I recently came across and issue with VPN users getting “Error 778: It was not possible to verify the identity of the server” when connecting to SBS 2008. The same error was given to all users connecting from different machines via different networks so it had to be a server/site issue.
If I disabled MS-CHAP V2 from RRAS and set the clients to use CHAP the connection worked fine, so I suspected and issue with the authentication settings on the SBS 2008 server. I had forwarded port 1723 to the server and the site was using a Netgear router which by default allowed IP Protocol=GRE (value 47) passthrough.
After checking all RRAS settings and dial-in properties for AD users I had a look at the NPS Policies. All looked ok accept 1 setting in the TS GATEWAY AUTHORIZATION POLICY under the Connection Request Policies. In the policy under Authentication it had been set to Accept users without validating credentials. I changed it to Authenticate requests on this server and applied the settings and VPN connections now work fine with with MS-CHAP V2 authentication.
So if you come across this VPN error and have checked all other possible causes and it still occurs make sure you dont have the TS GATEWAY AUTHORIZATION POLICY is set to Authenticate requests on this server.