I've been using AlwaysON VPN without issues for years, but I've recently run into a problem. Windows clients are now getting the connection error 13801, stating that the IKE authentication credentials are unacceptable. This issue is only happening with USER tunnels, and SSTP connections are still functioning as expected. Interestingly, I can connect to the same server without any problems using iOS devices and the same IKEv2 protocol, all with the same client certificate. This makes me think the server isn't misconfigured since iOS clients can still connect. I've checked a bunch of things: the certificates seem fine regarding Enhanced Key Usage values, the machine certificate on the RAS server isn't expired, and the trusted root certificate is present on the client. Even the subject name matches the remote computer. So, what else could be causing this problem? Any insights would be appreciated!
2 Answers
It sounds like you should check your NPS server's security event logs. They might provide more information about why the authentication is failing before hitting the server.
I've faced a similar issue, and it turned out to be related to the TPM (Trusted Platform Module). If you move the certificate to software storage instead of keeping it on the TPM, it might resolve the issue. Worth a shot!
Thanks for the tip! I'll try that on a test client to see if it changes anything.