VPN

VPN IKEv2 by certificate from Windows server 2019 to MikroTik?

I can't establish a VPN IKEv2 connection using a certificate from Windows Server 2019 Standard to Mikrotik RB750Gr3.
Mikrotik has been updated to firmware 6.42.6, settings have been made on it and it successfully connects and hangs VPN ikev2 connection via PresharedKey up to 3x PfSense. No problem.
Now the task is to raise the tunnel from Winsows Server 2019 Standard to this Mikrotik. Mikrotik has a white static IP, and Windows Server is on the VPS as a virtual machine. It turns out that the VPS has a white IP, and the Windwos server is behind a NAT with an ip like 192.168.7.0/24.
Configured as prescribed in WiKi Mikrotik from the section Road Warrior setup using IKEv2 with RSA authentication
I take any WIndows 10, put a certificate on it as indicated in the manual, make VPN connection settings, connect and everything connects and works great.
It should also be noted that Windows 10 is running on a virtual machine behind NAT of the same VPS where the problematic WinServer 2019 is, that is, the conditions for WIn10 and WinServer are the same.
I also tried it from a home laptop with WIndows 8.1, also because of NAT, everything works.
But WinServer swears something like "Could not reach the VPN server, perhaps the device or router or
router is configured incorrectly and blocking VPN operation"
I tried to edit the registry as advised on the Internet, I tried to completely disable the brandmauer, there is no antivirus at all, no settings after installing WinServer did not change, the stock OS config.
Tell me how to make a server make friends with Mikrotik? Maybe on the server, somewhere in the policies, lower the security level or change some other parameters somewhere?