Link to home
Start Free TrialLog in
Avatar of dwernars
dwernars

asked on

Problem with VPN on Server 2003

A Server 2003 machine has been configured with RRAS service. Users that have remote access have been granted access to VPN into the Server. However when the users VPN in they get an error stating that they have not been authenticated. Users connect to the 2003 domain through a Cisco router. I found article 829074 in the Microsoft KB - contacted Microsoft for the hotfix but it hasn't worked. Users can still not VPN into the RRAS server. Is anyone else having this same problem?
Avatar of karel_jespers
karel_jespers
Avatar of dwernars
dwernars

ASKER

The problem is not with the router configs. I moved the RRAS service to another 2003 box and now users get a 800 error: Unable to establish the VPN connection. The VPN server may be unreachable, or security parameters may not be configured properly for this connection.

I have granted access for each user to the VPN server as well as allowing access on the server itself.

ANy ideas?
ASKER CERTIFIED SOLUTION
Avatar of karel_jespers
karel_jespers
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of dwernars
dwernars

ASKER

Thanks, however we're using PPTP and not L2TP. There is no Nat'ing or firewall in place at the moment as I thought that, that was blocking access so since we have a backup router, I removed the access list from one and connected the RRAS server through that. The users are using the server IP address to connect and not the server name. This is the most bizarre situation as VPN worked fine when we were running on 2000. When I upgraded to 2003 ( hard upgrade), VPN worked for a day and then after the latest virus scare, I updated virus defs, had to patch this Dell server because it was 'looping' through startup and shutdown. Ever since then VPN has been hosed and I can't get it working
Avatar of Gac
Gac
For each user you want to grant access to, there is a setting called "allow remote access" or something like that.  Use the AD Users & Computers mmc snap-in to find the user account, and then it should be under the "Remote Access" tab, if i remember correctly.

Good Luck

-Gac
Avatar of karel_jespers
karel_jespers
did you already checked the ras log file
see ras/rasserver/remote access logging/properties
      under the setting tab: select as much events to log
      under the local file tab: you will find its place and name

after some vpn access tries you can copy and paste the logfile contents to us
Avatar of dwernars
dwernars

ASKER

I have allowed users  remote access - it's the dial-in tab on the user properties.

I'll checkout the logfile stuff and see what I can come up with, Thanks
Avatar of graemesmith
graemesmith
Flag of United States of America image
I have been beating my brains out with this.  No accepted answers here, in TechNet or on other forums worked.  Posting this in case someone else is beating their brains out!  Here is how I solved it:

Clue 1 - Could not ping remote hosts.
Clue 2 - Computer had terrible connectivity at work when on LAN side of server - all cabling having tested good.

Tried (and it worked)

Edited PATH Environment Variable to get C:\Windows\System32 to first item in Path.  A Handspring phone synch software install had jumped the line three times.  This restored Ping.

Edited Registry to remove Winsock and Winsock2 entries in HKLM\System\CurrentControlSet\Services  (I assumed we had a damaged but partly functioning WinSock)

Reboot

Reinstalled TCP/IP using I386\nettcpip.inf

Reboot

Delete all previous VPN connections from Network Connections

Recreate Network Connection.