Cannot connect to a VPN server - authentication failed with error code 691

Reason: Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.

I think that's your problem right there. Verify that the account has the correct permissions to connect remotely via RRAS. These links might help you. Note that articles that apply to 2003 may still apply to 2008r2 (according to MSFT). Also note that I make no claim to being a subject matter expert....

http://technet.microsoft.com/en-us/library/cc754634(WS.10).aspx

http://technet.microsoft.com/en-us/library/cc775658(WS.10).aspx

http://technet.microsoft.com/en-us/library/cc759294(WS.10).aspx

http://technet.microsoft.com/en-us/library/dd637783(WS.10).aspx

I had this problem so I'll go ahead and tell you what it was for me. My password (given to us by our host had a $ in it). I was copy-pasting the password from an rdp shell script that had escaped the $ with a \. I was mentally forgetting the reason for \ and thinking it was literal. I spent hours working on authentication when in reality, I need only remove the back-slash escaping of the dollar sign.

Not sure if that's your problem -- but good luck.

I solved this my changing the Dial-In properties of the user. By default it was set to managed by NPS server. Click allow access solved my issue.