FAQ  
 

RRAS does not authenticate Users

Created 2001-04-09 by Rainer Gerhards.

Question:

My RRAS server has joined a Windows 2000 domain and now no longer authenticates users. As long as I uses local accounts to connect to RRAS, all works well. But I can not use domain accounts to connect to RRAS. If I do, I receive some of these errors:

 Event id: 20073

 Source: Router

 Description: The following error occurred in the Point to Point
 Protocol module on port: port number, UserName: user
 name. The authentication server did not respond to
 authentication requests in a timely fashion.

The RAS client receives these error codes:

  • Error 619, "The port was disconnected."
  • Error 645, "Dial-Up Networking could not complete the connection to the server."

Answer:

This behaviour is by design. It occurs because the account you were logged on with at the time you joined the domain did not have administrator privileges on the Windows 2000 domain. Because of this, services that could easily compromise network security, such as RRAS, deny clients the ability to obtain access to the domain. To fix it, add the RRAS computer to the appropriate group:

  • Log on your Windows 2000-based computer with an account that has administrator privileges on the Windows 2000 domain.
  • Launch the Active Directory Users and Computers MMC snap-in, and then double-click your domain name.
  • Double-click the Users folder, and then double-click the RAS and IAS Servers security group.
  • Select the members tab.
  • Add the RRAS server to this group.

Alternative methods are available in a Microsoft Knowledge Base article on this issue.

WinSyslog
 Home
 Articles
 FAQ
 Windows XP
 Seminars Online
 Forums
 Books
 Links
 Newsletter Archive
 Web Server Check
 Contact Us
 Search
 

 



Printer Version Send this page to a friend

Copyright © 1988-2005 Adiscon GmbH All rights reserved.
Contact us via Secure Web Response | Privacy Policy
Topic Links: syslog