?
Solved

Active diretory authentication error

Posted on 2009-05-13
5
Medium Priority
?
696 Views
Last Modified: 2012-06-27
Hello!

Recently, one of our users informed me that he have had an authentication error when he tried to establish a VPN connection to our server. After several attempts he could finally login. On a domain controller I found the folowing messages:

Event Type:      Warning
Event Source:      IAS
Event Category:      None
Event ID:      2
Date:            5/13/2009
Time:            9:52:03 AM
User:            N/A
Computer:      DC01
Description:
User DOMAIN \UserName was denied access.
 Fully-Qualified-User-Name = DOMAIN \UserName
 NAS-IP-Address = 10.10.0.10
 NAS-Identifier = <not present>
 Called-Station-Identifier = <not present>
 Calling-Station-Identifier = 76.15.67.48
 Client-Friendly-Name = proxysrv
 Client-IP-Address = 10.10.0.10
 NAS-Port-Type = Virtual
 NAS-Port = 22
 Proxy-Policy-Name = Use Windows authentication for all users
 Authentication-Provider = Windows
 Authentication-Server = <undetermined>
 Policy-Name = <undetermined>
 Authentication-Type = MS-CHAPv2
 EAP-Type = <undetermined>
 Reason-Code = 16
 Reason = Authentication was not successful because an unknown user name or incorrect password was used.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2e 05 07 80               ...€    


Note: 10.10.0.10 - This is an ISA Server address.
Please, also notice the space between DOMAIN and \UserName. Is this normal?



After such several messages I see the folowing message:
Event Type:      Information
Event Source:      IAS
Event Category:      None
Event ID:      5050
Date:            5/13/2009
Time:            9:52:26 AM
User:            N/A
Computer:      DC01
Description:
A LDAP connection with domain controller dc01.domain.local for domain DOMAIN is established.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

and then another message of the successful login the same second after the previous message:
Event Type:      Information
Event Source:      IAS
Event Category:      None
Event ID:      1
Date:            5/13/2009
Time:            9:52:26 AM
User:            N/A
Computer:      DC01
Description:
User DOMAIN\UserName was granted access.
 Fully-Qualified-User-Name = domain.local/Some OU/Another OU/Users/User Name
 NAS-IP-Address = 10.10.0.10
 NAS-Identifier = <not present>
 Client-Friendly-Name = proxysrv
 Client-IP-Address = 10.10.0.10
 Calling-Station-Identifier = 76.15.67.48
 NAS-Port-Type = Virtual
 NAS-Port = 22
 Proxy-Policy-Name = Use Windows authentication for all users
 Authentication-Provider = Windows
 Authentication-Server = <undetermined>
 Policy-Name = Allow access if dial-in permission is enabled
 Authentication-Type = MS-CHAPv2
 EAP-Type = <undetermined>

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00               ....    

What is this all about? I don't think that the matter is just a bad user name or password. What could be the other reason?


0
Comment
Question by:Zaurb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 1

Accepted Solution

by:
zoics99 earned 1000 total points
ID: 24373876
Unless you have been able to replicate it, I would suggest that maybe it was a bad username or PW.  Users often believe they are right when it comes to user names and passwords, but are often wrong.  


0
 
LVL 1

Author Comment

by:Zaurb
ID: 24373900
The log file on ISA shows the following:

## System Log:

 

Event ID: 20014
Time: 13/05/2009 2.18.09
Source: RemoteAccess
Type: Warning
Log: System
Computer: MONDIALPROXY
User: N/A
Description:
The user DOMAIN \userName  has connected and failed to authenticate on port VPN5-19 . The line has been disconnected.

 

Event ID: 20073
Time: 11/05/2009 9.47.47
Source: RemoteAccess
Type: Error
Log: System
Computer: PROXYSRV
User: N/A
Description:
The following error occurred in the Point to Point Protocol module on port: VPN5-19 , UserName: DOMAIN\UserName . The remote computer does not support the required data encryption type.  
0
 
LVL 1

Expert Comment

by:zoics99
ID: 24376429
Check your client configuration.  Is this an issue you see with any other client?
0
 
LVL 1

Author Comment

by:Zaurb
ID: 24376583
well, honestly, my opinion is that this person had (occasionally) put a blank space character after domain name in his vpn connection settings... Have no other guess. This is what I see in server logs. I've even made the same thing on my computer and I get same messages in the server log files. DOMAIN[space]/UserName. When I eliminate space character following domain I log in successfully. This is a personal PC at home of our company's owner. So, I have no access to it... I've already asked him to check this next time if he fails to login...
0
 
LVL 19

Assisted Solution

by:PeteJThomas
PeteJThomas earned 1000 total points
ID: 24376886
I'll put money on the fact that you're correct in your guess... :)
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question