{"id":3822,"date":"2018-12-21T08:04:19","date_gmt":"2018-12-21T08:04:19","guid":{"rendered":"https:\/\/pariswells.com\/blog\/?p=3822"},"modified":"2018-12-21T08:23:43","modified_gmt":"2018-12-21T08:23:43","slug":"meraki-vpn-the-remove-connection-was-denied-because-the-username-and-password-combination-ad-auth","status":"publish","type":"post","link":"https:\/\/pariswells.com\/blog\/research\/meraki-vpn-the-remove-connection-was-denied-because-the-username-and-password-combination-ad-auth","title":{"rendered":"Meraki VPN – The remove connection was denied because the username and password combination – AD Auth"},"content":{"rendered":"

Trying to authenticate a user with their AD credentials and the error displayed<\/p>

The remote connection was denied because of the username and password combination<\/p>

\"\"<\/p>

In the Event Log on the Meraki\u00a0<\/p>

\"\"<\/p>

 <\/p>

Also saw these errors<\/p>

msg: invalid DH group 19.
\u00a0msg: invalid DH group 20.<\/p>

msg: failed to begin ipsec sa negotiation.<\/p>

You need a TLS Certificate on the Domain Controller and Radius server for Communication , run the below powershell\u00a0<\/p>

New-SelfSignedCertificate -DnsName domaincontroller.domain.local -CertStoreLocation cert:\\LocalMachine\\My<\/pre>
This will create a cert for you in Personal \/ Certificates for the Local Computer<\/p>
You will need to use the MMC to copy this to the Trusted Root Certification Authorities<\/p>
\"\"<\/p>
 <\/p>
I also has issues with Radius with the error :\u00a0msg: failed to begin <\/strong>ipsec sa negotiation.<\/strong><\/p>
After following these settings :\u00a0https:\/\/documentation.meraki.com\/MX\/Client_VPN\/Configuring_RADIUS_Authentication_with_Client_VPN<\/a><\/p>
In the end I had to Clear out the Conditions in the network polices ( Specifically the Calling Station ID ) and re-add<\/p>","protected":false},"excerpt":{"rendered":"
Trying to authenticate a user with their AD credentials and the error displayedThe remote connection was denied because of the username and password combinationIn the Event Log […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[2780,909,2460,2781,2782,2779,2778,1351],"class_list":["post-3822","post","type-post","status-publish","format-standard","hentry","category-research","tag-auth","tag-certificates","tag-meraki","tag-msg-failed-to-begin-ipsec-sa-negotiation","tag-radius","tag-self-signed","tag-trusted-root-certification-authorities","tag-vpn"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/3822","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/comments?post=3822"}],"version-history":[{"count":3,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/3822\/revisions"}],"predecessor-version":[{"id":3831,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/3822\/revisions\/3831"}],"wp:attachment":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/media?parent=3822"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/categories?post=3822"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/tags?post=3822"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}