Windows server 2012 resides behind router / NAT with UDP ports 500, 4500 and 1701 forwarded to the IP address of the server. Server RRAS VPN configured correctly accepting PPTP connections from multiple MAC and Windows VPN clients with no issues (except newer Mac OS Sierra with PPTP protocol removed from the list of available VPN options).
In my case I was able to connect via my MAC VPN client with no problem... However, Windows VPN client would throw Error 809... Below is a solution which worked for me:
Reference article here: https://www.sonicwall.com/en-us/support/knowledge-base/170505534382415
Step 1: Login to the PC as Administrator if your current user account is not a member of local Administrators group.
Step 2: Click Start | Run or Start | All Programs | Accessories | Run and type regedit.
Step 3: Locate the entry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent.
Step 4: Create a new DWORD (32-bit) value (Edit | New).
Step 5: Add AssumeUDPEncapsulationContextOnSendRule and save.
Step 6: Modify the new entry and change Value Data from 0 to 2.
Value 0 -| Cannot establish security associations with servers that are located behind NAT devices.
Value 2 -| Can establish security associations with servers that are located behind NAT devices.
Do not forget to reboot your computer!