Solved

Active diretory authentication error

Posted on 2009-05-13
5
694 Views
Last Modified: 2012-06-27
Hello!

Recently, one of our users informed me that he have had an authentication error when he tried to establish a VPN connection to our server. After several attempts he could finally login. On a domain controller I found the folowing messages:

Event Type:      Warning
Event Source:      IAS
Event Category:      None
Event ID:      2
Date:            5/13/2009
Time:            9:52:03 AM
User:            N/A
Computer:      DC01
Description:
User DOMAIN \UserName was denied access.
 Fully-Qualified-User-Name = DOMAIN \UserName
 NAS-IP-Address = 10.10.0.10
 NAS-Identifier = <not present>
 Called-Station-Identifier = <not present>
 Calling-Station-Identifier = 76.15.67.48
 Client-Friendly-Name = proxysrv
 Client-IP-Address = 10.10.0.10
 NAS-Port-Type = Virtual
 NAS-Port = 22
 Proxy-Policy-Name = Use Windows authentication for all users
 Authentication-Provider = Windows
 Authentication-Server = <undetermined>
 Policy-Name = <undetermined>
 Authentication-Type = MS-CHAPv2
 EAP-Type = <undetermined>
 Reason-Code = 16
 Reason = Authentication was not successful because an unknown user name or incorrect password was used.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2e 05 07 80               ...€    


Note: 10.10.0.10 - This is an ISA Server address.
Please, also notice the space between DOMAIN and \UserName. Is this normal?



After such several messages I see the folowing message:
Event Type:      Information
Event Source:      IAS
Event Category:      None
Event ID:      5050
Date:            5/13/2009
Time:            9:52:26 AM
User:            N/A
Computer:      DC01
Description:
A LDAP connection with domain controller dc01.domain.local for domain DOMAIN is established.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

and then another message of the successful login the same second after the previous message:
Event Type:      Information
Event Source:      IAS
Event Category:      None
Event ID:      1
Date:            5/13/2009
Time:            9:52:26 AM
User:            N/A
Computer:      DC01
Description:
User DOMAIN\UserName was granted access.
 Fully-Qualified-User-Name = domain.local/Some OU/Another OU/Users/User Name
 NAS-IP-Address = 10.10.0.10
 NAS-Identifier = <not present>
 Client-Friendly-Name = proxysrv
 Client-IP-Address = 10.10.0.10
 Calling-Station-Identifier = 76.15.67.48
 NAS-Port-Type = Virtual
 NAS-Port = 22
 Proxy-Policy-Name = Use Windows authentication for all users
 Authentication-Provider = Windows
 Authentication-Server = <undetermined>
 Policy-Name = Allow access if dial-in permission is enabled
 Authentication-Type = MS-CHAPv2
 EAP-Type = <undetermined>

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00               ....    

What is this all about? I don't think that the matter is just a bad user name or password. What could be the other reason?


0
Comment
Question by:Zaurb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 1

Accepted Solution

by:
zoics99 earned 250 total points
ID: 24373876
Unless you have been able to replicate it, I would suggest that maybe it was a bad username or PW.  Users often believe they are right when it comes to user names and passwords, but are often wrong.  


0
 
LVL 1

Author Comment

by:Zaurb
ID: 24373900
The log file on ISA shows the following:

## System Log:

 

Event ID: 20014
Time: 13/05/2009 2.18.09
Source: RemoteAccess
Type: Warning
Log: System
Computer: MONDIALPROXY
User: N/A
Description:
The user DOMAIN \userName  has connected and failed to authenticate on port VPN5-19 . The line has been disconnected.

 

Event ID: 20073
Time: 11/05/2009 9.47.47
Source: RemoteAccess
Type: Error
Log: System
Computer: PROXYSRV
User: N/A
Description:
The following error occurred in the Point to Point Protocol module on port: VPN5-19 , UserName: DOMAIN\UserName . The remote computer does not support the required data encryption type.  
0
 
LVL 1

Expert Comment

by:zoics99
ID: 24376429
Check your client configuration.  Is this an issue you see with any other client?
0
 
LVL 1

Author Comment

by:Zaurb
ID: 24376583
well, honestly, my opinion is that this person had (occasionally) put a blank space character after domain name in his vpn connection settings... Have no other guess. This is what I see in server logs. I've even made the same thing on my computer and I get same messages in the server log files. DOMAIN[space]/UserName. When I eliminate space character following domain I log in successfully. This is a personal PC at home of our company's owner. So, I have no access to it... I've already asked him to check this next time if he fails to login...
0
 
LVL 19

Assisted Solution

by:PeteJThomas
PeteJThomas earned 250 total points
ID: 24376886
I'll put money on the fact that you're correct in your guess... :)
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
Here's a look at newsworthy articles and community happenings during the last month.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question