User SYSTEM dialed a named login that failed

0

Some VPN-related errors you may encounter on your Windows 11 or Windows 10 computer include; VPN error 789, L2TP connection attempt failed, VPN error 633, Error 13801, IKE authentication credentials are unacceptable, VPN error 691. In this article, we provide the most suitable solutions to resolve the error message . User SYSTEM dialed a named login that failed when trying to establish a VPN connection.

When this issue occurs because the VPN client fails to connect to the VPN server, you will receive the full error message along the following lines;

VPN connection

Unable to connect to VPN connection
A connection to the remote computer could not be established. You may need to change the network settings for this connection.

WHERE

Unable to connect to [connection name]. The network connection between your computer and the VPN server could not be established because the remote server is not responding. This may be because one of the network devices (e.g. firewall, NAT, routers, etc.) between your computer and the remote server is not configured to allow VPN connections. Please contact your administrator or service provider to determine which device may be causing the problem.

Also, the Application Event Log as shown in the intro image above logs the below error message with event ID 20227 from source RasClient (which mentions the error 720 or error 809):

The user [username] composed a named connection [connection name] who failed

This issue indicates a VPN timeout, which means the VPN server did not respond. In most cases, the view error is directly related to network connectivity, but sometimes other factors can be the culprit here.

User SYSTEM dialed a named login that failed

If you have met User SYSTEM dialed a named login that failed error on your Windows 11/10 PC, you can try our recommended solution below in no particular order to fix the problem on the system.

  1. Delete other VPN connections
  2. Temporarily disable the firewall
  3. Enable IKEv2 Fragmentation Support
  4. Reinstall WAN Miniport (IP) Interface Drivers
  5. Disable third-party filter driver
  6. Enable Remote Access IP ARP Driver

Let’s take a look at the description of the process involved regarding each of the listed solutions.

Before proceeding with the solutions below, on the server side, check if any of the following issues occur:

  • The pool of static IP addresses is exhausted.
  • The DHCP server for RRAS is not available or its range is exhausted.
  • The static IP address configured in Active Directory user properties cannot be assigned.

Additionally, check the following:

  • For name resolution, make sure the VPN server’s public hostname matches the correct IP address.
  • For firewall and load balancer configuration, confirm that the edge firewall is configured correctly and ensure that the virtual IP address and ports are configured correctly and health checks succeed. Inbound TCP port 443 is required for Secure Socket Tunneling Protocol (SSTP) and inbound UDP ports 500 and 4500 (to be delivered to the same backend) are required for Internet Key Exchange Protocol version 2 (IKEv2). Make sure all NAT rules forward traffic to the correct server.

1]Delete other VPN connections

Delete VPN connection

You can start troubleshooting to fix User SYSTEM dialed a named login that failed error on your Windows 11/10 PC by deleting other VPN connections; assuming you have multiple VPN connections configured on your system.

To perform this task, follow the instructions in the guide on how to remove a VPN via Network Connections, Windows Settings, Command Prompt, or PowerShell.

2]Temporarily disable the firewall

Disable firewall

It could be that the firewall between the client and the server is blocking the ports used by the VPN tunnel, hence the current error. In this case, to fix the problem, you can temporarily disable any third-party security software installed and running on your Windows 11/10 system.

Disabling any third-party security software on your computer largely depends on the security software you have installed. Refer to the instruction manual. Typically, to disable your antivirus/firewall software, locate the program’s icon in the notification area or system tray or taskbar corner overflow, right-click the icon and choose the option to disable or quit the program.

If you don’t have a third-party dedicated firewall running on your system, you can disable Windows Defender Firewall. Once disabled, try to establish the VPN connection again; if successful, you can re-enable your antivirus/firewall.

3]Enable IKEv2 fragmentation support

The IKEv2 protocol includes support for packet fragmentation at the IKE layer. This eliminates the need to fragment packets at the IP layer. If IKEv2 fragmentation is not configured on both the client and the server, you are likely experiencing the current issue. IKEv2 is generally supported on many firewalls and VPN devices. For configuration guidance, refer to the vendor’s documentation.

