Aaa Authentication Failure For Client Mac: Reason: Authentication Failed

  1. Aaa Authentication Failure For Client Mac Reason Authentication Failed

Feb 23, 2018  Then I get the 'Station MAC address> authentication failed' message. The association tab shows the client state as 'association processing' The clients are a Silex MX-560 and a windows XP SP2 HP laptop with a intel PRO/Wireless 3945ABG internal network card.

Active5 years, 7 months ago

I try to connect to my vncserver running on CentOs from home computer,behind firewall. I have installed Win7 and Ubuntu both on this machine. Ihave an error:

VNC conenction failed: vncserver too many security failures

even when logging with right credentials (I reset passwd on CentOs) I get:authentication failure.

I observe that I have to wait a whole day to be able to relogin at all.

Is it something regarding that I try as root? I think important is alsothat I have to login to remote Centos through port 6050 - none else portworks for me. Do I have to do something with other ports? I see thatvncserver is listening on 5901, 5902 if another added - and I considerconnection is established because from time to time (long time) the passwdprompt appears,... right?

I have created additional user1, password for him to CentOS and to VNC,also user2. I do:

service vncserver start

and two servers starts, one :1, and second on :2. When I try to connect tovncserverIP:1 I get what described above, but when I try connect tovncserverIP:2 it says that the trial was unsuccessful.

please help, what to do?

additionally: how to disable this lockout for a testing purposes?

2233 gold badges5 silver badges15 bronze badges

2 Answers

VNC uses a separate password system. It does not check passwords against /etc/passwd but rather against ~/.vnc/passwd, which contains a single primary password and optionally a secondary password that allows only viewing the screen.

To set your VNC password(s), use the vncpasswd command. VNC passwords must be between five and eight characters in length – characters beyond the eighth are silently ignored. So if you are using VNC over the Internet, pick a strong, random password, as attackers may use botnets that have numerous IP addresses to circumvent the lockout while cracking your password.

If you must use VNC over the Internet, run it on a randomly chosen port number (not 5900) to avoid detection in port scans that cover only the common ports. Preferably, tunnel your VNC connection over SSH to protect yourself against eavesdropping and man-in-the-middle attacks. If you do this, you should set vncserver to not accept connections from the Internet, disable password-only authentication on the SSH service and use public-key authentication to protect against common brute-force password cracking attempts.

Restarting vncserver should reset the lockout. The manual page does not mention any way to disable the (already inadequate?) lockout entirely.

3,8661 gold badge14 silver badges23 bronze badges

I had this VNC lockout problem. I solved it by installing the gufw firewall.

4,65732 gold badges79 silver badges117 bronze badges
6303 gold badges16 silver badges30 bronze badges

Not the answer you're looking for? Browse other questions tagged tightvnc or ask your own question.

Active1 year, 11 months ago

When trying to connect to a VPN server, I get the 691 error code on the client, which say:

Error Description: 691: The remote connection was denied because the user name and password combination you provided is not recognized, or the selected authentication protocol is not permitted on the remote access server.

I validated that the username and password are correct. I also installed a certification to use with the IKEv2 security type. I also validated that the VPN server support security method.

But I cannot login. In the server log I get this log:

Network Policy Server denied access to a user.

The user DomainNameUserName connected from IP address but failed an authentication attempt due to the following reason: The remote connection was denied because the user name and password combination you provided is not recognized, or the selected authentication protocol is not permitted on the remote access server.

Any idea of what can I do? Thanks in advance!

4363 gold badges8 silver badges15 bronze badges

5 Answers

Reason: Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.

I think that's your problem right there. Verify that the account has the correct permissions to connect remotely via RRAS. These links might help you. Note that articles that apply to 2003 may still apply to 2008r2 (according to MSFT). Also note that I make no claim to being a subject matter expert....

5,3402 gold badges24 silver badges36 bronze badges

Aaa Authentication Failure For Client Mac Reason Authentication Failed

I had this problem so I'll go ahead and tell you what it was for me. My password (given to us by our host had a $ in it). I was copy-pasting the password from an rdp shell script that had escaped the $ with a . I was mentally forgetting the reason for and thinking it was literal. I spent hours working on authentication when in reality, I need only remove the back-slash escaping of the dollar sign.

Not sure if that's your problem -- but good luck.

Michael Hampton
185k29 gold badges349 silver badges682 bronze badges
Evan CarrollAaa Authentication Failure For Client Mac: Reason: Authentication FailedEvan Carroll
1,2038 gold badges27 silver badges47 bronze badges

I solved this my changing the Dial-In properties of the user. By default it was set to managed by NPS server. Click allow access solved my issue.


As administrator, run netsh ras set trace * enable, then check C:Windowstracingsvchost_RASTLS.log

make sure you run netsh ras set trace * disable when you're done troubleshooting.

Also can check VPNIKE.log in that some folder.

Stuart SmithStuart Smith

Been having same issue. I am the admin and use my connection daily. No changes anywhere. I found a doc somewhere with a kinda similar issue and the solution was to disable IPv6 on the connection. I did it and it worked. It hasn't occurred again.


Not the answer you're looking for? Browse other questions tagged vpnwindows-server-2008-r2authenticationrrasnps or ask your own question.