• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1274
  • Last Modified:

RemoteAccess 20189 Error - Windows 2003 RRAS

Remote users can no longer use VPN setup on a member Windows 2003 server due to authentication failure. Error on the RRAS server (technically a Warning) is 20189 from Event Source RemoteAccess: "Authentication was not successful because an unknown user name or incorrect password was used. "

Could this be due to time differential of more than 1 minute between Internet -- where remote users are -- and AD domain? (I do not yet have permission to modify that setting.)

I have already checked the following:
- The RRAS server has secure channel with DC -- verified with NetDom
- Authenitcation traffic does reach a DC since the user account is locked out after more than x attempts.
- More than one user account has this problem -- perhaps all.
- Adding other authentication methods beside MSCHAP2 (MSCHAP and CHAP) makes no difference.
- User account still has problem even when moved to a new OU. Permission on OU are normal.
- LAN manager authentication level (as seen in local security policy and registry) is at 2: Allow NTLM, only refuse LM. So it is not set too high.

Please advise. (RRAS logs are too cryptic. Have created trace logs in C:\WINDOWS\tracing but not sure what to seek.) Thanks.

1 Solution
nkulshAuthor Commented:
We figured it out ourselves.
LAN manager authentication level (as seen in local security policy and registry) had to be changed on Domain Controllers -- all of them, from 5 to 1:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\lncompatibilitylevel (REG_DWORD)
Level 5 - DC refuses LM and NTLM authenication (accepts only NTLMv2)
Level 1 - Use NTLMv2 session security if negotiated  
Perhaps Level 4 would have worked as well.

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now