How to Fix Error 691 Causing VPN Connections Lost and Error Messages

What is a VPN?

VPN is short for Virtual Private Network. It is an essential online tool because it improves your online privacy and safety. Even though a VPN can be quite handy, it comes with its own set of troubles, which can cause lost VPN connections and errors. Many people have reported connection failure with VPN Error 691. This can be a problem if you need to use a VPN, fortunately, there are few ways in which you can deal with this problem. If you get this error you'll see a message that says this:

"VPN Error 691
The remote connection was denied because the user name and password combination you provided is not recognized, or the selected authentication protocol you selected is not permitted on the remote access server."

The error is a Dial-Up error, which happens when the connection you have is not a Dial-Up. VPN Error 691 happens when the settings aren't set correctly on the client or the server machine, which means it can't verify the connection. Usually, Error 691 is the result of an incorrect username or password. In other cases, it may also happen when you are using a Public VPN and attempting to login to the VPN with a domain that isn't permitted, or the security protocols required mismatch.

Users report encountering VPN error 691 when there are problems with their network protocol settings, remote access permission, firewall permissions, connectivity problems, and more. The most outstanding causes can be grouped into three categories like this:
Incorrect Username and Password
Incorrect connection security settings
Problems with Networking settings

How to fix VPN Error 691

Here are a few solutions to this pesky VPN error

Make sure that the logon ID and password are correct
This is a very basic issue, but it's the most common one. At certain times a VPN Connection failed with error 691 message appears when your username or password is incorrect to be sure that your password is correct, use the Show Password option.

Use Microsoft CHAP Version 2

Sometimes, to fix error 691 you have to use Microsoft CHAP Version 2. Why? Because VPNs use different protocols. You can use Microsoft CHAP Version 2 by following these steps:

1. Press Win Key + X key combination to open the Windows Menu.
2. Select Network Connections.
3. Find your VPN connection, right-click, and select Properties from the menu.
4. Press the Security tab.
5. Press "Allow these protocols" and pit a tick next to "Microsoft CHAP Version 2 (MS-CHAP v2)"
6. Save changes by pressing OK.

If the error persists try the next option.

Disable the “Include Windows logon domain” option

If your VPN connection isn't configured properly this is what you need to do.

1. Press Win Key + X key combination to open the Windows Menu.
2. Select Network Connections.
3. Find your VPN connection, right-click, and select Properties from the menu.
4. Select Options and remove the check "Include Windows logon domain" option.
5. Save the changes by hitting the OK button.

Check your connection’s security

1. Hit the Win Key + X key combination to open the Windows Menu.
2. Choose Network Connections.
3. Locate your VPN connection, right-click, and select Properties from the menu.
4. Open the Security tab and put a check next to Typical (recommended settings).
5. There's a section labeled "Validate my identity as follows" section and verify that the "Allow unsecured password" option is selected
6. Press on the Options tab and remove the tick next to "Include Windows logon domain".
7. To save your changes click on the OK button.

Check to see if the problem has been resolved and if it hasn't, then move on to our final solution.

Change your LANMAN parameters

1. According to some reports, changing LANMAN parameters prevented error 691. Here's how to do that:
2. Hold down the Win Key and press R.
3. Enter type gpedit.msc in the Run Dialog and hit OK, this will start the Local Group Policy Editor.
4. Go to Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options.
5. Locate and select "Network security: LAN Manager authentication level".
6. Press on the "Local Security Settings" tab and choose "Send LM & NTLM responses" from the options in the drop-down menu.
7. To save the changes press OK and Apply.
8. Then press on "Network Security: Minimum Session Security for NTLM SSP"
9. Toggle off the "Require 128-bit encryption' and enable 'Require NTLMv2 session security" option
10. Press Apply and OK and save these changes
11. Restart your PC.