Solved

RAS and authentication issues

Posted on 2010-09-04
7
1,009 Views
Last Modified: 2012-08-14
I'm in need of someone with experience with RAS. Were hooked up via a data modem and serial connection. The physical connection is fine so no need to troubleshoot that. Our issue now is we receive authentication errors.

So we have a user off the domain authenticating with a domain account we created. The passwords are very simple so no chance that they are wrong. The events we get are this.

Source: RemoteAccess Event ID: 200187, 20073 and 20049

We are running 2003 Server with RAS. Originally we used the default incomming connection to receive the call however, we switched to configuring RRAS but was not necessary I don't think. In RRAS, we get "listening" then "Authenticating" then nothing and we receive the same errors.

Any ideas?
0
Comment
Question by:snyderkv
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
7 Comments
 
LVL 6

Accepted Solution

by:
Nuttycomputer earned 500 total points
ID: 33605237
Microsoft Technet has some great resources on Error Codes for RAS - In particular here is the link to the 20073 error: http://technet.microsoft.com/en-us/library/cc733649(WS.10).aspx

From that Link Below:

Correct the mismatch in client and server configuration parameters
Possible resolution:

Check that the remote access client connection is configured with the same connection parameters as the remote access server. For example, Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) version 1 is not supported in the Windows Vista operating system. MS-CHAP version 2 should be used instead because it provides better security. However, Network Policy Server (NPS) supports and can be configured to use MS-CHAPv1 or MS-CHAPv2. There is a potential mismatch in this case with authentication protocols in the client and server configuration parameters. In this case, on the client computer running Windows Vista, change the authentication protocol configuration parameter from MSCHAPv1 to MSCHAPv2, and attempt to re-establish the connection.
0
 

Author Comment

by:snyderkv
ID: 33606111
Ok well according to the Trace logs, I see the IASAM log shows it as using MSChapV2. That is selected on the client as well. The other logs are just a bunch of jiberish.

Any pertinent logs I should be looking at? I continue to get 20187 and 20073.

0
 

Author Comment

by:snyderkv
ID: 33606669
Ok I enabled verbose logging via Netsh. On one of the logs RASMAN.log I get
invalid sendrcvbuffer passed blah blah

And in log IASSAM: LogonUser failed: Logon Failure: Unkown user name or bad password
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 6

Expert Comment

by:Nuttycomputer
ID: 33606801
Looks like there are a few things to check out. Double verify credentials user is trying to login with perhaps they aren't putting in their domain name when logging in? Also make sure that user has permissions to access the network remotely in Active Directory.
0
 

Author Comment

by:snyderkv
ID: 33606869
The credentials entered has been confirmed so many times we can't confirm them anymore. Besides, I see the logs the domain\username being entered or authenticated against just fine.

Now a new thing has came up. NTLMv2 level. We think they do not match. Article http://support.microsoft.com/kb/893318/en-us AND http://support.microsoft.com/default.aspx?scid=kb;EN-US;299684 Explain this setting in more detail. We have yet to try it. It's in regards to IAS but is the same principle for RAS.

Another link here explains the same issue and same error log in his IASSAM log http://arstechnica.com/civis/viewtopic.php?f=17&t=261473

I think it's important to note that the Dial in user is in another domain with no ties to our domain. So we cannot test his authentication on our domain like you mentioned. Just have to keep dialing via the modem and looking at the connection status in RAS.

0
 

Author Comment

by:snyderkv
ID: 33610529
0
 

Author Closing Comment

by:snyderkv
ID: 33610538
I solved it but MSChap Nutty mentioned was somewhat on target. :)
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
Learn about cloud computing and its benefits for small business owners.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question