Solved

RAS and authentication issues

Posted on 2010-09-04
7
959 Views
Last Modified: 2012-08-14
I'm in need of someone with experience with RAS. Were hooked up via a data modem and serial connection. The physical connection is fine so no need to troubleshoot that. Our issue now is we receive authentication errors.

So we have a user off the domain authenticating with a domain account we created. The passwords are very simple so no chance that they are wrong. The events we get are this.

Source: RemoteAccess Event ID: 200187, 20073 and 20049

We are running 2003 Server with RAS. Originally we used the default incomming connection to receive the call however, we switched to configuring RRAS but was not necessary I don't think. In RRAS, we get "listening" then "Authenticating" then nothing and we receive the same errors.

Any ideas?
0
Comment
Question by:snyderkv
  • 5
  • 2
7 Comments
 
LVL 6

Accepted Solution

by:
Nuttycomputer earned 500 total points
Comment Utility
Microsoft Technet has some great resources on Error Codes for RAS - In particular here is the link to the 20073 error: http://technet.microsoft.com/en-us/library/cc733649(WS.10).aspx

From that Link Below:

Correct the mismatch in client and server configuration parameters
Possible resolution:

Check that the remote access client connection is configured with the same connection parameters as the remote access server. For example, Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) version 1 is not supported in the Windows Vista operating system. MS-CHAP version 2 should be used instead because it provides better security. However, Network Policy Server (NPS) supports and can be configured to use MS-CHAPv1 or MS-CHAPv2. There is a potential mismatch in this case with authentication protocols in the client and server configuration parameters. In this case, on the client computer running Windows Vista, change the authentication protocol configuration parameter from MSCHAPv1 to MSCHAPv2, and attempt to re-establish the connection.
0
 

Author Comment

by:snyderkv
Comment Utility
Ok well according to the Trace logs, I see the IASAM log shows it as using MSChapV2. That is selected on the client as well. The other logs are just a bunch of jiberish.

Any pertinent logs I should be looking at? I continue to get 20187 and 20073.

0
 

Author Comment

by:snyderkv
Comment Utility
Ok I enabled verbose logging via Netsh. On one of the logs RASMAN.log I get
invalid sendrcvbuffer passed blah blah

And in log IASSAM: LogonUser failed: Logon Failure: Unkown user name or bad password
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 6

Expert Comment

by:Nuttycomputer
Comment Utility
Looks like there are a few things to check out. Double verify credentials user is trying to login with perhaps they aren't putting in their domain name when logging in? Also make sure that user has permissions to access the network remotely in Active Directory.
0
 

Author Comment

by:snyderkv
Comment Utility
The credentials entered has been confirmed so many times we can't confirm them anymore. Besides, I see the logs the domain\username being entered or authenticated against just fine.

Now a new thing has came up. NTLMv2 level. We think they do not match. Article http://support.microsoft.com/kb/893318/en-us AND http://support.microsoft.com/default.aspx?scid=kb;EN-US;299684 Explain this setting in more detail. We have yet to try it. It's in regards to IAS but is the same principle for RAS.

Another link here explains the same issue and same error log in his IASSAM log http://arstechnica.com/civis/viewtopic.php?f=17&t=261473

I think it's important to note that the Dial in user is in another domain with no ties to our domain. So we cannot test his authentication on our domain like you mentioned. Just have to keep dialing via the modem and looking at the connection status in RAS.

0
 

Author Comment

by:snyderkv
Comment Utility
0
 

Author Closing Comment

by:snyderkv
Comment Utility
I solved it but MSChap Nutty mentioned was somewhat on target. :)
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now