Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Cannot add server to valid remote access servers in AD

Posted on 2009-05-03
10
Medium Priority
?
4,975 Views
Last Modified: 2012-06-22
Hello,

I am attempting to setup a VPN server but are running into difficulties. I have setup ISA 2006 Enterprise Edition on Server 2003 but when I attempt to Enable VPN Client Access from the tasks tab, I receive this warning:

"One or more computers in this array cannot be added to the list of valid remote access servers in Active Directory. Before a computer can be used as a remote access server, the domain administrator must complete this task."

Our DC is Windows Server 2008. I have looked in AD but I cannot find the location where I should be adding this server.

Can anyone assist please?

Cheers
Pete
0
Comment
Question by:Pete_Zed
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24302563
Is your ISA Server a domain member and do you have File and Print Sharing enabled in the Internal interface of ISA?
0
 
LVL 8

Author Comment

by:Pete_Zed
ID: 24302577
Yes it is a domain member and yes file and print sharing is enabled.
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24302689
You should have a group called "RAS and IAS Servers" in your AD. Adding the ISA server to this group should do the trick.
0
Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

 
LVL 8

Author Comment

by:Pete_Zed
ID: 24308504
Unfortunately no, it didn't work. I have also tried to reboot thinking that it may have kicked into life once a reboot was performed. Still the same message.
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24309463
Did you install ISA using a domain admin account? As far as I know, ISA should've added itself to the group during the install.

Check and see if you have all the updates installed for ISA and Server 2003 host. If that's the case, I would suggest you flatten and rebuild the ISA Server on a basic Server 2003 install if at all possible.
0
 
LVL 8

Author Comment

by:Pete_Zed
ID: 24310798
Yep, I used the domain admin account. I thought I might have to start again. It seemed that I was the only person having this problem. I will let you know how I get on.
0
 
LVL 8

Author Comment

by:Pete_Zed
ID: 24319249
I have rebuilt the server from scratch and the problem still persists. Do I need to setup any firewall policy rules to allow contact to a DC to allow the ISA server to talk to it correctly?
0
 
LVL 8

Accepted Solution

by:
Pete_Zed earned 0 total points
ID: 24321921
The solution is to remove the external DNS entries from the external NIC IP configuration. It seems that ISA was looking through the external NIC for AD rather than the internal network - weird.
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24322560
We learn something new everyday :-)

When configuring interfaces in ISA, you shouldn't enter any DNS entries on the externl NIC. Use the internal NIC and always use the internal DNS servers for resolution. Also make sure the external NIC is the only NIC with a default gateway entry and uncheck "Client for Microsoft Networks" and "File and Print sharing" from it.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question