FIX: VPN Error 691 on Windows 7/8 and 10

Whenever a VPN Error occurs, it is normally a problem with the connections settings. The Error 691 is a Dial-Up error that will occur even when the connection you have is not Dial-Up. This has to do with the way the Network Layer of the OSI model works, which is that it will use what is not broken. Since the error is caused by the same reason, the Network Layer will throw this Dial Up error even though the connection is not a Dial Up connection specifically.

The Error 691 occurs when the settings are incorrect on one of the devices (client or the server) and it cannot ensure authenticity of the connection. The most common cause is an incorrect username or password, it may also be the case if you are using a Public VPN and your access has been revoked, you’re attempting to login to the VPN with a domain that isn’t allowed, or domains are not allowed at all, OR the security protocols needed for the handshake do not match.

The error will occur on whatever device is attempting to connect to the VPN Server.

Error: 691: The remote connection was denied because the user name and password combination you provided is not recognized, or the selected authentication protocol you selected is not permitted on the remote access server.

Method 1: Allow Microsoft CHAP Version 2

Additionally, because this is an error with the VPN connection you may need to change the VPN properties in order to gain access. While changing the authentication level and encryption settings may help with the receiving end of the VPN connection, the problem may also be with the sending of the connection, which is why you might need to change the protocol for the VPN to connect with the VPN differently.

Hold the Windows Key and Press R. Type ncpa.cpl and Click OK.

Right Click your VPN Connection and choose Properties.

Go to the Security Tab, and put a check on the following two settings.

Allow these Protocols and Microsoft CHAP Version 2

vpn error 691

Method 2: Uncheck Include Windows logon domain from VPN Options

If the VPN Client is attempting to login with their domain, whereas the domain on the server is different or the server is setup to authenticate with just the username and password, then you may see this error.

Hold the Windows Key and Press R. Type ncpa.cpl and Click OK.

Right Click your VPN Connection and choose Properties. Go to the Options tab, and uncheck “Include windows logon domain”

include windows logon domain

Method 3: Changing LANMAN Parameters

Usually, if the client has a newer OS and is connecting and VPNning into an older server then the encryption set on the client could also trigger this error.

Hold the Windows Key and Press R. Type secpol.msc and Click OK. Go to Administrative Tools -> Local Security Policy -> Local Policies -> Security Options and choose Network Security: LAN Manager authentication level and double-click it. 

Inside of Local Security Setting, change the option to Send LM & NTLM responses only.

Click OK.

2016-08-19_091544

Then go to Network Security: Minimum Session Security for NTLM SSP and Click on it. Inside of Local Security Setting, disable the Require 128-bit encryption option.

2016-08-19_091837

Kevin Arrows
Kevin is a dynamic and self-motivated information technology professional, with a Thorough knowledge of all facets pertaining to network infrastructure design, implementation and administration. Superior record of delivering simultaneous large-scale mission critical projects on time and under budget.

Expert Tip

FIX: VPN Error 691 on Windows 7/8 and 10

If the issue is with your Computer or a Laptop you should try using Restoro which can scan the repositories and replace corrupt and missing files. This works in most cases, where the issue is originated due to a system corruption. You can download Restoro by clicking the Download button below.

Download Now

I'm not interested