We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

Routing and Remote Access in Windows 2003 loses Accounting Proivider

Medium Priority
359 Views
Last Modified: 2012-05-07
We are using Routing and Remote Access to allow VPN access into our corporate network.
This works fine for both PPTP and L2TP.

The issue I have is that I want the accounting provider within RRAS to be Windows Accounting.
I go to the Properties of RRAS, Security Tab, and choose Windows Accounting as the accounting provider.
This then works as I expect and get the details that I want within the logs.

The problem is that after a period of time, usually a few days or so, the Accounting Provider reverts back to none, and i lose the logging I want.

Within the Event Viewer the only thing I can see is that RRAS service is occasionally stop and start control. Nothing i know of is doing this deliberately.

Any ideas as to where to check to get the Accounting Provider to stay as Windows Accounting?


Event Type:      Information
Event Source:      Service Control Manager
Event Category:      None
Event ID:      7036
Date:            2/07/2009
Time:            7:47:19 AM
User:            N/A
Computer:      SERVER-ISA
Description:
The Routing and Remote Access service entered the stopped state.
Comment
Watch Question

Most Valuable Expert 2011
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
Thanks... yes you are correct, MS ISA 2006 is also on the server with RRAS.

Ok, so if MS ISA controls RRAS, how do i tell ISA to use Windows Accounting on RRAS?
Once upon i time I used MS ISA 2000 with RRAS and i could have RRAS use Windows Accounting.

Is there a setting I can use in MS ISA 2006?
Most Valuable Expert 2011

Commented:
I have no idea what you mean by Windows Accounting and I have no idea what it "gives" you that you are not getting.
In ISA if you want more detail in the logs then you need to not have anonymous Rules.  Using "All Users" = anonymous.  So you need to create User Sets and add users or groups to them and then use the User Sets in the Rules instead of "All Users".  Also using the Web Proxy Service (even while using the other services too) will give you more details yet.
Note: The SecureNAT Service is not capable of authentication,...so don't use it for the "humans".  Use the SecureNAT Service only for Servers and other "unmaned" equipment.

Author

Commented:
RRAS with Windows Accounting gives you more details in the IAS Logs.

I use some software that parses the IAS logs to allow me to review who has logged in via VPN, for how long, and any rejection messages that may occur (Auth Failure, Account Locked out, Account Disabled)
http://www.deepsoftware.com/iasviewer

What Im trying to do is make sure the Accounting Provider on the Security Tab of the properties of RRAS stays as Windows Accounting. At the moment, it will revert back to NONE, probably because of ISA as you mentioned. See Attached.

When the accounting provider is NONE, you do not get the details needed in the IAS logs to fully review the remote VPN access.
RRAS.jpg

Author

Commented:
Looks like this is one of those questions which no one can help with. I will leave it open another week or so for any last comments, otherwise i will close it as unsolved.
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.