Error When Trying to Use Windows Server 2016 Native VPN Client to Connect to Fortigate VPN

cnrdvdsmt

4/12/24, 2:03 PM

Good day all.

I am stuck trying to troubleshoot an error on windows server 2016 using the native vpn client to connect to a fortigate VPN that I had setup.

Initially I was having errors to due with error 789 for which I re-enabled and set to automatic start both the IKE/IPSEC Keying service and the IPSEC policy agent.

After this I tried to connect again to the VPN server, but this time it is giving me a different error:

Can't connect to <VPN Name>. The modem or other connecting device has reported an error.

I know that an obvious fix would be to use forticlient for windows, however due to restrictions on this production server, it has not allowed to be installed.

I have tried updating the drivers for the WAN Miniport associated with the VPN connection but still I getting the same error.

This specific server is also running on ESXI 6.0 with a single virtual NIC.

Please let me know of any tips or methods of getting this machine to connect to the VPN.

Thank you!

126

1 + 1

windows-server-2016

TomTom

4/12/24, 2:16 PM

Questions seeking installation, configuration or diagnostic help must include the desired end state, the specific problem or error, sufficient information about the configuration and environment to reproduce it, and attempted solutions. Questions without a clear problem statement are not useful to other readers and are unlikely to get good answers.

Score:0

Server

bjoster

4/12/24, 3:58 PM

A lot of thing can go wrong here; look at your Fortnet logs for (some) more details (enable Debug-Logs for verbose output).

In my (last) case it was NAT-T. Windows Server 2016+ does not enable NAT traversal by default.

You can enable NAT-T on Windows through the registry:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent]
"AssumeUDPEncapsulationContextOnSendRule"=dword:00000002

Reboot your maschine after changing this setting.

+ 3

cnrdvdsmt

4/12/24, 5:54 PM

hey @bjoster I checked the VPN logs on the fortigate device and the error coming up when I try to connect the windows server is ``` no ip addresses left to assign in virtual domain:root ``` I edited the registry with the fix you suggested but still no luck even after a reboot...thank you though because I believe you have pointed me in the right direction for troubleshooting

bjoster

4/14/24, 12:39 PM

`no ip addresses left to assign` smells bit like there is a IP conflict or no lease left on the fortigate side.

cnrdvdsmt

4/16/24, 11:56 PM

your initial solution was part of the fix...turns out the pool of addresses that I had assigned on the fortigate were already in use by one of my colleagues. I corrected that and was still having issues. But once I added that fix to the registry all was well. Thank you very much, would have never thought of that!

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Error When Trying to Use Windows Server 2016 Native VPN Client to Connect to Fortigate VPN

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.