The Windows Club

TheWindowsClub covers authentic Windows 11, Windows 10 tips, tutorials, how-to's, features, freeware. Created by Anand Khanse, MVP.

The user SYSTEM dialed a connection named which has failed

Download Windows Speedup Tool to fix errors and make PC run faster

Some VPN-related errors you may encounter on your Windows 11 or Windows 10 computer includes; VPN Error 789, The L2TP connection attempt failed, VPN Error 633, Error 13801, IKE authentication credentials are unacceptable, VPN Error 691. In this post, we provide the most suitable solutions to resolve the error message The user SYSTEM dialed a connection named which has failed when you try to establish a VPN connection.

The user SYSTEM dialed a connection named which has failed

When this issue occurs because the VPN client fails to connect to the VPN server, you will receive the full error message along the following lines;

VPN Connection

Can’t connect to VPN Connection
A connection to the remote computer could not be established. You might need to change the network settings for this connection.

OR

Can’t connect to [connection name]. The network connection between your computer and the VPN server could not be established because the remote server is not responding. This could be because one of the network devices (e.g. firewalls, NAT, routers, etc.) between your computer and the remote server is not configured to allow VPN connections. Please contact your Administrator or your service provider to determine which device may be causing the problem.

In addition, the Application Event Log as shown in the lead-in image above, records the error message below with Event ID 20227 from the RasClient source (that mentions error 720 or error 809):

The User [username] dialed a connection named [connection name] which has failed

This issue indicates a VPN timeout, meaning the VPN server failed to respond. In most case, the error in view is related directly to network connectivity, but sometimes other factors might be the culprit here.

The user SYSTEM dialed a connection named which has failed

If you have encountered The user SYSTEM dialed a connection named which has failed error on your Windows 11/10 PC, you can try our recommended solution below in no particular order to resolve the issue on the system.

  1. Remove other VPN connections
  2. Temporarily disable Firewall
  3. Enable IKEv2 Fragmentation Support
  4. Reinstall WAN Miniport (IP) interface drivers
  5. Disable third-party filter driver
  6. Enable Remote Access IP ARP Driver

Let’s take a look at the description of the process involved concerning each of the listed solutions.

Before you proceed with the solutions below, on the server-side, check whether any of the following issues occur:

  • The static IP Pool is exhausted.
  • The DHCP server for the RRAS is not available or its scope is exhausted.
  • The static IP address that’s configured in the Active Directory user properties can’t be assigned.

In addition, check the following:

  • For Name Resolution, ensure the VPN server’s public hostname resolves to the correct IP address.
  • For Firewall and Load Balancer Configuration, confirm the edge firewall is configured properly and make sure that virtual IP address and ports are configured correctly and that health checks are passing. Inbound TCP port 443 is required for the Secure Socket Tunneling Protocol (SSTP) and inbound UDP ports 500 and 4500 (to be delivered to the same backend server) are required for the Internet Key Exchange version 2 (IKEv2) protocol. Make sure that any NAT rules are forwarding traffic to the correct server.

1] Remove other VPN connections

Remove VPN connection

You can begin troubleshooting to fix The user SYSTEM dialed a connection named which has failed error on your Windows 11/10 PC by removing other VPN connections; assuming you have configured multiple VPN connections on your system.

To perform this task, follow the instructions in the guide on how to remove a VPN via Network Connections, Windows Settings, Command Prompt, or PowerShell.

2] Temporarily disable Firewall

Disable Firewall

It could be that the firewall between the client and server is blocking the ports used by the VPN tunnel, hence the error in hand. In this case, to resolve the issue, you can temporarily disable any third-party security software installed and running on your Windows 11/10 system.

To disable any third-party security software on your computer largely depends on the security software you have installed. Refer to the instruction manual. Generally, to disable your antivirus/firewall software, locate the program icon in the notification area or system tray or Taskbar Corner Overflow, right-click the icon and choose the option to disable or exit the program.

If you do not have any third-party dedicated firewall running on your system, you can disable Windows Defender Firewall. Once disabled, try establishing the VPN connection again; if successful, you can enable your AV/Firewall again.

3] Enable IKEv2 Fragmentation Support

The IKEv2 protocol includes support for fragmenting packets at the IKE layer. This eliminates the need for fragmenting packets at the IP layer. If IKEv2 fragmentation is not configured on both the client and server, you’re most likely encounter the issue in hand. IKEv2 is commonly supported on many firewall and VPN devices. For configuration guidance, refer to the vendor’s documentation.

