Cannot add server to valid remote access servers in AD
Hello,
I am attempting to setup a VPN server but are running into difficulties. I have setup ISA 2006 Enterprise Edition on Server 2003 but when I attempt to Enable VPN Client Access from the tasks tab, I receive this warning:
"One or more computers in this array cannot be added to the list of valid remote access servers in Active Directory. Before a computer can be used as a remote access server, the domain administrator must complete this task."
Our DC is Windows Server 2008. I have looked in AD but I cannot find the location where I should be adding this server.
Can anyone assist please?
Cheers
Pete
I am attempting to setup a VPN server but are running into difficulties. I have setup ISA 2006 Enterprise Edition on Server 2003 but when I attempt to Enable VPN Client Access from the tasks tab, I receive this warning:
"One or more computers in this array cannot be added to the list of valid remote access servers in Active Directory. Before a computer can be used as a remote access server, the domain administrator must complete this task."
Our DC is Windows Server 2008. I have looked in AD but I cannot find the location where I should be adding this server.
Can anyone assist please?
Cheers
Pete
Raj-GT
Is your ISA Server a domain member and do you have File and Print Sharing enabled in the Internal interface of ISA?
ASKER
Yes it is a domain member and yes file and print sharing is enabled.
You should have a group called "RAS and IAS Servers" in your AD. Adding the ISA server to this group should do the trick.
ASKER
Unfortunately no, it didn't work. I have also tried to reboot thinking that it may have kicked into life once a reboot was performed. Still the same message.
Did you install ISA using a domain admin account? As far as I know, ISA should've added itself to the group during the install.
Check and see if you have all the updates installed for ISA and Server 2003 host. If that's the case, I would suggest you flatten and rebuild the ISA Server on a basic Server 2003 install if at all possible.
Check and see if you have all the updates installed for ISA and Server 2003 host. If that's the case, I would suggest you flatten and rebuild the ISA Server on a basic Server 2003 install if at all possible.
ASKER
Yep, I used the domain admin account. I thought I might have to start again. It seemed that I was the only person having this problem. I will let you know how I get on.
ASKER
I have rebuilt the server from scratch and the problem still persists. Do I need to setup any firewall policy rules to allow contact to a DC to allow the ISA server to talk to it correctly?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
We learn something new everyday :-)
When configuring interfaces in ISA, you shouldn't enter any DNS entries on the externl NIC. Use the internal NIC and always use the internal DNS servers for resolution. Also make sure the external NIC is the only NIC with a default gateway entry and uncheck "Client for Microsoft Networks" and "File and Print sharing" from it.
When configuring interfaces in ISA, you shouldn't enter any DNS entries on the externl NIC. Use the internal NIC and always use the internal DNS servers for resolution. Also make sure the external NIC is the only NIC with a default gateway entry and uncheck "Client for Microsoft Networks" and "File and Print sharing" from it.