Link to home
Start Free TrialLog in
Avatar of andrewg96
andrewg96

asked on

VPN 3000 Concentrator

I have run into an issue with our VPN concentrator.  Users connect to our VPN concentrator using Cisco VPN client.  The concentrator authenticates via Windows Server 2008 AD.  Currently, when I test the authentication server, I receive the following: Authentication Error: No response from server.  On the DC, I see the following in the security log:
Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          1/5/2010 3:48:50 PM
Event ID:      4768
Task Category: Kerberos Authentication Service
Level:         Information
Keywords:      Audit Success
User:          N/A
Computer:      DC01.domain.local
Description:
A Kerberos authentication ticket (TGT) was requested.

Account Information:
      Account Name:            username
      Supplied Realm Name:      domain
      User ID:                  domain\username

Service Information:
      Service Name:            krbtgt
      Service ID:            domain\krbtgt

Network Information:
      Client Address:            192.168.2.2
      Client Port:            1146

Additional Information:
      Ticket Options:            0x40800010
      Result Code:            0x0
      Ticket Encryption Type:      0x3
      Pre-Authentication Type:      0

Certificate Information:
      Certificate Issuer Name:            
      Certificate Serial Number:      
      Certificate Thumbprint:            

Certificate information is only provided if a certificate was used for pre-authentication.

Pre-authentication types, ticket options, encryption types and result codes are defined in RFC 4120.
Avatar of Justin Owens
Justin Owens
Flag of United States of America image

If you are getting a success audit on your DC, I would look at your concentrator.  A few questions:  Has this ever worked?  If so, was anything changed before it stopped working?  What method is your concentrator using for AD authentication?

Justin
Avatar of andrewg96
andrewg96

ASKER

This is a new domain, so it has not worked on this exact domain.  The concentrator is using Kerberos for AD.
Do you see anything odd in the syslog on the concentrator?
Here is the log from the concentrator

59733 01/05/2010 16:50:31.040 SEV=8 AUTHDBG/1 RPT=9866
AUTH_Open() returns 769

59734 01/05/2010 16:50:31.040 SEV=7 AUTH/12 RPT=9866
Authentication session opened: handle = 769

59735 01/05/2010 16:50:31.040 SEV=8 AUTHDBG/3 RPT=14160
AUTH_PutAttrTable(769, b062bc)

59736 01/05/2010 16:50:31.040 SEV=8 AUTHDBG/5 RPT=2658
AUTH_Authenticate(769, 1c4b6bc, 515184)

59737 01/05/2010 16:50:31.040 SEV=8 AUTHDBG/59 RPT=14176
AUTH_BindServer(1ecd3bc, 0, 0)

59738 01/05/2010 16:50:31.040 SEV=9 AUTHDBG/69 RPT=14155
Auth Server e81be0 has been bound to ACB 1ecd3bc, sessions = 1

59739 01/05/2010 16:50:31.040 SEV=8 AUTHDBG/65 RPT=14155
AUTH_CreateTimer(1ecd3bc, 0, 0)

59740 01/05/2010 16:50:31.040 SEV=9 AUTHDBG/72 RPT=14155
Reply timer created: handle = 36640029

59741 01/05/2010 16:50:31.040 SEV=8 AUTHDBG/179 RPT=14155
AUTH_SyncToServer(1ecd3bc, 0, 0)

59742 01/05/2010 16:50:31.040 SEV=8 AUTHDBG/180 RPT=14155
AUTH_SendLockReq(1ecd3bc, 0, 0)

59743 01/05/2010 16:50:31.040 SEV=8 AUTHDBG/61 RPT=14441
AUTH_BuildMsg(1ecd3bc, 0, 0)

59744 01/05/2010 16:50:31.040 SEV=8 AUTHDBG/188 RPT=2939
Kerberos_Build(1ecd3bc)

59745 01/05/2010 16:50:31.050 SEV=8 AUTHDBG/64 RPT=14474
AUTH_StartTimer(1ecd3bc, 0, 0)

59746 01/05/2010 16:50:31.050 SEV=9 AUTHDBG/73 RPT=14474
Reply timer started: handle = 36640029, timestamp = -262799840, timeout = 4000

59747 01/05/2010 16:50:31.050 SEV=8 AUTHDBG/62 RPT=14474
AUTH_SndRequest(1ecd3bc, 0, 0)

59748 01/05/2010 16:50:31.050 SEV=8 AUTHDBG/192 RPT=5877
Kerberos_Decode(1c69938, 0)

59749 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/31 RPT=8172
Kerberos: Message type KRB_AS_REQ

59750 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/42 RPT=8914
Kerberos: Option forwardable

59751 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/42 RPT=8915
Kerberos: Option renewable

59752 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/42 RPT=8916
Kerberos: Option renewable accepted

59753 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/33 RPT=5421
Kerberos: Client Realm DOMAINNAME

59754 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/32 RPT=5421
Kerberos: Client Name username

59755 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/35 RPT=5267
Kerberos: Server Realm DOMAINNAME

59756 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/34 RPT=10533
Kerberos: Server Name krbtgt

59757 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/34 RPT=10534
Kerberos: Server Name DOMAINNAME

59758 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/36 RPT=2972
Kerberos: Start time 0

59759 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/37 RPT=2972
Kerberos: End time 0

59760 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/38 RPT=2972
Kerberos: Renew until time 0

59761 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/39 RPT=5267
Kerberos: Nonce 1262731831

59762 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/40 RPT=20798
Kerberos: Encryption type des-cbc-md5

59763 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/40 RPT=20799
Kerberos: Encryption type des-cbc-crc

59764 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/40 RPT=20800
Kerberos: Encryption type des-cbc-md4

59765 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/40 RPT=20801
Kerberos: Encryption type des3-cbc-sha1

59766 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/40 RPT=20802
Kerberos: Encryption type des-hmac-sha1

59767 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/40 RPT=20803
Kerberos: Encryption type rc4-hmac

59768 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/40 RPT=20804
Kerberos: Encryption type null

59769 01/05/2010 16:50:31.050 SEV=8 AUTHDBG/189 RPT=5943
Kerberos_Xmt(1ecd3bc)

59770 01/05/2010 16:50:31.050 SEV=8 AUTHDBG/189 RPT=5944
Kerberos_Xmt(1ecd3bc)

59771 01/05/2010 16:50:31.050 SEV=9 AUTHDBG/71 RPT=14474
xmit_cnt = 1

59772 01/05/2010 16:50:31.150 SEV=8 AUTHDBG/191 RPT=2959
Kerberos_Match(1ecd3bc, 1f00fdc), id = 0x00, rcvd = 0x82

59773 01/05/2010 16:50:31.150 SEV=7 AUTHDBG/76 RPT=51
Unable to correlate received message with authentication session
ASKER CERTIFIED SOLUTION
Avatar of Justin Owens
Justin Owens
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
You are a Genius!!  My life is sooo much better now.  Thank you for your prompt response.