As you learned in the Part II, a VPN client and VPN server must support the same tunneling protocol. In addition to a common tunneling protocol, both client and server must support a common authentication method. If the client is not configured to use an authentication method that the VPN server supports, you will see an Error 919 message.

Check the authentication protocols allowed by the client in Advanced Security Settings, accessed via the Security tab of the VPN connection properties sheet. Note that the Vista client can be configured to use EAP or to allow any or all of the standard authentication methods supported by other Microsoft operating systems. If you have chosen to use EAP, you can choose either Smart Card Or Other Certificate-Based Authentication or MD5 Challenge.

Remote access policies on the VPN server can also be responsible for this error message.

Another reason your VPN connection may fail is a mismatch between data encryption requirements on the client and server. In the Vista client’s Advanced Security Settings, you can choose one of the following:

  • No Encryption Allowed (The server will immediately disconnect during the negotiation if its own settings require encryption.)
  • Optional Encryption (A connection will be made regardless of the server’s encryption settings.)
  • Require Encryption (If the server is set not to allow encryption, it will disconnect.)

A mismatch will result in an Error 742 message. As with authentication protocols, Vista encryption settings are changed via the Advanced Security Settings property sheet. Because the default setting is to Require Encryption, if you get this error message, you should always check out the possibility that the VPN server is set not to allow encryption.