When you create a remote access policy that forces a user to log on using a Layer-2 Tunneling Protocol (L2TP) connection, they are unable to connect to the remote access server.

If you have both L2TP and PPTP enabled on the remote access server, and a remote access policy requires that some Windows XP users must use L2TP, and the Windows XP users have selected the Automatic option in the Type of VPN list on the Networking tab of the Properties page of the remote access connection, then they will experience this problem.

The Automatic option causes Windows XP to try the default protocol, PPTP, first. Normally, if a connection could not be established, the next protocol, L2TP, is tried. Because the policy caused the user to be denied access, Windows XP does not continue trying to connect.

To workaround this behavior, you must configure the clients with L2TP IPSec VPN in the Type of VPN list:

1. On the client computer, open Control Panel.

2. If they are still in Category View, press Switch to Classic View.

3. Double-click Network Connections.

4. Right-click the remote access connection and press Properties.

5. Select the Networking tab.

6. Select L2TP IPSec VPN in the Type of VPN list and press OK.