Solved

SBS Server 2008 - VPN Error

Posted on 2010-08-25
13
1,970 Views
Last Modified: 2012-05-10
Error is :

The Routing and Remote Access service terminated with service-specific error 812 (0x32C).

and

The currently configured accounting provider failed to load and initialize successfully.
The connection was prevented because of a policy configured on your RAS/VPN server.
Specifically, the authentication method used by the server to verify your username and
password may not match the authentication method configured in your connection profile.
Please contact the Administrator of the RAS server and notify them of this error.


Any idea how to fix?

Thanks,
      Steve
0
Comment
Question by:Steve_Boston
  • 6
  • 6
13 Comments
 
LVL 2

Expert Comment

by:zsaurabh
ID: 33520455
Check this MS KB article

http://support.microsoft.com/kb/840686
0
 

Author Comment

by:Steve_Boston
ID: 33520473
Would that still apply ? i am running SBS 2008 the article is for 2000 and 2003. I tryed the steps in the KB but the files are not in the same space on the 2008 DVD
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 33521629
With SBS always best to use the wizards, at least first.
I would run the "Fix my Network Wizard" followed by the "configure a virtual private network". Both are located under Windows SBS console | Network | Connectivity | VPN | then select from the right hand menu

Should this not resolve, run the best practices analyzer which will often point out configuration issues:
http://www.microsoft.com/downloads/details.aspx?familyid=86a1aa32-9814-484e-bd43-3e42aec7f731&displaylang=en
0
 

Author Comment

by:Steve_Boston
ID: 33521882
Rob,
   when i do the Fic my Network Wizard, its showes No problems. when i do the VPN one it tells me there is an error and to look at the log and what i find is whati posted .. Hope that helps.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 33522468
Sorry I should have realized that.

812 errors are most common with Vista clients, I am not sure why, but the most common causes are:
1) in active directory Users and Computers under the user's profile, on the dial-in tab, access is set to deny. Should be allow or allow NPS to control
2) The connecting client is set to use too 'low' a security protocol. To check, on the client PC, go to  network connections | properties of VPN/PPP connection | security | make sure MS-Chap v2 is selected. While on that page make sure VPN type is automatic or PPTP.
3) The router is also configured to be a PPTP server (i.e. you have a VPN router and it is setup to accept PPTP connections). Must be disabled on router to allow pass through of PPTP packets to server.
4) Where you used the wizard it is unlikely any of these are wrong, but you may want to check the Network Policy Server settings (under administrative tools) to compare the following options. These are user and location restriction policies. If they have been modified thy can affect access by specific users, groups, or IP's.

General Connection Authorization Policy:
  Overview:
    policy enabled
    grant access
   Ignore account dial in properties
   Terminal server gateway
 Conditions:
    NAS port type Virtual(VPN)
    User Groups Your\Domain\DomainUsers
    Called Station ID UserAuthType(SCPW)
 Settings make sure under NAP enforcement Allow full network access is checked

Virtual Private Network (VPN) Access policy [Primary VPN policy]:
General Connection Authorization Policy:
  Overview:
    policy enabled
    grant access
   Ignore account dial in properties
   Remote Access Server (VPN DialUp)
 Conditions:
    NAS port type Virtual(VPN)
    User Groups Your\Domain\Windows SBS Virtual Private Network Users
    Called Station ID UserAuthType(SCPW)
 Settings make sure under NAP enforcement Allow full network access is checked as well as Enable auto-remediation of client computers
0
 

Author Comment

by:Steve_Boston
ID: 33522657
.. also i am seeing now that the Routing and Remote access, i can not start the service. i am getting the same error. it is at a stoped state and can not be started.
0
How does your email signature look on mobiles?

Do your employees use mobile devices to reply to emails? With mobile becoming increasingly important to the business world, it is in your best interest to make sure that your email signature looks great across all types of devices.

 
LVL 77

Expert Comment

by:Rob Williams
ID: 33522721
Interesting. I would open the services management console, look at the properties for the RRAS service and verify each of the "dependencies" has started. Also when you try to start and it fails, see if there is a related error in the event log, probably under system.
0
 

Author Comment

by:Steve_Boston
ID: 33522770
YES:
   The Routing and Remote Access service terminated with service-specific error 812 (0x32C).
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
ID: 33522945
I guess I was missing the fact that the SERVICE terminated and not the connection terminated due to 812 error.
An 812 error is usually  a client connection error with mis-matched policies as the error message states.

I assume then if RRAS will not start, you also cannot access the RRAS console and look at the RRAS policies?
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 33522979
Were all dependent services for RRAS started?
0
 

Author Comment

by:Steve_Boston
ID: 33523196
yes
0
 

Author Comment

by:Steve_Boston
ID: 33523225
ok ..... i dont know how ... the SQL Server logging was enabled and was pointed to the CRM SQL DB i deleted it and it is now working fine ...
 


does that make sence?
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 33523513
Sorry stepped out for a bit.
No It doesn't make any sense to me at all. I would have thought it was totally unrelated. However, lots I don't know.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now