Solved

SBS Remote Authentication

Posted on 2006-11-01
27
669 Views
Last Modified: 2012-06-22
I have an SBS Server setup.  I have downloaded the SBS Connection Manager but when I try to log on it says "Your credentials have failed remote network authentication".  I have ensured that the user has mobile and remote rights in AD (member of).

Any ideas?

0
Comment
Question by:Powerhousecomputing
  • 16
  • 10
27 Comments
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17849317
Please review and respond to these items:

1.  Are you sure you are using the correct username and password?

2.  Did you create this user with SBS's Add-User wizard and the MOBILE User template?

3.  Can you connect with alternate credentials?

4.  Is this only happening on one remote location?

5.  Can this user log into the VPN if you create a VPN connection manually and designating the server's external IP address for the connection?

Jeff
TechSoEasy
0
 

Author Comment

by:Powerhousecomputing
ID: 17849427
1. yes - I have even changed the password but it makes no difference and I have tried the admin one too.
2. yes
3. no
4. it happens from any remote lcoation
5. not tried
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17849562
So, just to confirm, you can't connect from ANY location using ANY user account?

If so, then please rerun the Remote Access Configuration Wizard to re-establish the SBSCM, then redownload the new version from the RWW main menu and try to connect with that.  

Jeff
TechSoEasy
0
Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17849568
Also, just to check... when you say, " I have ensured that the user has mobile and remote rights in AD (member of)."  What exactly do you mean?

Jeff
TechSoEasy
0
 

Author Comment

by:Powerhousecomputing
ID: 17849699
When I go into the user I have ensure that the Member of incluces remote users and mobile user templates
0
 

Author Comment

by:Powerhousecomputing
ID: 17850355
this is what I see in the remote tool's log

[cmdial32]      15:56:32      14      Retry Authentication Event
[cmdial32]      15:56:32      14      Retry Authentication Event
[cmdial32]      15:56:32      20      On-Error Event      ErrorCode = 734 ErrorSource = RAS
[cmdial32]      15:56:32      20      On-Error Event      ErrorCode = 734 ErrorSource = RAS
[cmdial32]      15:56:35      20      On-Error Event      ErrorCode = 734 ErrorSource = RAS
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17850427
Well, this is why I asked for "exactly" because there are not any groups which are called "remote users" or "mobile user templates".  

If you created a NEW user with the SBS's Add User Wizard you should have selected the Mobile User Template, which would make a user a member of the following Groups:

Domain Users
Mobile Users
Remote Web Workplace Users
YourCompany  (distribution group)

Normally, these would not need to be added manually, they should come from the Mobile User Template which is applied when creating the user.  If you had already created a user with a different template you can apply the correct permissions to their account by running the Change User Permission wizard and selecting the "replace" option.

Please forgive me for being persistent on this, however, from your responses,  was unable to determine whether or not this is how you added the users.

So, if you didn't do it this way you should go back and fix it by running the Change User Permissions wizard as described above.

Jeff
TechSoEasy

0
 

Author Comment

by:Powerhousecomputing
ID: 17850512
sorry for the vagueness - I have done exactly the method described above, using the wizard it has added the user as a member of:

Domain Users
Mobile Users
Remote Web Workplace Users
YourCompany  (distribution group)

I have looked at changing permissions just in case it was wrong but this has made no difference and as I say I can try with administrator too but that user does not work either.
0
 

Author Comment

by:Powerhousecomputing
ID: 17851412
I just cannot see the problem - I have set these up so many times before with no problem - AGH!
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 500 total points
ID: 17851530
Well, thank you for posting that it is a 734 error, that helps tremendously!

First, please confirm that you have port 1723 open on the router/firewall, and it is pointed to the server's IP.  Then, please ensure that you have GRE Protocol 47 (not port 47) enabled on the router.  This is sometimes referred to as "VPN Passthrough".  If your router does not have this setting, then it may not be appropriate for your use.