IKEv2 fragmentation was introduced in Windows 10 1803 and is enabled by default – no client-side configuration required. On the server side, IKEv2 fragmentation (enabled via a registry key) was introduced in Windows Server 1803 and is also supported in Windows Server 2019 for Windows Server Routing and Remote Access (RRAS) servers.

To enable IKEv2 fragmentation on supported Windows servers, follow these steps:

New-ItemProperty -Path “HKLM:SYSTEMCurrentControlSetServicesRemoteAccessParametersIkev2” -Name EnableServerFragmentation -PropertyType DWORD -Value 1 -Force
  • Exit the PowerShell console when the command runs.

4]Reinstall WAN Miniport (IP) Interface Drivers

Reinstall WAN Miniport (IP) Interface Drivers

To reinstall the WAN Miniport (IP) interface driver on your Windows 11/10 device, follow these steps:

  • hurry Windows key + R to invoke the Run dialog box.
  • In the Run dialog box, type devmgmt.msc and press Enter to open Device Manager.
  • Now scroll down the list of installed devices and expand the Network adapters section.
  • Right-click one after the other on all the network adapters whose name begins with “WAN Miniport” then select Uninstall device. Here are some adapters you can observe:
    • Miniport WAN (IP)
    • WAN Miniport (IKEv2)
    • Miniport WAN (IPv6)
    • Miniport WAN (GRE)
    • Miniport WAN (L2TP)
    • WAN miniport (network monitor)
    • Miniport WAN (PPPOE)
    • Miniport WAN (PPTP)
    • Miniport WAN (SSTP)
  • Once you have uninstalled the devices, from the Device Manager menu bar, select action > Check for hardware changes to automatically reinstall your WAN Miniport devices.
  • Quit Device Manager when you’re done.

5]Disable third-party filter driver

To perform this task, you must first get the network adapter binding on the client. Proceed as follows:

  • Open PowerShell in elevated mode.
  • In the PowerShell console, type or copy and paste the command below and press Enter to search for the name value of Miniport WAN (IP) interface.
Get-NetAdapter -IncludeHidden | Where-Object {$_.InterfaceDescription -eq "WAN Miniport (IP)"}
  • Then run the following command and replace the placeholder by the actual value of the name (for example; Local Area Connection 6) checked from the above command.
Get-NetAdapterBinding -Name "" -IncludeHidden -AllBindings
  • After running the command and from the output you see that a third party filter driver is linked or enabled with ComponenetID you can run the following command to disable the driver:
Disable-NetAdapterBinding -Name "" -IncludeHidden -AllBindings -ComponentID 
  • Quit PowerShell when you’re done.

6]Enable Remote Access IP ARP Driver

This solution also requires you to get the NIC binding on the client first, as described above. Proceed as follows:

  • Open PowerShell in elevated mode.
  • Perform the first two tasks above to get the NIC binding on the client.
  • After that, from the output, if you see that ms_wanarp ComponentID for Remote Access IP ARP Driver is disabled or false, you can run the following command to enable the driver:
Enable-NetAdapterBinding -Name "" -IncludeHidden -AllBindings -ComponentID ms_wanarp
  • Quit PowerShell when you’re done.

That’s it!

Similar item: VPN connection error 800 – Remote connection could not be established because VPN tunnel attempts failed

How do I fix the network connection between my computer and the VPN server?

If the connection between your computer and the VPN has been interrupted, you can try the following suggestions and see if you can reestablish the connection:

  • Temporarily disable your antivirus/antimalware software and firewall.
  • Restart your router and temporarily disable its firewall.
  • Switch to a wired connection.

How to fix Windows 10 not connecting to IPsec L2TP VPN servers?

To fix Unable to connect to VPN, the L2TP connection between your computer and the VPN server could not be established on Windows 10, try the following suggestions:

  • Make sure the required L2TP/IPsec ports are enabled on the VPN server side.
  • Connect to the VPN through another device or network.
  • Delete and recreate the VPN connection.

Happy computing!

Share.

Comments are closed.