FIX: VPN Error 691 on Windows 7/8 and 10
Whenever a VPN Error occurs, it is normally a problem with the connections settings. The Error 691 is a Dial-Up error that will occur even when the connection you have is not Dial-Up. This has to do with the way the Network Layer of the OSI model works, which is that it will use what is not broken. Since the error is caused by the same reason, the Network Layer will throw this Dial Up error even though the connection is not a Dial Up connection specifically.
The Error 691 occurs when the settings are incorrect on one of the devices (client or the server) and it cannot ensure authenticity of the connection. The most common cause is an incorrect username or password, it may also be the case if you are using a Public VPN and your access has been revoked, you’re attempting to login to the VPN with a domain that isn’t allowed, or domains are not allowed at all, OR the security protocols needed for the handshake do not match.
The error will occur on whatever device is attempting to connect to the VPN Server.
Error: 691: The remote connection was denied because the user name and password combination you provided is not recognized, or the selected authentication protocol you selected is not permitted on the remote access server.
Method 1: Allow Microsoft CHAP Version 2
Additionally, because this is an error with the VPN connection you may need to change the VPN properties in order to gain access. While changing the authentication level and encryption settings may help with the receiving end of the VPN connection, the problem may also be with the sending of the connection, which is why you might need to change the protocol for the VPN to connect with the VPN differently.
Hold the Windows Key and Press R. Type ncpa.cpl and Click OK.
Right Click your VPN Connection and choose Properties.
Go to the Security Tab, and put a check on the following two settings.
Allow these Protocols and Microsoft CHAP Version 2
Method 2: Uncheck Include Windows logon domain from VPN Options
If the VPN Client is attempting to login with their domain, whereas the domain on the server is different or the server is setup to authenticate with just the username and password, then you may see this error.
Hold the Windows Key and Press R. Type ncpa.cpl and Click OK.
Right Click your VPN Connection and choose Properties. Go to the Options tab, and uncheck “Include windows logon domain”
Method 3: Changing LANMAN Parameters
Usually, if the client has a newer OS and is connecting and VPNning into an older server then the encryption set on the client could also trigger this error.
Hold the Windows Key and Press R. Type secpol.msc and Click OK. Go to Administrative Tools -> Local Security Policy -> Local Policies -> Security Options and choose Network Security: LAN Manager authentication level and double-click it.
Inside of Local Security Setting, change the option to Send LM & NTLM responses only.
Click OK.
Then go to Network Security: Minimum Session Security for NTLM SSP and Click on it. Inside of Local Security Setting, disable the Require 128-bit encryption option.
More Solutions can be found on Related VPN Error 807, Please visit ‘How to Fix VPN Error 807 in Windows 10/11‘
