I have an RB2011UiAS router that acts as a VPN concentrator and uses RADIUS authentication for user accounts to a Windows Server 2012r2 NPS (RADIUS) server. Everything has been working great for months via PPTP. Recently, I decided to upgrade my VPN to SSTP for its obvious advantages. After a bit of fiddling, I managed to get the SSTP server up and running using a StartSSL certificate. The odd thing is that only user accounts defined in the Mikrotik router actually work. User accounts that rely on RADIUS authentication mange to negotiate connection, authenticate the user, then fail at the "Registering your computer in the network" step. On my Windows 7 computer, I receive the message "Registering your computer on the network... Error 734: The PPP link control protocol was terminated." Logic tells me that this has got to be something I misconfigured in NPS because it works with locally defined accounts but I have no idea where to begin in troubleshooting.

Any help or direction is greatly appreciated.

Thanks!

Check your encryption settings.

MikroTik - you profiles (match what you have in windows, mostly likely set encryption to 'required')

Windows - check you NPS network policy that it is matching and ensure you have supported encryption methods in there

Starting with Windows 2012, you have to store AD passwords using reversible encryption. Then it'll work. I had this issue too.

I believe you can do it on a user by user basis, or set it in Group Policy, reboot the server and manually reset the password for each user so it's stored as reversible encryption.