Lion Server: VPN service does not accept connections after update
Your VPN service may stop accepting PPTP or L2TP connections after you update Lion Server or after you update from an older version of Mac OS X Server. System log messages may report issues retrieving MPPE keys.
Use this command to reset the password policy setting for the VPN MPPE Key Access User account.
pwpolicy -a (diradmin) -u (vpn_idname) -setpolicy "isSessionKeyAgent=1"
- Replace "(vpn_idname)" with the short name of the VPN key agent user, found in Server.app or WorkGroup Manager. In Lion Server 10.7, the short name will start with "vpn".
- From the View menu, choose Show System Accounts to make that record visible.
- Replace "(diradmin)" with the name of your Directory Administrator; "diradmin" (UID=1000) is the default name the system uses. Your server administrator may have assigned a different name for the DIrectory Administrator .
This VPN issue was first identified as a PPTP connection issue. Because the L2TP and PPTP connection protocols both require proper function of the system's VPN access account, the resolution applies to either.