{"id":3822,"date":"2018-12-21T08:04:19","date_gmt":"2018-12-21T08:04:19","guid":{"rendered":"https:\/\/pariswells.com\/blog\/?p=3822"},"modified":"2018-12-21T08:23:43","modified_gmt":"2018-12-21T08:23:43","slug":"meraki-vpn-the-remove-connection-was-denied-because-the-username-and-password-combination-ad-auth","status":"publish","type":"post","link":"https:\/\/pariswells.com\/blog\/research\/meraki-vpn-the-remove-connection-was-denied-because-the-username-and-password-combination-ad-auth","title":{"rendered":"Meraki VPN – The remove connection was denied because the username and password combination – AD Auth"},"content":{"rendered":"

Trying to authenticate a user with their AD credentials and the error displayed<\/p>

The remote connection was denied because of the username and password combination<\/p>

\"\"<\/p>

In the Event Log on the Meraki\u00a0<\/p>

\"\"<\/p>

 <\/p>

Also saw these errors<\/p>

msg: invalid DH group 19.
\u00a0msg: invalid DH group 20.<\/p>

msg: failed to begin ipsec sa negotiation.<\/p>

You need a TLS Certificate on the Domain Controller and Radius server for Communication , run the below powershell\u00a0<\/p>

New-SelfSignedCertificate -DnsName domaincontroller.domain.local -CertStoreLocation cert:\\LocalMachine\\My<\/pre>
This will create a cert for you in Personal \/ Certificates for the Local Computer<\/p>
You will need to use the MMC to copy this to the Trusted Root Certification Authorities<\/p>
\"\"<\/p>
 <\/p>
I also has issues with Radius with the error :\u00a0msg: failed to begin <\/strong>ipsec sa negotiation.<\/strong><\/p>
After following these settings :\u00a0https:\/\/documentation.meraki.com\/MX\/Client_VPN\/Configuring_RADIUS_Authentication_with_Client_VPN<\/a><\/p>
In the end I had to Clear out the Conditions in the network polices ( Specifically the Calling Station ID ) and re-add<\/p>","protected":false},"excerpt":{"rendered":"
Trying to authenticate a user with their AD credentials and the error displayedThe remote connection was denied because of the username and password combinationIn the Event Log […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[2780,909,2460,2781,2782,2779,2778,1351],"class_list":["post-3822","post","type-post","status-publish","format-standard","hentry","category-research","tag-auth","tag-certificates","tag-meraki","tag-msg-failed-to-begin-ipsec-sa-negotiation","tag-radius","tag-self-signed","tag-trusted-root-certification-authorities","tag-vpn"],"aioseo_notices":[],"aioseo_head":"\n\t\t\n\t\n\t\n\t\n\t\n\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t