When you try to reconnect an Extensible Authentication Protocol - Transport Layer Security (EAP-TLS) connection, it sometimes stops working and issues:
691 - Access was denied because the user name and/or password was invalid on the domain.
You can workaround this problem by waiting at least two (2) minutes before you try to reconnect.
EAP is a Point-to-Point Protocol (PPP) extension that provides support for additional authentication methods within PPP. TLS allows mutual authentication, integrity-protected cipher suite negotiation, and key exchange between two endpoints.
NOTE: If you are using smart cards for remote access authentication in Windows 2000, you must use the EAP-TLS authentication method.