troubleshooting Question

Server 2008 VPN

Avatar of ParadoxIT
ParadoxITFlag for Australia asked on
Windows NetworkingWindows Server 2008SBS
4 Comments1 Solution635 ViewsLast Modified:
OK Experts try this one:

Had SBS2003 Domain Controller, and a box with Server Standard 2008 also which was used to connect to via PPTP VPN from remote offices. Could also RDP into the Server 2008

Repalced SBS2003 with new SBS 2011 Standard

Since the changeover all systems work fine however I cannot access the Server 2008 box via VPN or RDP.  VPN is the critical one to us but I suspect it might be related.

VPN appears to connect as I get an error logged in the 2008 Server along the lines of either:

"The user USERNAME has connected and failed to authenticate on port VPN3-127. The line has been disconnected"


"The user USERNAME connected from but failed an authentication attempt due to the following reason: The connection was prevented because of a policy configured on your RAS/VPN server. Specifically, the authentication method used by the server to verify your username and password may not match the authentication method configured in your connection profile."

The username and password are correct as I can log them on locally, connect to exchange and so on, the user is allowed VPN access in SBS Console, The user is allow access to "Dial in" in the Active Directory Users and is also a member of remote desktop users, Administrators, Domain Admins and our VPN_Users Security Group.

I've tried every conceivable combination of security on the client side. Tried Windows XP, Windows 7 and Windows 8 Clients all with the same result.

I've configured policy for firewall, for allow remote access, and re-setup the RRAS Role.

Ports 1723 and GRE are forwarded in the router fine (It was working with the previous SBS2003 DC and the error messages recorded would indicate a connection)

The terminal server/Radius server are a different server to domain controller so I added the radius server computer account to the RAS and IAS Servers security group for this domain by using "netsh ras add registeredserver domain=OUR_DOMAIN server=SERVER2008NAME on the domain controller.....

I'm out of ideas here....and feeling the frustration!

Does anyone out there have anything that could help please! At this point I'll try anything!

Thank you Experts....

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 4 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 4 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros