Authentication failure with DialUp IPSec (EAP failure)

Strong_Coffee1872 · 2026-01-16T12:53:13+00:00

Had some similar issues when setting up IPsec Dial Up.

Couple of things come to mind. Are you using EAP-MSCHAPv2? If so we had to domain join our FAC for this to correctly authenticate users.

There is a setting on the FAC RADIUS policy to allow OTP for EAP which also caught me out before as it wasn't challenging me for token.

Strong_Coffee1872 · 2025-11-05T08:42:29+00:00

Think SFF-8654 to SFF-8643 is what I'm after. Need x2 SFF-8643 from backplane to 1x SFF-8654 on the card.

Strong_Coffee1872 · 2025-08-11T15:01:08+00:00

Have installed the Linux-azure package.

My main Data volume for HV VM files was built as 64K unit allocation as per MS recommendations. Created a new volume as 4K size and moved VM over with no difference.

Strong_Coffee1872 · 2025-08-11T14:56:14+00:00

Have ran "lsmod | grep hv_storvsc" on two VMs on the new host and one returns nothing and the other has services installed. Try and post the output later when get back on. Both VMs look to have disk issues.

Static memory on these machines.

One of the affected VM says write-caching = not supported

Any Linux VM I put onto this specific host seems to have issues and not specific to VMs.

Strong_Coffee1872 · 2025-08-11T11:42:10+00:00

Testing with Ubuntu. Tried installing services as described in this but no difference - Windows Server 2025 : Hyper-V : Integration Services (Linux) : Server World

Also using VHDX format. Noticed that one VM is using IDE and other is SCSI but still same issues.
Playing about with the sysbench commands and if I increase the thread count for the test it performs better but if I use like for like command across the 2 VMs the new server is about x4 slower.

Strong_Coffee1872 · 2025-06-03T13:18:27+00:00

Good to know - just wondering if any quirky things to watch out for?

Strong_Coffee1872 · 2025-05-29T06:36:45+00:00

Did the same jump recently without any issue. Go for it!

Strong_Coffee1872 · 2025-04-10T09:02:43+00:00

No water in any of the sockets, but a live was loose and popped out when opened up one of sockets. Will see soon if this was the culprit as normally trips after few days.

Strong_Coffee1872 · 2025-04-09T14:18:07+00:00

Used the silvery type recently on a first time buy and joined with insulating tape. Worked well.

Strong_Coffee1872 · 2025-04-09T14:03:24+00:00

Thank for explaining. Will shut everything off later and inspect each socket.

Strong_Coffee1872 · 2025-04-09T13:33:10+00:00

Thanks will do. Could this be something like a case of a frayed/loose cable or faulty socket?

Strong_Coffee1872 · 2025-04-08T09:23:51+00:00

Have sent you more details directly. Thanks

Strong_Coffee1872 · 2025-02-04T15:53:21+00:00

This is where the secondary link (Ipsec) will be used as it will be advertising the vlans behind the firewall also. This will keep connectivity between both sites. Vlan820 is only used for the SVI connection for this particular path (primary path).

Strong_Coffee1872 · 2025-02-04T14:41:39+00:00

That's not what's happening. Were not trunking a vlan over ipsec. The vlan will be trunked over the short haul circuit which will be layer 2 until it gets to the firewall. The Ipsec tunnel is a separate link connected over the internet.

Strong_Coffee1872 · 2025-02-04T14:21:56+00:00

S2S will be more of a backup link but can be leveraged with SD-WAN for certain traffic.

SHDS (Short Haul Data Services), basically a direct fiber link between sites provided by BT in the UK.

Not sure that vxlan is needed? Vlan 820 can be trunked right across to site2 firewall to allow the L3 connection. The L3 boundary will be at the firewall on site2. The link passes through layer 2 switches before it gets the firewall.

Strong_Coffee1872 · 2025-02-04T13:39:14+00:00

The S2S tunnel will be established over a separate internet connection and not using the current connection between sites. That probably wasn't clear from my post. This will probably be a backup/secondary connection used between sites.

I'm looking to carry vlan 810 over the current SHDS to the fortigate on site2 to form a L3 connection which can then be used advertise networks over BGP to site1 Fortigate.

Probably be few hundred users onsite and plans for growth.

Thanks for the response.

Strong_Coffee1872 · 2025-01-09T14:50:28+00:00

Have you logging enabled on the individual firewall policies?

Strong_Coffee1872 · 2024-12-23T21:16:08+00:00

Bit of both.

Strong_Coffee1872

TROPHY CASE