Microsoft KB Archive/822649

= Users cannot negotiate a connection when a remote access policy forces them to use L2TP =

Article ID: 822649

Article Last Modified on 12/25/2006

-

APPLIES TO


 * Microsoft Windows XP Professional
 * Microsoft Windows XP Home Edition

-



SYMPTOMS
When you create a remote access policy that forces some remote users to log on the network by using a Layer-2 Tunneling Protocol (L2TP) connection, they cannot connect to the remote access server.



CAUSE
This issue may occur if all the following conditions are true:
 * You have both the L2TP and Point to Point Tunneling Protocol (PPTP) enabled on the remote access server.

-and-
 * You configure the remote access policy to permit users remote access to the network only if they use an L2TP connection.

-and-
 * The remote access client computers have the Automatic option selected in the Type of VPN list on the Networking tab in the properties of the remote access connection.



RESOLUTION
To resolve this issue, specify the connection type you want to permit in the properties of the remote access connection on the client computers. To do so, follow these steps:
 * 1) On the client computer, click Start, click Control Panel, click Switch to Classic View if classic view is not already in use, and then double-click Network Connections.
 * 2) Right-click the remote access connection, and then click Properties.
 * 3) Click the Networking tab.
 * 4) In the Type of VPN list, click L2TP IPSec VPN, and then click OK.



MORE INFORMATION
With the Automatic option in the remote access connection properties, the client computer first authenticates by using the default protocol. In Windows XP, PPTP is the default protocol. If Windows cannot negotiate a connection by using the default protocol, Windows tries the next protocol. In Windows XP, this is L2TP. However, if a user is denied access when they negotiate a connection by using the default protocol, Windows does not try to negotiate a connection by using the other protocol.

Additional query words: vpn access denied permission dial-up dial in

Keywords: kbprb KB822649

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.