IKEv2 fragmentation was introduced in Windows 10 1803 and is enabled by default – no client-side configuration is required. On the server side, IKEv2 fragmentation (enabled via a registry key) was introduced in Windows Server 1803 and is also supported in Windows Server 2019 for Windows Server Routing and Remote Access (RRAS) servers.

To enable IKEv2 fragmentation on supported Windows servers, do the following:

New-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\Ikev2\” -Name EnableServerFragmentation -PropertyType DWORD -Value 1 -Force
  • Exit PowerShell console when the command executes.

4] Reinstall WAN Miniport (IP) interface drivers

Reinstall WAN Miniport (IP) interface drivers

To reinstall the WAN Miniport (IP) interface driver on your Windows 11/10 device, do the following:

  • Press Windows key + R to invoke the Run dialog.
  • In the Run dialog box, type devmgmt.msc and hit Enter to open Device Manager.
  • Now, scroll down through the list of installed devices and expand the Network adapters section.
  • Right-click one after the other all the network adapters whose name starts as “WAN Miniport” and then select Uninstall device. Here are some adapters that you may observe:
    • WAN Miniport (IP)
    • WAN Miniport (IKEv2)
    • WAN Miniport (IPv6)
    • WAN Miniport (GRE)
    • WAN Miniport (L2TP)
    • WAN Miniport (Network Monitor)
    • WAN Miniport (PPPOE)
    • WAN Miniport (PPTP)
    • WAN Miniport (SSTP)
  • Once you have uninstalled the devices, on the Device Manager menu bar, select Action > Scan for hardware changes to automatically reinstall your WAN Miniport devices.
  • Exit Device Manager when done.

5] Disable third-party filter driver

To perform this task, you need to first get the network adapter binding on the client. Do the following:

  • Open PowerShell in elevated mode.
  • In the PowerShell console, type or copy and paste the command below and hit Enter to search for the Name value of the WAN Miniport (IP) interface.
Get-NetAdapter -IncludeHidden | Where-Object {$_.InterfaceDescription -eq "WAN Miniport (IP)"}
  • Next, run the following command and replace the <interface_name> placeholder with the actual name value (eg; Local Area Connection 6) verified from the command above.
Get-NetAdapterBinding -Name "<interface_name>" -IncludeHidden -AllBindings
  • Once the command executes and from output you see that a third-party filter driver is bound or enabled with ComponenetID <some_filter>, you can run the following command to disable the driver:
Disable-NetAdapterBinding -Name "<interface_name>" -IncludeHidden -AllBindings -ComponentID <some_filter>
  • Exit PowerShell when done.

6] Enable Remote Access IP ARP Driver

This solution also requires you to first get the network adapter binding on the client as described above. Do the following:

  • Open PowerShell in elevated mode.
  • Carry out the first two tasks above to get the network adapter binding on the client.
  • After that, from the output, if you see that ms_wanarp ComponentID for Remote Access IP ARP Driver is disabled or false, you can run the following command to enable the driver:
Enable-NetAdapterBinding -Name "<interface_name>" -IncludeHidden -AllBindings -ComponentID ms_wanarp
  • Exit PowerShell when done.

That’s it!

Related post: VPN Connection Error 800 – The remote connection was not made because the attempted VPN tunnels failed

How do I fix the network connection between my computer and the VPN server?

If the connection between your computer and the VPN was interrupted, you can try the following suggestions and see if you can re-estabish connection:

  • Disable your antivirus/antimalware software and firewall temporarily.
  • Restart your router and disable its firewall temporarily.
  • Switch to a wired connection.

How do I fix the problem of Windows 10 not connecting to IPsec L2TP VPN servers?

To fix Can’t connect to VPN the L2TP connection between your computer and the VPN server could not be established on Windows 10, try the following suggestions:

  • Ensure that the Required L2TP/IPsec Ports are enabled on VPN Server’s side.
  • Connect to VPN via another device or network.
  • Delete and recreate the VPN connection.

Happy computing!

Obinna@TWC

Obinna has completed B.Tech in Information & Communication Technology. He has worked as a System Support Engineer, primarily on User Endpoint Administration, as well as a Technical Analyst, primarily on Server/System Administration. He also has experience as a Network and Communications Officer. He has been a Windows Insider MVP (2020) and currently owns and runs a Computer Clinic.