虚拟专用网络(Virtual Private Network)或VPN用于建立受保护的连接。这些通常在Internet 上(Internet)用于更安全的浏览体验。这种连接称为VPN隧道,在本地客户端和远程服务器之间建立。
设置和运行 VPN(Setting up and running a VPN)通常是一项艰巨且具有挑战性的任务,需要专业知识和技术。当VPN 软件(VPN software)连接失败时,客户端程序会报告错误消息。此消息通常包含错误代码编号。有几种不同的VPN 错误代码(VPN error codes),但其中一些非常常见并且出现在大多数情况下。这些错误代码可以帮助您解决 VPN 问题。以下是解决许多用户面临的常见VPN错误的方法。(VPN)
虽然大多数VPN(VPNs)都涉及标准的网络故障排除程序,但某些错误代码有自己的特定解决方案。让我们开始探索如何解决常见的VPN错误代码,如691、720、721、789、800、809、609、633、0x80072746、13801和0x800704C9 。
您看到的典型消息是这样的:
The VPN connection failed with error code
或者:
The error code returned on failure is 789
在您需要知道VPN软件需要安装适当的TAP-Windows 适配器(TAP-Windows adapters )之前。大多数VPN软件会在安装过程中自动下载并安装它,但这是您应该知道的。
对常见的 VPN 错误代码进行故障排除
在这篇文章中,我们将建议如何修复VPN错误代码 800, 609, 633, 809, 13801, 691, 0x80072746, 0x800704C9, 789, 732, 734, 812 , 806, 835, 766, 13806, 0x800070040, 0x800B00040, 0x808 0x800B010F、0x80092013、0x800704D4 和 0x80072746。
1. VPN错误代码800
错误描述:(Error Description: )VPN 错误代码 800是最常见的VPN错误之一。未建立远程连接时发生VPN 800 。这通常表明VPN服务器可能无法访问;因此,消息无法到达服务器。这可能主要是由于:
- VPN服务器的名称或地址无效
- 某些网络防火墙(Network Firewall)阻止VPN流量
- 客户端设备失去与本地网络的连接。
- (IPSec)L2TP/IPSecIPSec协商在安全参数中具有不适当的配置
可能的原因:(Possible Cause: )当VPN隧道类型为“自动”并且所有(Automatic)VPN隧道的连接建立失败时,会出现错误 800
可能的解决方案:(Possible Solution:)
- 交叉检查VPN 服务器(VPN Server)地址、用户名和密码是否正确
- 设置(Set)路由器和防火墙设置以允许PPTP和VPN直通TCP 端口 1723(TCP Port 1723)和GRE 协议 47(GRE Protocol 47)必须为PPTP VPN连接打开/启用。
- 对于Windows用户,请转到VPN 属性(Properties),单击安全(Security)选项卡,然后将VPN类型(Type)更改为点对点隧道协议(Tunneling Protocol)( PPTP )
2. VPN 错误代码 609、633
错误描述:(Error Description:)
- 609: 指定了不存在的设备类型。
- 633:调制解调器或其他连接设备已在使用中或未正确配置。
可能的原因:(Possible Cause: )这是另一个最常见的VPN错误之一。当连接的VPN 设备(VPN Device)(即微型端口)配置不正确以及VPN连接使用的(VPN)TCP端口已被另一个程序使用时,通常会出现此问题。
确认微型端口的存在在提升的命令提示符中键入netcfg.exe -q <miniport name> 下面列出了不同隧道的微型端口设备名称:
- PPTP隧道:MS_PPTP
- L2TP 隧道:MS_L2TP
- VPN 重新连接(VPN Reconnect)( IKEv2 ) 隧道:MS_AGILEVPN
- SSTP 隧道:MS_SSTP
可能的解决方案:(Possible Solution:)
- 此类常见VPN错误的可能解决方案是(VPN)Windows中提供的内置诊断和修复。这是为本地创建的VPN(VPN)连接的“缺少微型端口”问题提供的。单击VPN连接的(VPN)错误(Error)页面上显示的“诊断”按钮会提供“修复”选项,如果发现问题是缺少微型端口,它将尝试自动修复问题。
- 停止(Stop)和启动(Start),远程访问连接管理器(Remote Access Connection Manager)(rasman) 服务。
- 只需(Simply)重新启动系统,然后连接到VPN。
3. VPN错误代码0x80072746
错误描述:(Error Description:) VPN错误代码0x80072746是远程主机强行关闭现有连接时常见的VPN错误之一。(VPN)
可能的原因:(Possible Cause:)当服务器机器证书绑定到HTTPS没有在VPN服务器上完成,或者服务器机器证书没有安装在VPN服务器上时,就会出现这个错误。
可能的解决方案:(Possible Solution:)
