andrewg96
asked on
VPN 3000 Concentrator
I have run into an issue with our VPN concentrator. Users connect to our VPN concentrator using Cisco VPN client. The concentrator authenticates via Windows Server 2008 AD. Currently, when I test the authentication server, I receive the following: Authentication Error: No response from server. On the DC, I see the following in the security log:
Log Name: Security
Source: Microsoft-Windows-Security -Auditing
Date: 1/5/2010 3:48:50 PM
Event ID: 4768
Task Category: Kerberos Authentication Service
Level: Information
Keywords: Audit Success
User: N/A
Computer: DC01.domain.local
Description:
A Kerberos authentication ticket (TGT) was requested.
Account Information:
Account Name: username
Supplied Realm Name: domain
User ID: domain\username
Service Information:
Service Name: krbtgt
Service ID: domain\krbtgt
Network Information:
Client Address: 192.168.2.2
Client Port: 1146
Additional Information:
Ticket Options: 0x40800010
Result Code: 0x0
Ticket Encryption Type: 0x3
Pre-Authentication Type: 0
Certificate Information:
Certificate Issuer Name:
Certificate Serial Number:
Certificate Thumbprint:
Certificate information is only provided if a certificate was used for pre-authentication.
Pre-authentication types, ticket options, encryption types and result codes are defined in RFC 4120.
Log Name: Security
Source: Microsoft-Windows-Security
Date: 1/5/2010 3:48:50 PM
Event ID: 4768
Task Category: Kerberos Authentication Service
Level: Information
Keywords: Audit Success
User: N/A
Computer: DC01.domain.local
Description:
A Kerberos authentication ticket (TGT) was requested.
Account Information:
Account Name: username
Supplied Realm Name: domain
User ID: domain\username
Service Information:
Service Name: krbtgt
Service ID: domain\krbtgt
Network Information:
Client Address: 192.168.2.2
Client Port: 1146
Additional Information:
Ticket Options: 0x40800010
Result Code: 0x0
Ticket Encryption Type: 0x3
Pre-Authentication Type: 0
Certificate Information:
Certificate Issuer Name:
Certificate Serial Number:
Certificate Thumbprint:
Certificate information is only provided if a certificate was used for pre-authentication.
Pre-authentication types, ticket options, encryption types and result codes are defined in RFC 4120.
ASKER
This is a new domain, so it has not worked on this exact domain. The concentrator is using Kerberos for AD.
Do you see anything odd in the syslog on the concentrator?
ASKER
Here is the log from the concentrator
59733 01/05/2010 16:50:31.040 SEV=8 AUTHDBG/1 RPT=9866
AUTH_Open() returns 769
59734 01/05/2010 16:50:31.040 SEV=7 AUTH/12 RPT=9866
Authentication session opened: handle = 769
59735 01/05/2010 16:50:31.040 SEV=8 AUTHDBG/3 RPT=14160
AUTH_PutAttrTable(769, b062bc)
59736 01/05/2010 16:50:31.040 SEV=8 AUTHDBG/5 RPT=2658
AUTH_Authenticate(769, 1c4b6bc, 515184)
59737 01/05/2010 16:50:31.040 SEV=8 AUTHDBG/59 RPT=14176
AUTH_BindServer(1ecd3bc, 0, 0)
59738 01/05/2010 16:50:31.040 SEV=9 AUTHDBG/69 RPT=14155
Auth Server e81be0 has been bound to ACB 1ecd3bc, sessions = 1
59739 01/05/2010 16:50:31.040 SEV=8 AUTHDBG/65 RPT=14155
AUTH_CreateTimer(1ecd3bc, 0, 0)
59740 01/05/2010 16:50:31.040 SEV=9 AUTHDBG/72 RPT=14155
Reply timer created: handle = 36640029
59741 01/05/2010 16:50:31.040 SEV=8 AUTHDBG/179 RPT=14155
AUTH_SyncToServer(1ecd3bc, 0, 0)
59742 01/05/2010 16:50:31.040 SEV=8 AUTHDBG/180 RPT=14155
AUTH_SendLockReq(1ecd3bc, 0, 0)
59743 01/05/2010 16:50:31.040 SEV=8 AUTHDBG/61 RPT=14441
AUTH_BuildMsg(1ecd3bc, 0, 0)
59744 01/05/2010 16:50:31.040 SEV=8 AUTHDBG/188 RPT=2939
