beechfielder
asked on
Can no longer authenticate using VPN and certificate
Hi Experts,
I have set up a VPN using certificates and EAP. I could connect ok no problems but now am not able to authenticate. I can connect but the server will no longer authenticate my user name.
The only changes are a service pack and a couple of policy changes (which should not, logically affect the VPN). I stopped the storing of Lanman hashes by group policy but cannot see how this would have an impact. I have not made any changes to the remote access policy. I have the following errors in the event logs on the server
Thanks
Event Type: Warning
Event Source: IAS
Event Category: None
Event ID: 2
Date: 03/11/2006
Time: 08:28:59
User: N/A
Computer: DOMAINSERVER
Description:
User me@DOMAIN.local was denied access.
Fully-Qualified-User-Name = DOMAIN.local/MyBusiness/Us ers/SBSUse rs/ME
NAS-IP-Address = 127.0.0.1
NAS-Identifier = <not present>
Called-Station-Identifier = <not present>
Calling-Station-Identifier = xx.xxx.xxx.xxx
Client-Friendly-Name = domainserverradius
Client-IP-Address = 10.0.0.10
NAS-Port-Type = Virtual
NAS-Port = 129
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = Small Business Remote Access Policy
Authentication-Type = EAP
EAP-Type = <undetermined>
Reason-Code = 66
Reason = The user attempted to use an authentication method that is not enabled on the matching remote access policy.
Event Type: Warning
Event Source: RemoteAccess
Event Category: None
Event ID: 20014
Date: 03/11/2006
Time: 08:28:59
User: N/A
Computer: DOMAINSERVER
Description:
The user ME@DOMAIN.local has connected and failed to authenticate on port VPN5-127. The line has been disconnected.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
I have set up a VPN using certificates and EAP. I could connect ok no problems but now am not able to authenticate. I can connect but the server will no longer authenticate my user name.
The only changes are a service pack and a couple of policy changes (which should not, logically affect the VPN). I stopped the storing of Lanman hashes by group policy but cannot see how this would have an impact. I have not made any changes to the remote access policy. I have the following errors in the event logs on the server
Thanks
Event Type: Warning
Event Source: IAS
Event Category: None
Event ID: 2
Date: 03/11/2006
Time: 08:28:59
User: N/A
Computer: DOMAINSERVER
Description:
User me@DOMAIN.local was denied access.
Fully-Qualified-User-Name = DOMAIN.local/MyBusiness/Us
NAS-IP-Address = 127.0.0.1
NAS-Identifier = <not present>
Called-Station-Identifier = <not present>
Calling-Station-Identifier
Client-Friendly-Name = domainserverradius
Client-IP-Address = 10.0.0.10
NAS-Port-Type = Virtual
NAS-Port = 129
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = Small Business Remote Access Policy
Authentication-Type = EAP
EAP-Type = <undetermined>
Reason-Code = 66
Reason = The user attempted to use an authentication method that is not enabled on the matching remote access policy.
Event Type: Warning
Event Source: RemoteAccess
Event Category: None
Event ID: 20014
Date: 03/11/2006
Time: 08:28:59
User: N/A
Computer: DOMAINSERVER
Description:
The user ME@DOMAIN.local has connected and failed to authenticate on port VPN5-127. The line has been disconnected.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.