This article has been archived and is no longer updated by Apple.

Lion Server: VPN service does not accept connections after update

Your VPN service may stop accepting PPTP or L2TP connections after you update Lion Server or after you update from an older version of Mac OS X Server. System log messages may report issues retrieving MPPE keys.

Resolution

Use this command to reset the password policy setting for the VPN MPPE Key Access User account.

pwpolicy -a (diradmin) -u (vpn_idname) -setpolicy "isSessionKeyAgent=1"

  • Replace "(vpn_idname)" with the short name of the VPN key agent user, found in Server.app or WorkGroup Manager. In Lion Server 10.7, the short name will start with "vpn".

  • From the View menu, choose Show System Accounts to make that record visible.

  • Replace "(diradmin)" with the name of your Directory Administrator; "diradmin" (UID=1000) is the default name the system uses. Your server administrator may have assigned a different name for the DIrectory Administrator.

Learn more

This VPN issue was first identified as a PPTP connection issue. Because the L2TP and PPTP connection protocols both require proper function of the system's VPN access account, the resolution applies to either.

Learn more about configuring PPTP in Lion Server, or about enabling VPN-PPTP for LDAP in previous versions of Mac OS X Server.

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Published Date: