Please subscribe to our English RSS Feed with Tips and Trics...Please subscribe to our English RSS Feed with Tips and Trics...

Error 812 while making a VPN Connection



While making a VPN connection to a Windows 2003 server, the following error message showed up everytime. 

VPN Error 812


The message "Error 812:" during the setup of a VPN connection indicates that the authentication method used by the server to authenticate an user and password does not correspond to the method which is declared in the VPN profile as defined on the client.

The description used was (for me) not completely clear, the problem is caused by the RRAS policy which is configured on the server. The default setting of the policy declines a connection using RRAS. This is the most safe way to implement a RRAS server, but no users can use the RRAS functionalities.

To solve this problem, there are two solutions: 

  • In the is an option on the "Dial-In" page which indicates of the RRAS policy has influence on this user. When the "Allow Access" bullet is checked, users have always the possibility to create a VPN connection. By default the "Control access through Remote Access Policy" checkbox is checked. Changing this bullet is working well when working in a company with a few users but when serving a lot of users this is a tremendous job to do.Windows 2003 Dial-In tabblad
  • As said before the Remote Access Policies are by default configured in a way that no RRAS connection can be made. By changing the policy "Connections to Microsoft Routing and Remote Access Server" this default behaviour can be changed. To do so, start the Routing and Remote Access managementool which can be found by clicking Start -> Administrative Tools.

    • Messages like Error 812 will be history from now on, hopefully this tric will help you in searching for a solution for your problems. 


    Change the password complexity policy in Windows Server 2008

    After the installation of a Windows Server 2008 at a customer a user had to be created, nothing special sofar. A user without a password, that was likely more special, when we tried to change the password, the system answered with the message "The value provided for the new password does not meet the length, complexity, or history requirements of the domain".  We had to change the Password Security Policy which prevented the creation of an account without password.

    With a normal Windows Server 2008 installation the password security policy is disabled, when the server is configured as a domain controller, the policy will be enabled. When you want to disable the policy, you can not use the local security policy editor. It is simply a domain group policy that has to be changed. Follow the following steps to change the policy:

    1. Start the Group Policy Management Console (run gpmc.msc)

    2. Expand the domain, go to <Group Policy Objects> and choose <Default Domain
    Policy>

    3. Go to <Computer Configurations> <Policies> <Windows Settings>
    <Security Settings> <Account Policies> <Password Policy>

    4. Disable the password policy. 



    At the end, you allways have to search a little bit before it is done. Hopefully this tip will help you. More information on the password security policy and the problems on the message "The value provided for the new password does not meet the length, complexity, or history requirements of the domain" can be found on http://technet.microsoft.com/en-us/library/cc264456.aspx