Why does an EAP-TLS resumed session generate error 691?
Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) is a
Point-to-Point Protocol (PPP) extension supporting additional authentication
methods within PPP. Transport Layer Security (TLS) provides for mutual
authentication, integrity-protected cipher suite negotiation, and key exchange
between two endpoints.
When you try to reconnect an EAP-TLS connection, the session sometimes stops
working and returns error 691 Access was denied because the user name and/or
password was invalid on the domain. To work around the problem, wait at
least 2 minutes before you try to reconnect. Note: If you’re using smart cards
for remote access authentication in Windows 2000, you must use the EAP-TLS
Windows Privacy Tools - http//www.privacywindows.com