Please note that RAS VPN Setup Wizard is a free tool that is provided as-is. We do not offer any additional product support for RAS VPN beyond the information found in this knowledge base.
You want to troubleshoot why a connection is failing to the RAS VPN Server.
Note* This is separate from the RAS VPN Setup Wizard, The RAS VPN Setup Wizard sets up the RAS and NPS roles. Use this to troubleshoot connections after configuration was successful. These logs are generated from the Windows Server Role RRAS.
Initially before logging a connection ensure you can communicate from the external client to the RAS VPN server by running a PowerShell command to test the connection and port it uses. The RAS VPN HostName will be the same as what you entered during the RAS VPN Setup Wizard and also needs to be able to resolve the IP externally. Run these commands from the client.
NSLookup "RAS VPN hostname"
Test-NetConnection -computername "RAS VPN hostname" -port 443
Then we need to ensure that the logs will fill up with the info we want to see. Open the RAS Server properties by right-clicking the Server Name. Open the Logging Tab and ensure these boxes are checked. If you have trouble finding the RAS console shortcut look in the Administrative Tools link.
Then once this is complete we will need to kick off the logging by a tracing command. While it is tracing do the thing that makes the failure. Then stop the logging of the stuff. Below are bullet points with these steps.
Make the things make the logs.
- To enable RAS logs run command “netsh ras set tracing * enabled”
- Now run the scenario that is failing.
- Now flush the RAS logs by “netsh ras set tracing * disabled” command.
- Check the logs at %windir%\tracing directory (example path C:\windows\tracing) .
- The files you want to check out will end with .log extension and can be viewed in your favorite text editor.
- Review the logs after you have stopped the tracing
Also, you can search the Event viewer and find the events created by RemoteAccess to troubleshoot the issue.