dwernars
asked on
Problem with VPN on Server 2003
A Server 2003 machine has been configured with RRAS service. Users that have remote access have been granted access to VPN into the Server. However when the users VPN in they get an error stating that they have not been authenticated. Users connect to the 2003 domain through a Cisco router. I found article 829074 in the Microsoft KB - contacted Microsoft for the hotfix but it hasn't worked. Users can still not VPN into the RRAS server. Is anyone else having this same problem?
http://www.cisco.com/en/US/products/sw/secursw/ps2300/products_configuration_guide_chapter09186a008007cf74.html
ASKER
The problem is not with the router configs. I moved the RRAS service to another 2003 box and now users get a 800 error: Unable to establish the VPN connection. The VPN server may be unreachable, or security parameters may not be configured properly for this connection.
I have granted access for each user to the VPN server as well as allowing access on the server itself.
ANy ideas?
I have granted access for each user to the VPN server as well as allowing access on the server itself.
ANy ideas?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks, however we're using PPTP and not L2TP. There is no Nat'ing or firewall in place at the moment as I thought that, that was blocking access so since we have a backup router, I removed the access list from one and connected the RRAS server through that. The users are using the server IP address to connect and not the server name. This is the most bizarre situation as VPN worked fine when we were running on 2000. When I upgraded to 2003 ( hard upgrade), VPN worked for a day and then after the latest virus scare, I updated virus defs, had to patch this Dell server because it was 'looping' through startup and shutdown. Ever since then VPN has been hosed and I can't get it working
For each user you want to grant access to, there is a setting called "allow remote access" or something like that. Use the AD Users & Computers mmc snap-in to find the user account, and then it should be under the "Remote Access" tab, if i remember correctly.
Good Luck
-Gac
Good Luck
-Gac
did you already checked the ras log file
see ras/rasserver/remote access logging/properties
under the setting tab: select as much events to log
under the local file tab: you will find its place and name
after some vpn access tries you can copy and paste the logfile contents to us
see ras/rasserver/remote access logging/properties
under the setting tab: select as much events to log
under the local file tab: you will find its place and name
after some vpn access tries you can copy and paste the logfile contents to us
ASKER
I have allowed users remote access - it's the dial-in tab on the user properties.
I'll checkout the logfile stuff and see what I can come up with, Thanks
I'll checkout the logfile stuff and see what I can come up with, Thanks
I have been beating my brains out with this. No accepted answers here, in TechNet or on other forums worked. Posting this in case someone else is beating their brains out! Here is how I solved it:
Clue 1 - Could not ping remote hosts.
Clue 2 - Computer had terrible connectivity at work when on LAN side of server - all cabling having tested good.
Tried (and it worked)
Edited PATH Environment Variable to get C:\Windows\System32 to first item in Path. A Handspring phone synch software install had jumped the line three times. This restored Ping.
Edited Registry to remove Winsock and Winsock2 entries in HKLM\System\CurrentControl Set\Servic es (I assumed we had a damaged but partly functioning WinSock)
Reboot
Reinstalled TCP/IP using I386\nettcpip.inf
Reboot
Delete all previous VPN connections from Network Connections
Recreate Network Connection.
Clue 1 - Could not ping remote hosts.
Clue 2 - Computer had terrible connectivity at work when on LAN side of server - all cabling having tested good.
Tried (and it worked)
Edited PATH Environment Variable to get C:\Windows\System32 to first item in Path. A Handspring phone synch software install had jumped the line three times. This restored Ping.
Edited Registry to remove Winsock and Winsock2 entries in HKLM\System\CurrentControl
Reboot
Reinstalled TCP/IP using I386\nettcpip.inf
Reboot
Delete all previous VPN connections from Network Connections
Recreate Network Connection.