Always On VPN, IKEv2 - Authentication failed due to an EAP session timeout

Simon Belmont 10 Reputation points
2024-04-21T08:03:41.3633333+00:00

In our AlwaysOnVPN environment clients are having certain issues when making an IKEv2 connection. The first couple of connection attempts give this error (before a successful connection is eventually made) https://i.ibb.co/0yj7jwM/ikev2.png

Event Logs are these,

Application log on client (EventID 20227): The user Test01 dialed a connection named AlwaysOn which has failed. The error code returned on failure is 812.

NPS Server Log (EventID 6274): Authentication failed due to an EAP session timeout; the EAP session with the access client was incomplete. EventID 6274 is logged three times. (This warning/error is sometimes logged even when connection eventually succeeds)

VPN Server Log (EventID 20271 and 20255): Same error as the one in screenshot above.

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,470 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,173 questions
Windows 10 Network
Windows 10 Network
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Network: A group of devices that communicate either wirelessly or via a physical connection.
2,274 questions
Windows Server Infrastructure
Windows Server Infrastructure
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Infrastructure: A Microsoft solution area focused on providing organizations with a cloud solution that supports their real-world needs and meets evolving regulatory requirements.
515 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Simon Belmont 10 Reputation points
    2024-04-30T11:55:16.0033333+00:00

    I noticed that this only occurs when VPN server fluctuates between NPS servers. There are two NPS servers in this configuration, and when the VPN server goes from using NPS-Server01 to NPS-Server02, this issue occurs.

    EventID 6274 has no information about the following things,

    Network Policy: - (should have been name of the policy, not "dash")
    Authentication Type: - (should have been PEAP, not "dash")
    EAP Type: - (should have been Smart Card or Certificate, not "dash"

    0 comments