Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Can no longer authenticate using VPN and certificate

Posted on 2006-11-09
2
Medium Priority
?
1,795 Views
Last Modified: 2012-05-05
Hi Experts,

I have set up a VPN using certificates and EAP.  I could connect ok no problems but now am not able to authenticate. I can connect but the server will no longer authenticate my user name.  

The only changes are a service pack and a couple of policy changes (which should not, logically affect the VPN).  I stopped the storing of Lanman hashes by group policy but cannot see how this would have an impact. I have not made any changes to the remote access policy.   I have the following errors in the event logs on the server

Thanks

Event Type:      Warning
Event Source:      IAS
Event Category:      None
Event ID:      2
Date:            03/11/2006
Time:            08:28:59
User:            N/A
Computer:      DOMAINSERVER
Description:
User me@DOMAIN.local was denied access.
 Fully-Qualified-User-Name = DOMAIN.local/MyBusiness/Users/SBSUsers/ME
 NAS-IP-Address = 127.0.0.1
 NAS-Identifier = <not present>
 Called-Station-Identifier = <not present>
 Calling-Station-Identifier = xx.xxx.xxx.xxx
 Client-Friendly-Name = domainserverradius
 Client-IP-Address = 10.0.0.10
 NAS-Port-Type = Virtual
 NAS-Port = 129
 Proxy-Policy-Name = Use Windows authentication for all users
 Authentication-Provider = Windows
 Authentication-Server = <undetermined>
 Policy-Name = Small Business Remote Access Policy
 Authentication-Type = EAP
 EAP-Type = <undetermined>
 Reason-Code = 66
 Reason = The user attempted to use an authentication method that is not enabled on the matching remote access policy.


Event Type:      Warning
Event Source:      RemoteAccess
Event Category:      None
Event ID:      20014
Date:            03/11/2006
Time:            08:28:59
User:            N/A
Computer:      DOMAINSERVER
Description:
The user ME@DOMAIN.local has connected and failed to authenticate on port VPN5-127. The line has been disconnected.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
Comment
Question by:beechfielder
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 5

Accepted Solution

by:
beechfielder earned 0 total points
ID: 17928687
Well I found out why this was happening.  The entry in IAS on the authentication tab of the policy no longer contained an entry for "EAP method"  I added back "smart card of certificate" and can now connect.

I am not sure how this happened, the policy has not been touched, but a number of patches and service packs have been installed.
0

Featured Post

Tech or Treat! - Giveaway

Submit an article about your scariest tech experience—and the solution—and you’ll be automatically entered to win one of 4 fantastic tech gadgets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hey fellow admins! This time, I have a little fairy tale for you. As many tales do, it starts boring and then gets pretty gory. I hope you like it. TL;DR: It is about an important security matter, you should read it if you run or administer Windows …
I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question