Solved

Cannot add server to valid remote access servers in AD

Posted on 2009-05-03
10
4,699 Views
Last Modified: 2012-06-22
Hello,

I am attempting to setup a VPN server but are running into difficulties. I have setup ISA 2006 Enterprise Edition on Server 2003 but when I attempt to Enable VPN Client Access from the tasks tab, I receive this warning:

"One or more computers in this array cannot be added to the list of valid remote access servers in Active Directory. Before a computer can be used as a remote access server, the domain administrator must complete this task."

Our DC is Windows Server 2008. I have looked in AD but I cannot find the location where I should be adding this server.

Can anyone assist please?

Cheers
Pete
0
Comment
Question by:Pete_Zed
  • 5
  • 4
10 Comments
 
LVL 14

Expert Comment

by:Raj-GT
Comment Utility
Is your ISA Server a domain member and do you have File and Print Sharing enabled in the Internal interface of ISA?
0
 
LVL 8

Author Comment

by:Pete_Zed
Comment Utility
Yes it is a domain member and yes file and print sharing is enabled.
0
 
LVL 14

Expert Comment

by:Raj-GT
Comment Utility
You should have a group called "RAS and IAS Servers" in your AD. Adding the ISA server to this group should do the trick.
0
 
LVL 8

Author Comment

by:Pete_Zed
Comment Utility
Unfortunately no, it didn't work. I have also tried to reboot thinking that it may have kicked into life once a reboot was performed. Still the same message.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 14

Expert Comment

by:Raj-GT
Comment Utility
Did you install ISA using a domain admin account? As far as I know, ISA should've added itself to the group during the install.

Check and see if you have all the updates installed for ISA and Server 2003 host. If that's the case, I would suggest you flatten and rebuild the ISA Server on a basic Server 2003 install if at all possible.
0
 
LVL 8

Author Comment

by:Pete_Zed
Comment Utility
Yep, I used the domain admin account. I thought I might have to start again. It seemed that I was the only person having this problem. I will let you know how I get on.
0
 
LVL 8

Author Comment

by:Pete_Zed
Comment Utility
I have rebuilt the server from scratch and the problem still persists. Do I need to setup any firewall policy rules to allow contact to a DC to allow the ISA server to talk to it correctly?
0
 
LVL 8

Accepted Solution

by:
Pete_Zed earned 0 total points
Comment Utility
The solution is to remove the external DNS entries from the external NIC IP configuration. It seems that ISA was looking through the external NIC for AD rather than the internal network - weird.
0
 
LVL 14

Expert Comment

by:Raj-GT
Comment Utility
We learn something new everyday :-)

When configuring interfaces in ISA, you shouldn't enter any DNS entries on the externl NIC. Use the internal NIC and always use the internal DNS servers for resolution. Also make sure the external NIC is the only NIC with a default gateway entry and uncheck "Client for Microsoft Networks" and "File and Print sharing" from it.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

I have been asked to explain on many, many occasions the correct way to setup network cards and DNS settings on ISA Server 2004, 2006 and forefront Threat management gateway (FTMG) and have willing done so. I have also promised my self everytime tha…
Using Windows 2008 RRAS, I was able to successfully VPN into the network, but I was having problems restricting my test user from accessing certain things on the network.  I used Google in order to try to find out how to stop people from accessing c…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now