?
Solved

RAS and authentication issues

Posted on 2010-09-04
7
Medium Priority
?
1,046 Views
Last Modified: 2012-08-14
I'm in need of someone with experience with RAS. Were hooked up via a data modem and serial connection. The physical connection is fine so no need to troubleshoot that. Our issue now is we receive authentication errors.

So we have a user off the domain authenticating with a domain account we created. The passwords are very simple so no chance that they are wrong. The events we get are this.

Source: RemoteAccess Event ID: 200187, 20073 and 20049

We are running 2003 Server with RAS. Originally we used the default incomming connection to receive the call however, we switched to configuring RRAS but was not necessary I don't think. In RRAS, we get "listening" then "Authenticating" then nothing and we receive the same errors.

Any ideas?
0
Comment
Question by:snyderkv
  • 5
  • 2
7 Comments
 
LVL 6

Accepted Solution

by:
Nuttycomputer earned 2000 total points
ID: 33605237
Microsoft Technet has some great resources on Error Codes for RAS - In particular here is the link to the 20073 error: http://technet.microsoft.com/en-us/library/cc733649(WS.10).aspx

From that Link Below:

Correct the mismatch in client and server configuration parameters
Possible resolution:

Check that the remote access client connection is configured with the same connection parameters as the remote access server. For example, Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) version 1 is not supported in the Windows Vista operating system. MS-CHAP version 2 should be used instead because it provides better security. However, Network Policy Server (NPS) supports and can be configured to use MS-CHAPv1 or MS-CHAPv2. There is a potential mismatch in this case with authentication protocols in the client and server configuration parameters. In this case, on the client computer running Windows Vista, change the authentication protocol configuration parameter from MSCHAPv1 to MSCHAPv2, and attempt to re-establish the connection.
0
 

Author Comment

by:snyderkv
ID: 33606111
Ok well according to the Trace logs, I see the IASAM log shows it as using MSChapV2. That is selected on the client as well. The other logs are just a bunch of jiberish.

Any pertinent logs I should be looking at? I continue to get 20187 and 20073.

0
 

Author Comment

by:snyderkv
ID: 33606669
Ok I enabled verbose logging via Netsh. On one of the logs RASMAN.log I get
invalid sendrcvbuffer passed blah blah

And in log IASSAM: LogonUser failed: Logon Failure: Unkown user name or bad password
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 6

Expert Comment

by:Nuttycomputer
ID: 33606801
Looks like there are a few things to check out. Double verify credentials user is trying to login with perhaps they aren't putting in their domain name when logging in? Also make sure that user has permissions to access the network remotely in Active Directory.
0
 

Author Comment

by:snyderkv
ID: 33606869
The credentials entered has been confirmed so many times we can't confirm them anymore. Besides, I see the logs the domain\username being entered or authenticated against just fine.

Now a new thing has came up. NTLMv2 level. We think they do not match. Article http://support.microsoft.com/kb/893318/en-us AND http://support.microsoft.com/default.aspx?scid=kb;EN-US;299684 Explain this setting in more detail. We have yet to try it. It's in regards to IAS but is the same principle for RAS.

Another link here explains the same issue and same error log in his IASSAM log http://arstechnica.com/civis/viewtopic.php?f=17&t=261473

I think it's important to note that the Dial in user is in another domain with no ties to our domain. So we cannot test his authentication on our domain like you mentioned. Just have to keep dialing via the modem and looking at the connection status in RAS.

0
 

Author Closing Comment

by:snyderkv
ID: 33610538
I solved it but MSChap Nutty mentioned was somewhat on target. :)
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…
Stellar Phoenix SQL Database Repair software easily fixes the suspect mode issue of SQL Server database. It is a simple process to bring the database from suspect mode to normal mode. Check out the video and fix the SQL database suspect mode problem.

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question