Improve company productivity with a Business Account.Sign Up

x
?
Solved

RAS and authentication issues

Posted on 2010-09-04
7
Medium Priority
?
1,062 Views
Last Modified: 2012-08-14
I'm in need of someone with experience with RAS. Were hooked up via a data modem and serial connection. The physical connection is fine so no need to troubleshoot that. Our issue now is we receive authentication errors.

So we have a user off the domain authenticating with a domain account we created. The passwords are very simple so no chance that they are wrong. The events we get are this.

Source: RemoteAccess Event ID: 200187, 20073 and 20049

We are running 2003 Server with RAS. Originally we used the default incomming connection to receive the call however, we switched to configuring RRAS but was not necessary I don't think. In RRAS, we get "listening" then "Authenticating" then nothing and we receive the same errors.

Any ideas?
0
Comment
Question by:snyderkv
  • 5
  • 2
7 Comments
 
LVL 6

Accepted Solution

by:
Nuttycomputer earned 2000 total points
ID: 33605237
Microsoft Technet has some great resources on Error Codes for RAS - In particular here is the link to the 20073 error: http://technet.microsoft.com/en-us/library/cc733649(WS.10).aspx

From that Link Below:

Correct the mismatch in client and server configuration parameters
Possible resolution:

Check that the remote access client connection is configured with the same connection parameters as the remote access server. For example, Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) version 1 is not supported in the Windows Vista operating system. MS-CHAP version 2 should be used instead because it provides better security. However, Network Policy Server (NPS) supports and can be configured to use MS-CHAPv1 or MS-CHAPv2. There is a potential mismatch in this case with authentication protocols in the client and server configuration parameters. In this case, on the client computer running Windows Vista, change the authentication protocol configuration parameter from MSCHAPv1 to MSCHAPv2, and attempt to re-establish the connection.
0
 

Author Comment

by:snyderkv
ID: 33606111
Ok well according to the Trace logs, I see the IASAM log shows it as using MSChapV2. That is selected on the client as well. The other logs are just a bunch of jiberish.

Any pertinent logs I should be looking at? I continue to get 20187 and 20073.

0
 

Author Comment

by:snyderkv
ID: 33606669
Ok I enabled verbose logging via Netsh. On one of the logs RASMAN.log I get
invalid sendrcvbuffer passed blah blah

And in log IASSAM: LogonUser failed: Logon Failure: Unkown user name or bad password
0
Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

 
LVL 6

Expert Comment

by:Nuttycomputer
ID: 33606801
Looks like there are a few things to check out. Double verify credentials user is trying to login with perhaps they aren't putting in their domain name when logging in? Also make sure that user has permissions to access the network remotely in Active Directory.
0
 

Author Comment

by:snyderkv
ID: 33606869
The credentials entered has been confirmed so many times we can't confirm them anymore. Besides, I see the logs the domain\username being entered or authenticated against just fine.

Now a new thing has came up. NTLMv2 level. We think they do not match. Article http://support.microsoft.com/kb/893318/en-us AND http://support.microsoft.com/default.aspx?scid=kb;EN-US;299684 Explain this setting in more detail. We have yet to try it. It's in regards to IAS but is the same principle for RAS.

Another link here explains the same issue and same error log in his IASSAM log http://arstechnica.com/civis/viewtopic.php?f=17&t=261473

I think it's important to note that the Dial in user is in another domain with no ties to our domain. So we cannot test his authentication on our domain like you mentioned. Just have to keep dialing via the modem and looking at the connection status in RAS.

0
 

Author Closing Comment

by:snyderkv
ID: 33610538
I solved it but MSChap Nutty mentioned was somewhat on target. :)
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
If you are looking for an automated solution for backup single or multiple Office 365 user mailboxes to Outlook data file, then you can use Kernel Office 365 Backup & Restore tool. Go through the video to check out the steps to backup single or mult…
When you have multiple client accounts to manage, it often feels like there aren’t enough hours in the day. With too many applications to juggle, you can’t focus on your clients, much less your growing to-do list. But that doesn’t have to be the cas…

595 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question