Re: Server 2003 IAS and VPN problem (not ISA server)

---

• From: "Jim Harrison \(MSFT\)" <jmharr@xxxxxxxxxxxxxxxxxxxx>
• Date: Fri, 26 May 2006 09:59:16 -0700

---

The error message:
"Reason = Authentication was not successful because an unknown user name or incorrect password was used."
...is clear; the logon attempt is failing due to either a bad user account or password
Are you sure this user has the right to log in via VPN?
This is part of the RRAS or account policies (depending on how you configured it).

--
--
Jim Harrison [ISA SE]
Read the help, books and articles!

This posting is provided "AS IS" with no warranties, and confers no rights.

"denilia" <denilia@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:4E2B9533-41AD-47C6-9DB3-12DAF7F2E162@xxxxxxxxxxxxxxxx
hi all

I Have server 2003 with IAS service installed and configured to use RADIUS
standart to authinicate to VPN. IAS is registerd with AD.
When I'm connecting to VPN it prompts for y domain user name and password.
However authinication fails. in Logs I can see this error:

User Username was denied access.
Fully-Qualified-User-Name = DOMAIN\Username
NAS-IP-Address = 192.168.1.xxx
NAS-Identifier = <not present>
Called-Station-Identifier = <not present>
Calling-Station-Identifier = xxx.xxx.xxx
Client-Friendly-Name = PIX
Client-IP-Address = 192.168.1.xxx
NAS-Port-Type = <not present>
NAS-Port = 182
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = <undetermined>
Authentication-Type = PAP
EAP-Type = <undetermined>
Reason-Code = 16
Reason = Authentication was not successful because an unknown user name or
incorrect password was used.

After a sever tries, my account get locked out. so, it means that I can pass
PIX and start authinication.

I verified shared secrets and password. I used this article to double check
my work:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00800b6099.shtml#config-2003

Please help me....
Thank you





.

---

• Prev by Date: Re: Internal Clients can't VPN to External VPN Server(s)
• Next by Date: Re: Server 2003 IAS and VPN problem (not ISA server)
• Previous by thread: VPN working, but clients cannot access anything because ...
• Next by thread: Re: Server 2003 IAS and VPN problem (not ISA server)
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: WDS Authentication reason code 18 ... copy them to this news group and someone will take a look. ... > Computer: HIUSSOFPS01 ... > Reason = The specified authentication type is not supported on this ... then I get a reason code 66 error. ... (microsoft.public.internet.radius) Re: Utter madness! ... Lots of people run SQL on other boxes. ... certain authentication scenarios are harder in that set up. ... Another reason is that you can avoid the whole Kerberos delegation ... To do the service account approach, ... (microsoft.public.dotnet.framework.aspnet.security) Re: Please explain OpenSSH double authentication lack ... reason why OpenSSH doesn't permit to require two authentication ... mechanisms (PubKey _and_ passowrd), as Tectia, Van Dyke, etc... ... authentication should be more than enough. ... to take a look in home directories for all the passphraseless keys: ... (comp.security.ssh) Re: Image not showing in MasterPage during login ... I have the login control on a page (login.aspx ... Authentication began blocking access to all files, ... If you figure out the original reason, ... (microsoft.public.dotnet.framework.aspnet) Re: cisco vpn 3000 with IAS ... incorrect password was used. ... enabled on the matching remote access policy ... authentication method. ... Reason-Code = 16 ... (microsoft.public.internet.radius)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > ISA  > microsoft.public.isa.vpn  > 2006-05