- 要解决此问题,您需要联系您的VPN服务器管理员。这是为了检查VPN(VPN)服务器上是否安装了相关的机器证书。
- 如果安装正确,您需要通过在VPN服务器命令提示符处运行以下命令来检查HTTPS绑定: (HTTPS)“netsh http show ssl”。
4.VPN错误代码809
错误信息(Error message):VPN 错误 809 –由于远程服务器没有响应,无法建立您的计算机和VPN服务器之间的网络连接。
可能的解决方案(Possible solution):在防火墙/路由器上启用端口(如上所述)。如果这不可行,请在VPN服务器和VPN客户端上部署基于(VPN)SSTP的VPN隧道——这允许VPN连接跨越防火墙、网络代理和NAT。
5. VPN错误代码13801
错误描述:(Error Description:)虽然它看起来像一个偶然的错误,但 13801 是用户面临的最常见的VPN错误之一。(VPN)当IKE身份验证凭据不可接受时,会发生此错误。
可能原因:(Possible Causes:)此错误通常出现在以下情况之一:
- 用于RAS 服务器上的(RAS Server)IKEv2验证的机器证书没有“服务器身份验证”作为EKU(增强密钥使用(Enhanced Key Usage))。
- RAS服务器上的机器证书已过期。
- 客户端上不存在用于验证RAS(RAS)服务器证书的根证书。
- 客户端上给定的VPN 服务器名称(VPN Server Name)与服务器证书的主题名称不匹配。
可能的解决方案:(Possible Solution:)很遗憾,您无法自行解决此问题。您需要联系您的VPN服务器管理员来验证并解决上述问题。要了解有关此错误的更多信息,您可以阅读路由和远程访问博客(Routing and Remote Access Blog)。
6.VPN错误代码691
错误描述:(Error Description:)一些常见的VPN错误有解决方案,即使您也可以实施。VPN 错误代码 691是此类可解决的常见VPN错误之一。由于无法识别您提供的用户名和密码组合,或者远程访问服务器上不允许选择的身份验证协议,远程连接被拒绝时发生错误。
可能的原因:(Possible Cause:)当身份验证阶段由于传递了错误的凭据而出错时,会出现此错误。
可能的解决方案:(Possible Solution:)
- 确保(Make)输入正确的用户名和密码。
- 确保(Make)在输入凭据时未打开“Caps Lock”。
- 确保(Make)在客户端上选择的身份验证协议在服务器上是允许的。
7.VPN错误代码0x800704C9
可能的原因:(Possible Cause:) VPN 错误代码 0x800704C9是常见的VPN错误之一,如果服务器上没有可用的SSTP端口,则会发生此错误。
可能的解决方案:(Possible Solution:)幸运的是,您可以自行解决此错误。首先(First),验证RAS服务器是否为远程访问配置了足够的端口。为此,请按照下列步骤操作:
- 启动路由(Routing)和远程访问 MMC(Remote Access MMC)管理单元。
- 展开服务器,右键单击端口(Ports),然后单击属性。
- 在名称(Name)列表中,单击WAN 微型端口(WAN Miniport)( SSTP ),然后单击配置(Configure)。
- 根据您的要求修改“最大(Maximum)端口”列表中显示的数字,然后单击“确定”。
注意:(Note: )默认情况下,此设备有 128 个端口可用。
- 在“端口属性(Port Properties)”对话框中,单击“确定”。
8.VPN错误代码789
错误消息(Error message):VPN 错误代码 789 – L2TP连接尝试失败,因为安全层在与远程计算机的初始协商期间遇到了处理错误。
可能的解决方案:这是在(Possible solution)L2TP/IPSec连接的IPSec协商失败时引发的一般错误。因此,请确保在客户端和服务器端都使用了正确的证书——有关更多详细信息,请参阅此博客。如果使用预共享密钥(Pre Shared Key)( PSK ),请确保在客户端和VPN服务器计算机上配置了相同的PSK 。
除了这些常见的VPN错误之外,您还可能面临其他几个VPN错误。(VPN)要查看其他VPN错误的列表、可能的原因以及可能的解决方案,请访问TechNet。这篇文章将帮助您解决VPN错误代码 732、734、812、806、835、766、13806、0x80070040、0x800B0101、0x800B0109、0x800B010F、0x80092013、0x800704D464 和 0x800727。
Common VPN error codes and solutions for Windows 11/10
A Virtual Private Network or VPN is used to make protected connections. These are often used over the Internet for a safer browsing experience. Such connections are known as VPN tunnels that are made between a local client and a remote server.