If all that doesn't work, please see:
http://support.microsoft.com/?id=318718

Jeff
TechSoEasy
0
 

Author Comment

by:Powerhousecomputing
ID: 17851769
It is a Draytek 2800G which I believe has VPN Passthrough auto enabled - have never had to change one yet!  1723 is open to the correct IP.
0
 

Author Comment

by:Powerhousecomputing
ID: 17851803
the article makes no sense as if I right click the Dial Up connection (SBS Remote Connector) I only have a properties icon with none of the items as described in the article.
0
 

Author Comment

by:Powerhousecomputing
ID: 17852332
I have been looking on the net and there are several other with the same problem - nobody seems to have a solution - surely you have one - oh SBS guru? please ;)
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17854855
That KB article would be applicable if you manually created a VPN connection on an XP machine.  I had suggested that in #5 above which I don't think you've attempted yet.  Please try this.

Jeff
TechSoEasy
0
 

Author Comment

by:Powerhousecomputing
ID: 17856564
you mean through the router NOT SBS?
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17856620
What statement of mine are you referring to?
0
 

Author Comment

by:Powerhousecomputing
ID: 17856627
5.  Can this user log into the VPN if you create a VPN connection manually and designating the server's external IP address for the connection?
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17856658
Well, this may be your problem then... are you using a PUBLIC IP on both your Router AND your External NIC?

Jeff
TechSoEasy
0
 

Author Comment

by:Powerhousecomputing
ID: 17856672
yes
0
 

Author Comment

by:Powerhousecomputing
ID: 17856674
yes
0
 

Author Comment

by:Powerhousecomputing
ID: 17856707
I can now get into the website and loo areas of SBS but cannot connect using the SBS Remote connection Tool created by the connection manager.
0
 

Author Comment

by:Powerhousecomputing
ID: 17856710
I can now get into the website and log on to all  areas of SBS but cannot connect using the SBS Remote connection Tool created by the connection manager.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17856733
Well, your configuration is not really one that I would recommend (nor does anyone else for that matter).  There's no reason to have a Public IP address on your SBS's External NIC.  Otherwise you are defeating the purpose of having the Router there as a Firewall.  

A sample overview of a two-NIC configuration for SBS is here:  http://sbsurl.com/twonics.

If you configure things the way they are shown in that example, it should work just fine.

Jeff
TechSoEasy
0
 

Author Comment

by:Powerhousecomputing
ID: 17856738
We dont have two NICs
0
 

Author Comment

by:Powerhousecomputing
ID: 17856768
ok - I have it fixed - I contacted Draytek again and it seems like their firmware has changed and that there is an additional setting needed to allow VPN Passthrough.

Thank you so much for all you help!
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17856775
Okay, then even more reason that you should NOT have a public IP address on your server's NIC!

You should be using NAT on the Router.   The server should ONLY have an internal IP address.  Perhaps you should post a complete IPCONFIG /ALL from the server so we can review it.

Jeff
TechSoEasy
0
 

Expert Comment

by:JakeSpencer
ID: 22448725
Powerhousecomputing

I have the exact same problem; what setting did you change on your DrayTek router as I have a similar model 8020G and get error 734 when attempting to logon to my SBS?

Regards

Jake
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Funa@india.com 6 462
Errors  Migrating DHCP from SBS 2008 to Server 2012 r2 2 64
Exchange 2010 - Two email addresses - OOF on one 45 89
DNS issues after a power outage 3 44
The problem of the system drive in SBS 2003 getting full continues to be an issue, even though SBS 2008 and SBS 2011 are both in the market place.  There are several solutions to this, including adding additional drive space or using third party uti…
Because virtualization becomes more and more common, and, with Microsoft Hyper-V included in Windows Server at no additional costs, and, most server hardware nowadays is more than capable of running a physical Small Business Server (SBS) 2008 or 201…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question