Summary

This article describes one potential cause for receiving an Error 806 when attempting to connect to VPN via a PPTP connection. Additionally this article explains how to fix the ‘Validate server certificate’  by overwriting the rasphone.pbk file.

Purpose

A while back, I ran across a client that had a VPN utilizing PPTP. The user I was trying to set up was receiving an Error 806. 

After a bit of troubleshooting, it was discovered that the user could connect to the VPN with most computers, however when trying to connect via their designated machine, they were receiving an Error 806. 

For this specific client, they required that their users utilize PEAP Authentication.

Additionally, the client did not want to validate the server certificate. Machines that were validating correctly had the ‘Validate server certificate’ option unchecked. However, the problem machine had the box checked. Even after unchecking and reapplying settings, the box would recheck itself.

The Cause of Error 806

The underlying cause of this issue was due to the rasphone.pbk file not saving correctly. This file contains saved dial up information (in this case VPN settings). The most common causes I have seen of this file not functioning correctly are due to a Window image being used that already had issues or if a Window’s upgrade was performed. It did not matter if it was Home, Professional, Ultimate, or Enterprise or any combination of 32 bit or 64 bit, the only consistency viewed was that a Window’s image was used. If you would like more information on the rasphone.pbk file, visit http://support.microsoft.com/kb/284269. 

Although the exact cause of the rasphone.pbk not saving correctly could not be determined, 3 solutions were found.

Option 1: Reinstall Windows 7

Not the most efficient method, but fresh installs from an actual Windows disk have been known to fix the issue. Make sure to not use an image and to reinstall the OS from scratch.

Option 2: Overwrite the Existing Rasphone.pbk File

The second fix, which may be a bit more difficult to apply, is to acquire a copy of a rasphone.pbk file from a machine that is working and to overwrite the existing rasphone.pbk file. If you are an IT admin, you can save this file to copy to new machines.

The location of the rasphone.pbk file can be found at:

%userprofile%AppDataRoamingMicrosoftNetworkConnectionsPbkrasphone.pbk

Note: If the VPN connection that is being overwritten has the same name as the one already created in the rasphone.pbk file that was imported from a working connection, there is a good possibility that some errors might occur. Oddly enough, to correct these errors, I have found that the following had to be performed:

• Open properties on the VPN connection (your connection should prompt an error).
• Click okay.
• Navigate to rasphone.pbk .
• Edit the file with notepad.
• Save the file (even after making no changes).
• Go back and try to open the properties of your existing VPN connection.
• Verify that ‘Validate Server Certificate’ is disabled.

 

Option 3: Delete All Existing VPN Connections and Copy Rasphone.pbk 

This is by far the easiest option. If you delete all existing VPN connections for your profile, this should remove the existing rasphone.pbk file (alternatively you can just manually delete or rename the existing file). Dump your new rasphone.pbk file to:

%userprofile%AppDataRoamingMicrosoftNetworkConnectionsPbkrasphone.pbk.

Once this has been completed, a valid VPN connection will appear under: Control PanelNetwork and InternetNetwork Connections and under the network connections tab.

In my example, the newly imported connected is called ‘Test Connection’

The newly added connection will now have ‘Validate Server Certificate’ disabled.