Kerberos_Build(1ecd3bc)
59745 01/05/2010 16:50:31.050 SEV=8 AUTHDBG/64 RPT=14474
AUTH_StartTimer(1ecd3bc, 0, 0)
59746 01/05/2010 16:50:31.050 SEV=9 AUTHDBG/73 RPT=14474
Reply timer started: handle = 36640029, timestamp = -262799840, timeout = 4000
59747 01/05/2010 16:50:31.050 SEV=8 AUTHDBG/62 RPT=14474
AUTH_SndRequest(1ecd3bc, 0, 0)
59748 01/05/2010 16:50:31.050 SEV=8 AUTHDBG/192 RPT=5877
Kerberos_Decode(1c69938, 0)
59749 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/31 RPT=8172
Kerberos: Message type KRB_AS_REQ
59750 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/42 RPT=8914
Kerberos: Option forwardable
59751 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/42 RPT=8915
Kerberos: Option renewable
59752 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/42 RPT=8916
Kerberos: Option renewable accepted
59753 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/33 RPT=5421
Kerberos: Client Realm DOMAINNAME
59754 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/32 RPT=5421
Kerberos: Client Name username
59755 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/35 RPT=5267
Kerberos: Server Realm DOMAINNAME
59756 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/34 RPT=10533
Kerberos: Server Name krbtgt
59757 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/34 RPT=10534
Kerberos: Server Name DOMAINNAME
59758 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/36 RPT=2972
Kerberos: Start time 0
59759 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/37 RPT=2972
Kerberos: End time 0
59760 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/38 RPT=2972
Kerberos: Renew until time 0
59761 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/39 RPT=5267
Kerberos: Nonce 1262731831
59762 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/40 RPT=20798
Kerberos: Encryption type des-cbc-md5
59763 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/40 RPT=20799
Kerberos: Encryption type des-cbc-crc
59764 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/40 RPT=20800
Kerberos: Encryption type des-cbc-md4
59765 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/40 RPT=20801
Kerberos: Encryption type des3-cbc-sha1
59766 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/40 RPT=20802
Kerberos: Encryption type des-hmac-sha1
59767 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/40 RPT=20803
Kerberos: Encryption type rc4-hmac
59768 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/40 RPT=20804
Kerberos: Encryption type null
59769 01/05/2010 16:50:31.050 SEV=8 AUTHDBG/189 RPT=5943
Kerberos_Xmt(1ecd3bc)
59770 01/05/2010 16:50:31.050 SEV=8 AUTHDBG/189 RPT=5944
Kerberos_Xmt(1ecd3bc)
59771 01/05/2010 16:50:31.050 SEV=9 AUTHDBG/71 RPT=14474
xmit_cnt = 1
59772 01/05/2010 16:50:31.150 SEV=8 AUTHDBG/191 RPT=2959
Kerberos_Match(1ecd3bc, 1f00fdc), id = 0x00, rcvd = 0x82
59773 01/05/2010 16:50:31.150 SEV=7 AUTHDBG/76 RPT=51
Unable to correlate received message with authentication session
59733 01/05/2010 16:50:31.040 SEV=8 AUTHDBG/1 RPT=9866
AUTH_Open() returns 769
59734 01/05/2010 16:50:31.040 SEV=7 AUTH/12 RPT=9866
Authentication session opened: handle = 769
59735 01/05/2010 16:50:31.040 SEV=8 AUTHDBG/3 RPT=14160
AUTH_PutAttrTable(769, b062bc)
59736 01/05/2010 16:50:31.040 SEV=8 AUTHDBG/5 RPT=2658
AUTH_Authenticate(769, 1c4b6bc, 515184)
59737 01/05/2010 16:50:31.040 SEV=8 AUTHDBG/59 RPT=14176
AUTH_BindServer(1ecd3bc, 0, 0)
59738 01/05/2010 16:50:31.040 SEV=9 AUTHDBG/69 RPT=14155
Auth Server e81be0 has been bound to ACB 1ecd3bc, sessions = 1
59739 01/05/2010 16:50:31.040 SEV=8 AUTHDBG/65 RPT=14155
