FIX: VPN Error 691 on Windows 7/8 and 10

Whenever a VPN Error occurs, it is normally a problem with the connections settings. The Error 691 is a Dial-Up error that will occur even when the connection you have is not Dial-Up. This has to do with the way the Network Layer of the OSI model works, which is that it will use what is not broken. Since the error is caused by the same reason, the Network Layer will throw this Dial Up error even though the connection is not a Dial Up connection specifically.

The Error 691 occurs when the settings are incorrect on one of the devices (client or the server) and it cannot ensure authenticity of the connection. The most common cause is an incorrect username or password, it may also be the case if you are using a Public VPN and your access has been revoked, you’re attempting to login to the VPN with a domain that isn’t allowed, or domains are not allowed at all, OR the security protocols needed for the handshake do not match.

The error will occur on whatever device is attempting to connect to the VPN Server.

Error: 691: The remote connection was denied because the user name and password combination you provided is not recognized, or the selected authentication protocol you selected is not permitted on the remote access server.

Method 1: Allow Microsoft CHAP Version 2

Additionally, because this is an error with the VPN connection you may need to change the VPN properties in order to gain access. While changing the authentication level and encryption settings may help with the receiving end of the VPN connection, the problem may also be with the sending of the connection, which is why you might need to change the protocol for the VPN to connect with the VPN differently.

Hold the Windows Key and Press R. Type ncpa.cpl and Click OK.

Right Click your VPN Connection and choose Properties.

Go to the Security Tab, and put a check on the following two settings.

Allow these Protocols and Microsoft CHAP Version 2

vpn error 691

Method 2: Uncheck Include Windows logon domain from VPN Options

If the VPN Client is attempting to login with their domain, whereas the domain on the server is different or the server is setup to authenticate with just the username and password, then you may see this error.

Hold the Windows Key and Press R. Type ncpa.cpl and Click OK.

Right Click your VPN Connection and choose Properties. Go to the Options tab, and uncheck “Include windows logon domain”

include windows logon domain

Method 3: Changing LANMAN Parameters

Usually, if the client has a newer OS and is connecting and VPNning into an older server then the encryption set on the client could also trigger this error.

Hold the Windows Key and Press R. Type secpol.msc and Click OK. Go to Administrative Tools -> Local Security Policy -> Local Policies -> Security Options and choose Network Security: LAN Manager authentication level and double-click it. 

Inside of Local Security Setting, change the option to Send LM & NTLM responses only.

Click OK.


Then go to Network Security: Minimum Session Security for NTLM SSP and Click on it. Inside of Local Security Setting, disable the Require 128-bit encryption option.


More Solutions can be found on Related VPN Error 807, Please visit ‘How to Fix VPN Error 807 in Windows 10/11


Kevin Arrows

Kevin Arrows is a highly experienced and knowledgeable technology specialist with over a decade of industry experience. He holds a Microsoft Certified Technology Specialist (MCTS) certification and has a deep passion for staying up-to-date on the latest tech developments. Kevin has written extensively on a wide range of tech-related topics, showcasing his expertise and knowledge in areas such as software development, cybersecurity, and cloud computing. His contributions to the tech field have been widely recognized and respected by his peers, and he is highly regarded for his ability to explain complex technical concepts in a clear and concise manner.