If you get errors when attempting to log in to the VPN with AuthAnvil Two Factor Auth, you will need to revert your VPN configuration to the original working configuration, and do a step by step configuration, testing after each step, to isolate the issue. 

1. Set the ‘Authentication’ policy in ‘VPN Access Policy’ in ‘Connection request policies’ to ‘Authenticate Requests on this Server’ rather than ‘Forward requests to the following remote RADIUS server group for authentication’ and click ‘OK’, reversing step 15 in the configuration guide.
2. Set the ‘Authentication Methods’ policy in ‘VPN Access Policy’ in ‘Network Policies’ to have the authentication methods that were in use before, and click ‘OK’, reversing step 20 in the configuration guide.
3. Restart the NPS Service.
4. Reset the settings in the VPN client to pre-AuthAnvil settings and test the VPN connection. It should succeed. If it fails, there is an issue with the NPS server or the VPN client. Troubleshoot NPS based on the error given.
5. Use the AuthAnvil Radius Test Tool, as described in the ‘Verifying Functionality’ section of the AuthAnvil RADIUS Server Implementation Guide. It should succeed. If it fails, there is an issue with the AuthAnvil Two Factor Auth Server or RADIUS Server. Troubleshoot AuthAnvil based on the error given using the RADIUS server guide. (Don’t forget to set up a shared secret between the RADIUS server and the server that you are running the test on).
6. Switch the VPN Connection over to use Active Directory passwords and MS-CHAP v2 for authentication, using steps 18 – 21 in the configuration guide. It should succeed. If it fails, there is an issue with the NPS server or the VPN client. Troubleshoot NPS based on the error given.
7. Switch the VPN connection to delegate authentication requests to the AuthAnvil RADIUS server, using steps 12 – 16 in the configuration guide. It should succeed. If it fails, there is an issue with the AuthAnvil Two Factor Auth Server or RADIUS Server. Check the application event log for events from the AuthAnvil RADIUS server service to help you troubleshoot, and check the AuthAnvil Logs in AnvilManager to see if the request made it to the AuthAnvil Two Factor Auth Server, and troubleshoot based on the log information.

Questions?

If you have any questions or need some help, we would be happy to assist. Open a case at help.scorpionsoft.com or send an email to support@scorpionsoft.com.