I've seen discussions related to this topic, but nothing addressing the errors I am seeing.
I used this link as a start:
I first saw errors on the domain controller showing a requirement for MSCHAPv2, so I added that to the IAS server. The error that is stoping me now is:
Policy-Name = Legacy User Access to Cisco VPN
Authentication-Type = MS-CHAPv2
EAP-Type = <undetermined>
Reason-Code = 72
Reason = The user cannot change his or her password because the change password option is not enabled for the matching remote access policy.
This error is generated in on the IAS server in the SYSTEM log. Looking at the IAS policy, I do not see any options specific to allowing password change.
I've begun a search at Technet, but any ideas would be greatly appreciated...