I'm currently configuring a new cluster with a new mgmt-server only for VPN.
i've build on a VSX-cluster 2 VS's, one test and one production VS.
VS3, I've build the test vs, with smartcard authentication which connects to our external AD. machine/user are handled by our external domain and the smartcard authentication is as well handled on this external domain, this solution works properly.
VS4, I've build the production VS, which the machine/user connects to our internal domain and the MFA is handled by Radius against the external AD.
on this VS i have the issue when i'm trying to logon that I'll get the error "Negotiation with site failed". I don't get it always, the other attempts are working well, let's say it fails 1 out of 3 attempts. Smartlog says the user does not belong to the remote community.
The AD LDAP account unit of both domains are identical in the management server and in the Remote Access community in the participant user groups i have added a user group based on a security group.
Does anybody have an idea what could go wrong?