Solved

Active diretory authentication error

Posted on 2009-05-13
5
684 Views
Last Modified: 2012-06-27
Hello!

Recently, one of our users informed me that he have had an authentication error when he tried to establish a VPN connection to our server. After several attempts he could finally login. On a domain controller I found the folowing messages:

Event Type:      Warning
Event Source:      IAS
Event Category:      None
Event ID:      2
Date:            5/13/2009
Time:            9:52:03 AM
User:            N/A
Computer:      DC01
Description:
User DOMAIN \UserName was denied access.
 Fully-Qualified-User-Name = DOMAIN \UserName
 NAS-IP-Address = 10.10.0.10
 NAS-Identifier = <not present>
 Called-Station-Identifier = <not present>
 Calling-Station-Identifier = 76.15.67.48
 Client-Friendly-Name = proxysrv
 Client-IP-Address = 10.10.0.10
 NAS-Port-Type = Virtual
 NAS-Port = 22
 Proxy-Policy-Name = Use Windows authentication for all users
 Authentication-Provider = Windows
 Authentication-Server = <undetermined>
 Policy-Name = <undetermined>
 Authentication-Type = MS-CHAPv2
 EAP-Type = <undetermined>
 Reason-Code = 16
 Reason = Authentication was not successful because an unknown user name or incorrect password was used.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2e 05 07 80               ...€    


Note: 10.10.0.10 - This is an ISA Server address.
Please, also notice the space between DOMAIN and \UserName. Is this normal?



After such several messages I see the folowing message:
Event Type:      Information
Event Source:      IAS
Event Category:      None
Event ID:      5050
Date:            5/13/2009
Time:            9:52:26 AM
User:            N/A
Computer:      DC01
Description:
A LDAP connection with domain controller dc01.domain.local for domain DOMAIN is established.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

and then another message of the successful login the same second after the previous message:
Event Type:      Information
Event Source:      IAS
Event Category:      None
Event ID:      1
Date:            5/13/2009
Time:            9:52:26 AM
User:            N/A
Computer:      DC01
Description:
User DOMAIN\UserName was granted access.
 Fully-Qualified-User-Name = domain.local/Some OU/Another OU/Users/User Name
 NAS-IP-Address = 10.10.0.10
 NAS-Identifier = <not present>
 Client-Friendly-Name = proxysrv
 Client-IP-Address = 10.10.0.10
 Calling-Station-Identifier = 76.15.67.48
 NAS-Port-Type = Virtual
 NAS-Port = 22
 Proxy-Policy-Name = Use Windows authentication for all users
 Authentication-Provider = Windows
 Authentication-Server = <undetermined>
 Policy-Name = Allow access if dial-in permission is enabled
 Authentication-Type = MS-CHAPv2
 EAP-Type = <undetermined>

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00               ....    

What is this all about? I don't think that the matter is just a bad user name or password. What could be the other reason?


0
Comment
Question by:Zaurb
  • 2
  • 2
5 Comments
 
LVL 1

Accepted Solution

by:
zoics99 earned 250 total points
Comment Utility
Unless you have been able to replicate it, I would suggest that maybe it was a bad username or PW.  Users often believe they are right when it comes to user names and passwords, but are often wrong.  


0
 
LVL 1

Author Comment

by:Zaurb
Comment Utility
The log file on ISA shows the following:

## System Log:

 

Event ID: 20014
Time: 13/05/2009 2.18.09
Source: RemoteAccess
Type: Warning
Log: System
Computer: MONDIALPROXY
User: N/A
Description:
The user DOMAIN \userName  has connected and failed to authenticate on port VPN5-19 . The line has been disconnected.

 

Event ID: 20073
Time: 11/05/2009 9.47.47
Source: RemoteAccess
Type: Error
Log: System
Computer: PROXYSRV
User: N/A
Description:
The following error occurred in the Point to Point Protocol module on port: VPN5-19 , UserName: DOMAIN\UserName . The remote computer does not support the required data encryption type.  
0
 
LVL 1

Expert Comment

by:zoics99
Comment Utility
Check your client configuration.  Is this an issue you see with any other client?
0
 
LVL 1

Author Comment

by:Zaurb
Comment Utility
well, honestly, my opinion is that this person had (occasionally) put a blank space character after domain name in his vpn connection settings... Have no other guess. This is what I see in server logs. I've even made the same thing on my computer and I get same messages in the server log files. DOMAIN[space]/UserName. When I eliminate space character following domain I log in successfully. This is a personal PC at home of our company's owner. So, I have no access to it... I've already asked him to check this next time if he fails to login...
0
 
LVL 19

Assisted Solution

by:PeteJThomas
PeteJThomas earned 250 total points
Comment Utility
I'll put money on the fact that you're correct in your guess... :)
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
Let’s list some of the technologies that enable smooth teleworking. 
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now