• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 705
  • Last Modified:

Active diretory authentication error

Hello!

Recently, one of our users informed me that he have had an authentication error when he tried to establish a VPN connection to our server. After several attempts he could finally login. On a domain controller I found the folowing messages:

Event Type:      Warning
Event Source:      IAS
Event Category:      None
Event ID:      2
Date:            5/13/2009
Time:            9:52:03 AM
User:            N/A
Computer:      DC01
Description:
User DOMAIN \UserName was denied access.
 Fully-Qualified-User-Name = DOMAIN \UserName
 NAS-IP-Address = 10.10.0.10
 NAS-Identifier = <not present>
 Called-Station-Identifier = <not present>
 Calling-Station-Identifier = 76.15.67.48
 Client-Friendly-Name = proxysrv
 Client-IP-Address = 10.10.0.10
 NAS-Port-Type = Virtual
 NAS-Port = 22
 Proxy-Policy-Name = Use Windows authentication for all users
 Authentication-Provider = Windows
 Authentication-Server = <undetermined>
 Policy-Name = <undetermined>
 Authentication-Type = MS-CHAPv2
 EAP-Type = <undetermined>
 Reason-Code = 16
 Reason = Authentication was not successful because an unknown user name or incorrect password was used.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2e 05 07 80               ...€    


Note: 10.10.0.10 - This is an ISA Server address.
Please, also notice the space between DOMAIN and \UserName. Is this normal?



After such several messages I see the folowing message:
Event Type:      Information
Event Source:      IAS
Event Category:      None
Event ID:      5050
Date:            5/13/2009
Time:            9:52:26 AM
User:            N/A
Computer:      DC01
Description:
A LDAP connection with domain controller dc01.domain.local for domain DOMAIN is established.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

and then another message of the successful login the same second after the previous message:
Event Type:      Information
Event Source:      IAS
Event Category:      None
Event ID:      1
Date:            5/13/2009
Time:            9:52:26 AM
User:            N/A
Computer:      DC01
Description:
User DOMAIN\UserName was granted access.
 Fully-Qualified-User-Name = domain.local/Some OU/Another OU/Users/User Name
 NAS-IP-Address = 10.10.0.10
 NAS-Identifier = <not present>
 Client-Friendly-Name = proxysrv
 Client-IP-Address = 10.10.0.10
 Calling-Station-Identifier = 76.15.67.48
 NAS-Port-Type = Virtual
 NAS-Port = 22
 Proxy-Policy-Name = Use Windows authentication for all users
 Authentication-Provider = Windows
 Authentication-Server = <undetermined>
 Policy-Name = Allow access if dial-in permission is enabled
 Authentication-Type = MS-CHAPv2
 EAP-Type = <undetermined>

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00               ....    

What is this all about? I don't think that the matter is just a bad user name or password. What could be the other reason?


0
Zaurb
Asked:
Zaurb
  • 2
  • 2
2 Solutions
 
zoics99Commented:
Unless you have been able to replicate it, I would suggest that maybe it was a bad username or PW.  Users often believe they are right when it comes to user names and passwords, but are often wrong.  


0
 
ZaurbAuthor Commented:
The log file on ISA shows the following:

## System Log:

 

Event ID: 20014
Time: 13/05/2009 2.18.09
Source: RemoteAccess
Type: Warning
Log: System
Computer: MONDIALPROXY
User: N/A
Description:
The user DOMAIN \userName  has connected and failed to authenticate on port VPN5-19 . The line has been disconnected.

 

Event ID: 20073
Time: 11/05/2009 9.47.47
Source: RemoteAccess
Type: Error
Log: System
Computer: PROXYSRV
User: N/A
Description:
The following error occurred in the Point to Point Protocol module on port: VPN5-19 , UserName: DOMAIN\UserName . The remote computer does not support the required data encryption type.  
0
 
zoics99Commented:
Check your client configuration.  Is this an issue you see with any other client?
0
 
ZaurbAuthor Commented:
well, honestly, my opinion is that this person had (occasionally) put a blank space character after domain name in his vpn connection settings... Have no other guess. This is what I see in server logs. I've even made the same thing on my computer and I get same messages in the server log files. DOMAIN[space]/UserName. When I eliminate space character following domain I log in successfully. This is a personal PC at home of our company's owner. So, I have no access to it... I've already asked him to check this next time if he fails to login...
0
 
PeteJThomasCommented:
I'll put money on the fact that you're correct in your guess... :)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now