Currently people in my office are VPN'ing with PPTP. I was made aware that is not secure and SSTP is preferable so I started changing people over to that with success. It was a learning experience for me but I was able to make the certificate on a Windows Server 2016, put it in the trusted root authority of the server, and then started setting people up one by one, putting the cert in their computers trusted root authority, and then deleting the old VPN connection and making a new one that uses SSTP. This has worked for most of the people I have done it for until now, I have one user who keeps getting the error -
The connection was prevented because of a policy configured on your RAS/VPN server. Specifically, the authentication method used by the server to verify your username and password may not match the authentication method configured in your connection profile. Please contact your Administrator of the RAS server to notify them of this error.
The weird thing is on the VPN Server side, in my event logs I see an error like this -
The following error occurred in the Point to Point Protocol module on port: VPN1-19, UserName: problematicUser. The connection was prevented because of a policy configured on your RAS/VPN server. Specifically, the authentication method used by the server to verify your username and password may not match the authentication method configured in your connection profile. Please contact the Administrator of the RAS server and notify them of this error.
This seems to me to imply that despite my setting the connection on their end to use SSTP, it's still trying to use PPTP with the other settings I had configured for SSTP and getting rejected.
I checked the Dial-In tab of this user and their Network Access Permission was set to "Allow access" as opposed to "Control access through NPS Network Policy" as it seems most other employees had it set to (I inherited this system recently). I would have though Allow access was less restrictive and wouldn't do this but it is one of the only few differences I see. Is there anything else that could be going on here? What am I missing, why would a computer keep trying to connect to VPN as PPTP even if I tell it to use SSTP?
