When configuring Windows 10 Always On VPN using Extensible Authentication Protocol (EAP), the administrator may encounter a scenario in which the client connection fails. The event log will include an event ID 20227 from the RasClient source that includes the following error message.
“The user [domain\username] dialed a connection named [connection name] which has failed. The error code returned on failure is 858.”
RasClient Error 858
RasClient error code 858 translates to ERROR_EAP_SERVER_CERT_EXPIRED. Intuitively, this indicates that the Server Authentication certificate installed on the Network Policy Server (NPS) has expired. To resolve this issue, renew the certificate on the NPS server.
Additional Information
Windows 10 Always On VPN Network Policy Server (NPS) Load Balancing