You cannot make a VPN connection successfully by entering a correct PIN after an incorrect PIN is entered when the connection uses a smart card and PEAP authentication on a computer that is running Windows Server 2008 or Windows Vista
Consider the following scenario:
- You set up a virtual private network (VPN) connection on a computer that is running Windows Server 2008 or Windows Vista.
- In the VPN connection properties dialog box, you configure the authentication to use the “Protected EAP (PEAP) (encryption enabled)” method and configure the VPN type to be the “Secure Socket Tunneling Protocol (SSTP)” type.
- You try to make a new VPN connection by using a smart card. In your first attempt to make a new VPN connection, an incorrect personal identification number (PIN) is entered. Then a dialog box prompts you to enter the correct PIN.
In this scenario, the dialog box repeatedly prompts you to enter the correct PIN after the correct PIN is entered. Additionally, after repeated attempts to enter the PIN, the smart card is blocked and you cannot use any corporate resources.
Also, you have to contact the IT support at your company to unblock the smart card.
For more information on this issue, including potential causes, workarounds, and resolutions, see: Microsoft KB Article KB974924.