the events for RemoteAccess-MgmtClient and RemoteAccess-RemoteAccessServer on the Event Viewer.

VPN not working server 2012

This error displays as A connection to the remote computer could not be established. You might need to change the network settings for this connection.

If a VPN client is unable to obtain an IP address from the VPN server, then you may get Error 720 when the VPN is not working with server 2012.

In Server Essentials, usually, the DHCP is hosted on a different device.

Did any of these solutions help with the VPN not working server 2012 issue on your computer? Let us know by leaving a comment in the section below.

FAQ: Learn more about Windows Server 2012

  • How do I set up a VPN Server 2012?

This can be easily done by running the Setup Anywhere Access wizard and simply selecting a great VPN solution.

  • What is VPN in Windows Server 2012?

A virtual private network is your connection to another network over the Internet. Some operating systems have integrated VPN support.

When this doesn’t happen, VPNs can be installed and configured. That’s what you can clearly do on Windows Server 2012.

  • Is Windows Server 2012 r2 still supported?

Yes, it’s still supported. The end-of-extended support date for Windows Server 2012 r2 is Oct. 10, 2023.

Editor’s Note: This post was originally published in March 2018 and has been since revamped and updated in May 2020 for freshness, accuracy, and comprehensiveness.