?
Solved

RAS and authentication issues

Posted on 2010-09-04
7
Medium Priority
?
1,022 Views
Last Modified: 2012-08-14
I'm in need of someone with experience with RAS. Were hooked up via a data modem and serial connection. The physical connection is fine so no need to troubleshoot that. Our issue now is we receive authentication errors.

So we have a user off the domain authenticating with a domain account we created. The passwords are very simple so no chance that they are wrong. The events we get are this.

Source: RemoteAccess Event ID: 200187, 20073 and 20049

We are running 2003 Server with RAS. Originally we used the default incomming connection to receive the call however, we switched to configuring RRAS but was not necessary I don't think. In RRAS, we get "listening" then "Authenticating" then nothing and we receive the same errors.

Any ideas?
0
Comment
Question by:snyderkv
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
7 Comments
 
LVL 6

Accepted Solution

by:
Nuttycomputer earned 2000 total points
ID: 33605237
Microsoft Technet has some great resources on Error Codes for RAS - In particular here is the link to the 20073 error: http://technet.microsoft.com/en-us/library/cc733649(WS.10).aspx

From that Link Below:

Correct the mismatch in client and server configuration parameters
Possible resolution:

Check that the remote access client connection is configured with the same connection parameters as the remote access server. For example, Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) version 1 is not supported in the Windows Vista operating system. MS-CHAP version 2 should be used instead because it provides better security. However, Network Policy Server (NPS) supports and can be configured to use MS-CHAPv1 or MS-CHAPv2. There is a potential mismatch in this case with authentication protocols in the client and server configuration parameters. In this case, on the client computer running Windows Vista, change the authentication protocol configuration parameter from MSCHAPv1 to MSCHAPv2, and attempt to re-establish the connection.
0
 

Author Comment

by:snyderkv
ID: 33606111
Ok well according to the Trace logs, I see the IASAM log shows it as using MSChapV2. That is selected on the client as well. The other logs are just a bunch of jiberish.

Any pertinent logs I should be looking at? I continue to get 20187 and 20073.

0
 

Author Comment

by:snyderkv
ID: 33606669
Ok I enabled verbose logging via Netsh. On one of the logs RASMAN.log I get
invalid sendrcvbuffer passed blah blah

And in log IASSAM: LogonUser failed: Logon Failure: Unkown user name or bad password
0
10 Questions to Ask when Buying Backup Software

Choosing the right backup solution for your organization can be a daunting task. To make the selection process easier, ask solution providers these 10 key questions.

 
LVL 6

Expert Comment

by:Nuttycomputer
ID: 33606801
Looks like there are a few things to check out. Double verify credentials user is trying to login with perhaps they aren't putting in their domain name when logging in? Also make sure that user has permissions to access the network remotely in Active Directory.
0
 

Author Comment

by:snyderkv
ID: 33606869
The credentials entered has been confirmed so many times we can't confirm them anymore. Besides, I see the logs the domain\username being entered or authenticated against just fine.

Now a new thing has came up. NTLMv2 level. We think they do not match. Article http://support.microsoft.com/kb/893318/en-us AND http://support.microsoft.com/default.aspx?scid=kb;EN-US;299684 Explain this setting in more detail. We have yet to try it. It's in regards to IAS but is the same principle for RAS.

Another link here explains the same issue and same error log in his IASSAM log http://arstechnica.com/civis/viewtopic.php?f=17&t=261473

I think it's important to note that the Dial in user is in another domain with no ties to our domain. So we cannot test his authentication on our domain like you mentioned. Just have to keep dialing via the modem and looking at the connection status in RAS.

0
 

Author Closing Comment

by:snyderkv
ID: 33610538
I solved it but MSChap Nutty mentioned was somewhat on target. :)
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question