AUTH_CreateTimer(1ecd3bc, 0, 0)
59740 01/05/2010 16:50:31.040 SEV=9 AUTHDBG/72 RPT=14155
Reply timer created: handle = 36640029
59741 01/05/2010 16:50:31.040 SEV=8 AUTHDBG/179 RPT=14155
AUTH_SyncToServer(1ecd3bc,
59742 01/05/2010 16:50:31.040 SEV=8 AUTHDBG/180 RPT=14155
AUTH_SendLockReq(1ecd3bc, 0, 0)
59743 01/05/2010 16:50:31.040 SEV=8 AUTHDBG/61 RPT=14441
AUTH_BuildMsg(1ecd3bc, 0, 0)
59744 01/05/2010 16:50:31.040 SEV=8 AUTHDBG/188 RPT=2939
Kerberos_Build(1ecd3bc)
59745 01/05/2010 16:50:31.050 SEV=8 AUTHDBG/64 RPT=14474
AUTH_StartTimer(1ecd3bc, 0, 0)
59746 01/05/2010 16:50:31.050 SEV=9 AUTHDBG/73 RPT=14474
Reply timer started: handle = 36640029, timestamp = -262799840, timeout = 4000
59747 01/05/2010 16:50:31.050 SEV=8 AUTHDBG/62 RPT=14474
AUTH_SndRequest(1ecd3bc, 0, 0)
59748 01/05/2010 16:50:31.050 SEV=8 AUTHDBG/192 RPT=5877
Kerberos_Decode(1c69938, 0)
59749 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/31 RPT=8172
Kerberos: Message type KRB_AS_REQ
59750 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/42 RPT=8914
Kerberos: Option forwardable
59751 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/42 RPT=8915
Kerberos: Option renewable
59752 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/42 RPT=8916
Kerberos: Option renewable accepted
59753 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/33 RPT=5421
Kerberos: Client Realm DOMAINNAME
59754 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/32 RPT=5421
Kerberos: Client Name username
59755 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/35 RPT=5267
Kerberos: Server Realm DOMAINNAME
59756 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/34 RPT=10533
Kerberos: Server Name krbtgt
59757 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/34 RPT=10534
Kerberos: Server Name DOMAINNAME
59758 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/36 RPT=2972
Kerberos: Start time 0
59759 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/37 RPT=2972
Kerberos: End time 0
59760 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/38 RPT=2972
Kerberos: Renew until time 0
59761 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/39 RPT=5267
Kerberos: Nonce 1262731831
59762 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/40 RPT=20798
Kerberos: Encryption type des-cbc-md5
59763 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/40 RPT=20799
Kerberos: Encryption type des-cbc-crc
59764 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/40 RPT=20800
Kerberos: Encryption type des-cbc-md4
59765 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/40 RPT=20801
Kerberos: Encryption type des3-cbc-sha1
59766 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/40 RPT=20802
Kerberos: Encryption type des-hmac-sha1
59767 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/40 RPT=20803
Kerberos: Encryption type rc4-hmac
59768 01/05/2010 16:50:31.050 SEV=10 AUTHDECODE/40 RPT=20804
Kerberos: Encryption type null
59769 01/05/2010 16:50:31.050 SEV=8 AUTHDBG/189 RPT=5943
Kerberos_Xmt(1ecd3bc)
59770 01/05/2010 16:50:31.050 SEV=8 AUTHDBG/189 RPT=5944
Kerberos_Xmt(1ecd3bc)
59771 01/05/2010 16:50:31.050 SEV=9 AUTHDBG/71 RPT=14474
xmit_cnt = 1
59772 01/05/2010 16:50:31.150 SEV=8 AUTHDBG/191 RPT=2959
Kerberos_Match(1ecd3bc, 1f00fdc), id = 0x00, rcvd = 0x82
59773 01/05/2010 16:50:31.150 SEV=7 AUTHDBG/76 RPT=51
Unable to correlate received message with authentication session
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
You are a Genius!! My life is sooo much better now. Thank you for your prompt response.
Justin