Previous 1 2 3 Next 37 Replies Latest reply: Jun 20, 2013 8:59 AM by YUZA-Tom
dacary Level 1 (0 points)

Since updating our server to Lion 10.7.3 the VPN service fails to allow connections. Clients get the message 'The PPP server could not be authenticated' whilst the server generates :-


Thu Feb  2 10:06:49 2012 : DSAuth plugin: Failed to retrieve MPPE encryption keys from the password server: errno -14484, ctxt 4

Thu Feb  2 10:06:49 2012 : Fatal signal 11


I've repaired permissions and removed and reconfigured both ends with joy.


Any ideas?

  • kristin. Level 2 (235 points)

    Is this valid for L2TP as well? Since upgrading to 10.7.3 this morning, L2TP is super-flaky, rarely connecting?

  • louser Level 1 (0 points)



    I can confirm the same problem with L2TP. I don't use, nor did I add PPTP since my access is always local user. Sometimes it would connect, and sometimes not. Mostly it was 1 successful to 15 unsuccessful tries.


    I had the same error and did not have PPTP enabled (DSAuth plugin: Failed to retrieve MPPE....blah). I followed the instructions for kb/HT4748 as dacary stated - and I was able to connect with VPN without fail. I think the addition of PPTP to the service may have broken the plugin's ability to grab the encryption keys - and the command line in kb article repairs this policy.


    Hope that answers your question or confirms your suspicions.


    Good Luck!


    Edit: - I did not have to do the part about subtracting and adding the Port Forwards in my AirPort - In case you have one.


    Message was edited by: louser

  • Samuel.b Level 1 (0 points)

    Hi Guys,


    sorry for my bad English, I am from Germany...

    same problem here, but the support document linked by dacary didn't solved the problem.

    The strange thing is that I can log into VPN with my local admin account.

    So I just can't use the open directory accounts.

    Do you have any additional ideas for me?

    Every time I try to connect to the server, I get "The PPP server could not be authenticated" :-(

    Shall I try to use this command which rebuilds the authentication key?


    sudo vpnaddkeyagentuser /LDAPv3/


    Thanks for your help


  • kristin. Level 2 (235 points)

    Samuel: What OS is your client machine running? How long (how many charachters) is your shared secret? Are you using "special" characters (!@#$%^&*()'"[], etc.) in your shared secret?

  • Samuel.b Level 1 (0 points)

    Kristin: iOs devices run 5.0.1 (iPad and iPhone)

    Mac OS X Lion 10.7.3

    everything worked before I updated to 10.7.3.

    The shared secret has about 20 characters and it also has "special" characters.

  • kristin. Level 2 (235 points)

    Is there a possibility for you to change the shared secret as a test?

    Try something simple like 12345. Let me know if that works?

  • Samuel.b Level 1 (0 points)

    I have tried it and it didn't work...

    I think it goes together with a open directory problem because the local admin account works fine already with 10.7.3.

    Do you think it could be helpful to rebuild the authentication key?

    Thanks a lot for your help!


  • kristin. Level 2 (235 points)

    Are other OD-based services working correctly? Or is it just VPN? You could try rebuilding the key, or possibly rebuilding OD?

  • Samuel.b Level 1 (0 points)

    Everything else like the iCal Server workes fine...

  • kristin. Level 2 (235 points)

    Long shot, but do you have Back to my Mac running on any of your machines?

  • Samuel.b Level 1 (0 points)

    No, I think not.

    Why do you ask?

  • kristin. Level 2 (235 points)

    Well, Back to my Mac and VPN share some of the same ports, and Back to my Mac takes precedence over VPN. But, the fact that you can log in via a local user and not OD feels like it's something else. But again, the Back to my Mac thing is the only thing I can think of right now?

  • Samuel.b Level 1 (0 points)

    Yes, Back to my Mac workes. I habe tried it out.

    I have also tried to add a new OD account but the new one didn't work, too.

    Do I have to restart the VPN Server after I have rebuild the VPN authentication key?

    Or do I have to do something else after I have rebuild the key?

    Thanks for your help.


Previous 1 2 3 Next