VPN Error 789 on Windows 7/10

The ‘VPN Remote Access Error 789′ error typically happens on single-user PC’s, when the user tries to connect to a VPN solution using the built-in Windows functionality from their home network.

Note: Here’s what to do if you’re encountering the VPN Error 169.

What causes the error returned on failure 789 message on Windows 7 and 10?

• Network inconsistency – As it turns out, a network inconsistency can also cause this particular error message. In most cases, the problem ends up being caused by a network adapter that is stuck in al limbo state, not allowing the VPN connection to be established. If this scenario is applicable, you can fix the issue by resetting the Network adapter, forcing your OS to install the network driver again.
• Missing Encapsulation Registry key – In case you’re experiencing frequent disconnects and failed connection attempts in relation to your VPN, it’s most likely due to a missing registry key called AssumeUDPEncapsulationContextOnSendRule.In this case, you can fix the issue by creating and configure this registry key manually via Registry Editor.
• 3rd party Firewall Interference – Another potential cause that might end up spawning this error is an overprotective firewall that ends up blocking certain ports that are actively being used by your VPN connection. In this case, you can fix this issue by establishing exceptions or by uninstalling the 3rd party firewall.
• IPsec Keying Modules & Policy Agent are Disabled – These two services are absolutely essential if you are using a self-hosted VPN. Without them, the connection will not be possible. If this scenario is applicable, you can fix the issue by accessing the Services screen and ensuring that the two services are enabled and the Startup Type is set to Automatic.

How to Fix the ‘VPN Remote Access Error 789’ Error?

Method 1: Reset your Network adapter

In some cases, the apparition of the ‘VPN Remote Access Error 789′ error is linked with a network inconsistency caused by a network adapter that got stuck in a limbo state. This scenario will make it impossible for the VPN config to get the necessary data to establish a connection.

If this scenario is applicable, you should be able to resolve the issue by using Device Manager to uninstall the network adapter, forcing your operating system to reinstall the drivers from scratch at the next system startup.

Here’s a quick guide on how to do this:

Note: These steps should work regardless of your Windows version.

1. Press Windows key + R to open up a Run dialog box. Next, type ‘devmgmt.msc’ inside the text box and press Enter to open up the Device Manager utility. If prompted by the UAC (User Account Control), click Yes to grant administrative privileges.

   

2. Once you’re inside Device Manager, scroll down through the list of devices and expand the drop-down menu associated with Network Adapters. Next, right-click on your network adapter and choose Uninstall from the context menu.

   

3. Click Yes at the confirmation prompt and wait for the process to complete.
4. Once the network adapter is uninstalled, restart your computer to allow the network driver to be uninstalled at the next startup sequence.

In case the same issue is still occurring, move down to the next method below for a different repair strategy.

Method 2: Create UDPE Encapsulation Registry Key

If you’re encountering this issue with an L2TP based VPN client or VPN server that is behind NAT (Network Address Translation), you will not achieve a stable connection until you take the time to create the AssumeUDPEncapsulationContextOnSendRule registry value.

If you encounter frequent disconnects and failed connection attempts, it’s most likely due to the fact that the VPN client that you’re using is not configured to run behind a NAT service by default. If you want to get it to work, you will need to create and configure the AssumeUDPEncapsulationContextOnSendRule registry value.

Here’s a quick guide on creating and configuring the AssumeUDPEncapsulationContextOnSendRule registry value in order to resolve the ‘VPN Remote Access Error 789’:

1. Press Windows key + R to open up a run dialog box. Next, type ‘regedit’ and press Enter to open up Registry Editor. When prompted by the UAC (User Account Control), click Yes to grant administrative privileges.

   

2. Once you’re inside the Registry Editor, use the left-hand section to navigate to the following location:

   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent

   Note: You can either navigate there manually or you can paste the address directly into the navigation bar to get there instantly.

3. After you arrive at the correct location, move down to the right-hand section, right-click on an empty space and choose New from the newly appeared context menu. Then, choose Dword (32-bit) Value from the list of available options.
4. Name the newly created Dword Value AssumeUDPEncapsulationContextOnSendRule and press Enter to save the changes.

   

5. Once the value has been successfully created, double-click on it, then set the Base to Hexadecimal and the Value data to 2.

   

   Note: This modification ensures that WIndows can establish security associations with servers and other OS that are behind NAT servers.

6. Click Ok to save the changes, then restart your computer and see if this modification managed to fix the issue for you.

In case the same problem is still happening, move down to the next potential fix below.

Method 3: Disable 3rd party Firewall

If you’re encountering the issue with a server configuration and you’re using a 3rd party firewall, chances are it ends up blocking a port that is actively being used by your VPN connection. Ports 500 and 4500 are most likely to be stopped from communicating with external machines.

If this scenario is applicable, you will only be able to fix this issue by whitelisting the involved ports. But you can only enforce this fix if you know your way around your firewall and if you know which ports your VPN solution actively uses.

And keep in mind that the steps of establishing security exceptions will be different across different 3rd party firewall solutions. If you want to do this, search online for specific steps on doing this.

But if you’re looking for a quick and efficient solution, your best bet is to uninstall the 3rd party firewall altogether and restart to see if the issue is resolved.

Here’s a quick guide on uninstalling the 3rd party firewall in order to fix the ‘VPN Remote Access Error 789’ error:

1. Press Windows key + R to open up a Run box. Next, type ‘appwiz.cpl’ and press Enter to open up the Programs and Features menu.

   

2. Once you are inside the Programs and Features menu, scroll down through the list of installed applications and locate your 3rd party firewall. Once you see it, right-click on it and choose Uninstall from the newly appeared context menu.

   

3. Inside the uninstallation prompt, follow the on-screen prompts to complete the process, then restart your computer to complete the operation.
   Note: If you want to ensure that you leave behind no remnant files that might still cause the same behavior, here’s how to remove any leftover files left behind by the 3rd party security suite that you recently uninstalled.
4. Attempt to connect to your VPN solution again and see if the problem is now resolved.

In case the VPN connection is still interrupted by the same ‘VPN Remote Access Error 789’ error, move down to the final method below.

Method 4: Enable the IPsec Keying Modules & Policy Agent

As several affected users have reported, this particular error message can also occur due to the fact that two essential services for self-hosted VPNs are disabled. Without them, a VPN connection will not be possible.

If this scenario is applicable, you can fix the issue by accessing the Services screen and enabling two services that are essential to this operation (“IKE and AuthIP IPsec Keying Modules” and “IPsec Policy Agent” services)

Here’s a quick guide on how to do this in order to fix the ‘VPN Remote Access Error 789’ error:

1. Press Windows key + R to open up a Run dialog box. Next, type ‘services.msc’ and press Enter to open up the Services screen.
    

   Note: If you get prompted by the UAC (User Account Control) prompt, click Yes to grant administrative privileges.

2. Once you’re inside the Services screen, scroll down through the list of services and start by locating the IKE and AuthIP IPsec Keying Modules service.
3. Once you manage to locate it, right-click on it and choose Properties from the newly appeared context menu.
4. Inside the Properties screen of IKE and AuthIP IPsec Keying Modules, select the General tab and change the Startup type to Automatic. Then, click on Start to force the service to come into action and hit Apply to save the changes.
5. Next, scroll down through the list of services again and locate IPsec Policy Agent. Once you see it, right-click on it and choose Properties from the context menu.
6. Inside the properties screen of IPsec Policy Agent, select the General tab and change Startup Type to Automatic, then click on Start to call upon the service. Same as before, click on Apply to save the changes.
7. Attempt to establish the VPN connection again and see if you get the same error message.