Solved

Cannot add server to valid remote access servers in AD

Posted on 2009-05-03
10
4,913 Views
Last Modified: 2012-06-22
Hello,

I am attempting to setup a VPN server but are running into difficulties. I have setup ISA 2006 Enterprise Edition on Server 2003 but when I attempt to Enable VPN Client Access from the tasks tab, I receive this warning:

"One or more computers in this array cannot be added to the list of valid remote access servers in Active Directory. Before a computer can be used as a remote access server, the domain administrator must complete this task."

Our DC is Windows Server 2008. I have looked in AD but I cannot find the location where I should be adding this server.

Can anyone assist please?

Cheers
Pete
0
Comment
Question by:Pete_Zed
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24302563
Is your ISA Server a domain member and do you have File and Print Sharing enabled in the Internal interface of ISA?
0
 
LVL 8

Author Comment

by:Pete_Zed
ID: 24302577
Yes it is a domain member and yes file and print sharing is enabled.
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24302689
You should have a group called "RAS and IAS Servers" in your AD. Adding the ISA server to this group should do the trick.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 8

Author Comment

by:Pete_Zed
ID: 24308504
Unfortunately no, it didn't work. I have also tried to reboot thinking that it may have kicked into life once a reboot was performed. Still the same message.
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24309463
Did you install ISA using a domain admin account? As far as I know, ISA should've added itself to the group during the install.

Check and see if you have all the updates installed for ISA and Server 2003 host. If that's the case, I would suggest you flatten and rebuild the ISA Server on a basic Server 2003 install if at all possible.
0
 
LVL 8

Author Comment

by:Pete_Zed
ID: 24310798
Yep, I used the domain admin account. I thought I might have to start again. It seemed that I was the only person having this problem. I will let you know how I get on.
0
 
LVL 8

Author Comment

by:Pete_Zed
ID: 24319249
I have rebuilt the server from scratch and the problem still persists. Do I need to setup any firewall policy rules to allow contact to a DC to allow the ISA server to talk to it correctly?
0
 
LVL 8

Accepted Solution

by:
Pete_Zed earned 0 total points
ID: 24321921
The solution is to remove the external DNS entries from the external NIC IP configuration. It seems that ISA was looking through the external NIC for AD rather than the internal network - weird.
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24322560
We learn something new everyday :-)

When configuring interfaces in ISA, you shouldn't enter any DNS entries on the externl NIC. Use the internal NIC and always use the internal DNS servers for resolution. Also make sure the external NIC is the only NIC with a default gateway entry and uncheck "Client for Microsoft Networks" and "File and Print sharing" from it.
0

Featured Post

Ready to trade in that old firewall?

Whether you need to trade-up to a shiny new Firebox or just ready to upgrade from whatever appliance you're using now, WatchGuard has the right appliance for you! Find your perfect Firebox today with appliance sizing tool!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For a while, I have wanted to connect my HTC Incredible to my corporate network to take advantage of the phone's powerful capabilities. I searched online and came up with varied answers from "it won't work" to super complicated statements that I did…
Some of you may have heard that SonicWALL has finally released an app for iOS devices giving us long awaited connectivity for our iPhone's, iPod's, and iPad's. This guide is just a quick rundown on how to get up and running quickly using the app. …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question