As mentioned in the article, you can try to enable CAPI2 logging to get more details on 403.16 error, what is the error message in your logging?
Note generally, if the client computer is joined to the domain and if you use domain credentials to log on to the VPN server, the certificate is automatically installed in the Trusted Root Certification Authorities store. However, if the computer is not joined to the domain or if you use an alternative certificate chain, you may experience this issue.
To troubleshoot this issue, follow these steps:
- On the client computer, click Start , click Run , type mmc , and then click OK .
- On the File menu, click Add/Remove Snap-in .
- In the Add/Remove Snap-in dialog box, click Add .
- In the Available Standalone Snap-In dialog box, click Certificates , and then click Add .
- In the Certificates snap-in dialog box, click Computer account , click Next , and then click Finish .
- Click Close , and then click OK .
- In the Console1 MMC snap-in, expand Certificates (Local Computer) , expand Trusted Root Certification Authorities , and then click Certificates .
- Examine the certificates that appear in the details pane to determine whether a certificate from the certification authority is present.
- If the appropriate certificate is not present in the Trusted Root Certification Authorities store, you must import a certificate for the appropriate certification authority.
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.