Setting up and running a VPN is often a difficult and challenging task that requires specialized knowledge and technology. When a VPN software connection fails, the client program reports an error message. This message typically includes an error code number. There are several different VPN error codes, but some of them are very common and appear in the majority of the cases. These error codes can help you fix VPN problems & issues. Here is how to troubleshoot common VPN errors that many users face.
While most of the VPNs involve standard network troubleshooting procedures, there are certain error codes that have their own specific solutions. Let’s get started and explore how to troubleshoot common VPN error codes like 691, 720, 721, 789, 800, 809, 609, 633, 0x80072746, 13801 and 0x800704C9.
The typical message you see would be something like this:
The VPN connection failed with error code
Or:
The error code returned on failure is 789
Before you need to know that VPN software requires proper TAP-Windows adapters to be installed. The most VPN software will download and install this automatically during their installation, but this is something you should know.
Troubleshoot common VPN error codes
In this post we will suggest how to fix VPN error codes 800, 609, 633, 809, 13801, 691, 0x80072746, 0x800704C9, 789, 732, 734, 812, 806, 835, 766, 13806, 0x80070040, 0x800B0101, 0x800B0109, 0x800B010F, 0x80092013, 0x800704D4 and 0x80072746.
1. VPN Error Code 800
Error Description: VPN error code 800 is one of the most common VPN errors. VPN 800 occurred when the remote connection was not made. This typically indicates that the VPN server might be unreachable; hence, the messages are failing to reach the server. This can be mainly due to:
- Invalid name or address of the VPN server
- Some Network Firewall blocks the VPN traffic
- The client device loses the connection to the local network.
- IPSec negotiations if L2TP/IPSec tunnel is being used has an inappropriate configuration in the security parameters
Possible Cause: When the VPN tunnel type is ‘Automatic’ and the connection establishment fails for all the VPN tunnels the error 800 occurs
Possible Solution:
- Crosscheck that the VPN Server address, the username, and password are correct
- Set the router and firewall settings to allow for PPTP and VPN pass-through TCP Port 1723 and GRE Protocol 47 must be opened/enabled for the PPTP VPN connection.
- For Windows users, go to the VPN Properties, click on the Security tab, and change Type of VPN to Point to Point Tunneling Protocol (PPTP)
2. VPN Error Codes 609, 633
Error Description:
- 609: A non-existing device type was specified.
- 633: The modem or other connecting device is either already in use or not appropriately configured.
Possible Cause: This is yet another one of the most common VPN errors. This issue typically occurs when the connecting VPN Device (i.e., miniport) is not configured correctly and also when the TCP port, which is used by VPN connection is already being used by another program.
To confirm the presence of miniport Type netcfg.exe -q <miniport name> in the elevated command prompt. Below listed are the miniport device name for different tunnels:
- PPTP Tunnel: MS_PPTP
- L2TP Tunnel: MS_L2TP
- VPN Reconnect (IKEv2) Tunnel: MS_AGILEVPN
- SSTP Tunnel: MS_SSTP
Possible Solution:
- The possible solution for this kind of common VPN errors is a built-in diagnostic with repair is provided in Windows. This is provided for the ‘missing miniport’ issue for VPN connections which are created locally. Clicking ‘Diagnostic’ button which is shown on the Error page of the VPN connection gives a “repair” option, which will try to fix the issue automatically, provided that it finds the issue to be miniport missing.
- Stop and Start, Remote Access Connection Manager (rasman) service.
- Simply, reboot your system, and then connect to VPN.
3. VPN Error Code 0x80072746
Error Description: VPN Error Code 0x80072746 is one of the common VPN errors when the existing connection is forcibly closed by the remote host.
Possible Cause: This error comes when the server machine certificate binding to HTTPS is not done on the VPN server, OR the server machine certificate is not installed on the VPN server.
Possible Solution:
- To resolve this issue, you need to contact your VPN server administrator. This is to check whether the relevant machine certificate is installed on the VPN server or not.
- If it is installed correctly, you need to check the HTTPS binding by running the following command at the VPN server command prompt: “netsh http show ssl”.
4. VPN error code 809
Error message: VPN error 809 – The network connection between your computer and the VPN server could not be established because the remote server is not responding.
Possible solution: Enable the port (as mentioned above) on the firewall/router. If that is not possible, deploy SSTP based VPN tunnel on both VPN server and VPN client – that allows VPN connection across firewalls, web proxies and NAT.
5. VPN Error Code 13801
Error Description: Though it looks like an occasional error, 13801 is one of the most common VPN errors that users face. This error occurs when IKE authentication credentials are unacceptable.
Possible Causes: This error usually comes in one of the following cases:
- The machine certificate used for IKEv2 validation on RAS Server does not have “Server Authentication” as the EKU (Enhanced Key Usage).
- The machine certificate on the RAS server has expired.
- The root certificate to validate the RAS server certificate is not present on the client.
- VPN Server Name as given on the client, doesn’t match with the subjectName of the server certificate.
Possible Solution: Unfortunately, you won’t be able to fix this issue on your own. You need to contact your VPN server administrator to verify and fix the above issue. To know more about this error, you can read the Routing and Remote Access Blog.
6. VPN Error Code 691
Error Description: Some of the common VPN errors have solutions that even you can implement. VPN error code 691 is one of such solvable common VPN errors. The error occurred when the remote connection was denied because the user name and password combination you provided is not recognized, or the selected authentication protocol is not permitted on the remote access server.
Possible Cause: This error is given when the authentication phase erred out because of wrong credentials being passed.
Possible Solution:
- Make sure correct username and password are typed.
- Make sure “Caps Lock” is not turned ON while typing credentials.
- Make sure the authentication protocol as selected on the client is permitted on the server.
7. VPN Error Code 0x800704C9
Possible Cause: VPN Error Code 0x800704C9 is one of the common VPN errors, and it occurs if no SSTP ports are available on the server.
Possible Solution: Thankfully, you can troubleshoot this error on your own. First of all, verify that the RAS server has sufficient ports configured for remote access. To do this, follow these steps:
- Start the Routing and Remote Access MMC snap-in.
- Expand the server, right-click Ports, and then click Properties.
- In the Name list, click WAN Miniport (SSTP), and then click Configure.
- Modify the number that appears in the Maximum ports list, as appropriate for your requirements, and then click OK.
Note: By default, 128 ports are available for this device.
- In the Port Properties dialog box, click OK.
8. VPN error code 789
Error message: VPN error code 789 – The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer.
Possible solution: This is a generic error which is thrown when the IPSec negotiation fails for L2TP/IPSec connections. So Make sure correct certificate is used both on client and server-side – for further details refer to this blog. In case Pre Shared Key (PSK) is used, make sure the same PSK is configured on the client and the VPN server machine.
Apart from these common VPN errors, there are several other VPN errors that you may face. To view the list of other VPN errors, their possible cause, and their possible solution, visit TechNet. This post will help you with VPN error codes 732, 734, 812, 806, 835, 766, 13806, 0x80070040, 0x800B0101, 0x800B0109, 0x800B010F, 0x80092013, 0x800704D4 and 0x80072746.