Re: VPN Problem - Error 930 and Event 20073

From: Steve Waibel (stevewaibel_at_hotmail.com)
Date: 04/27/04 

Date: 27 Apr 2004 08:17:56 -0700

Sharoon, I believe what you are asking about is the problem discussed
in Q826899. I followed the resolution shown below and the problem
still exists. Are you suggesting some other way to update the
read-write permissions for the Active directory service record that
may fix the problem?

BTW, if I make this server a DC it does allow VPN logins, but I don't
want to have the VPN machine acting as a DC. I would like to find the
correct solution.

Steve

>From Q826899
~~~~~~~~~~~~
CAUSE
This issue may occur if the computer account has permissions to read
the Active Directory directory service record, but it does not have
permissions to write to the Active Directory record.
RESOLUTION
To resolve this issue, verify the user permissions in the Active
Directory Users and Computers snap-in on a Windows 2000 domain
controller. To do this, follow these steps:
Click Start, point to Programs, point to Administrative Tools, and
then click Active Directory Users and Computers.
Expand your domain.
Right-click Domain Controllers, and then click Properties.
Click the Group Policy tab, click Default Domain Controllers Policy,
and then click Edit.
Expand Computer Configuration, expand Windows Settings, expand
Security Settings, expand Local Policies, and then click User Rights
Assignment.
Double-click Access this computer from the network.
By default, the Administrators, the Authenticated Users, and the
Everyone groups are assigned this user right. If these groups are not
assigned this user right, add them. To do so, click Add, locate the
user or group you want to add, and then click OK two times.

"Sharoon Shetty K [MSFT]" <sharoons@online.microsoft.com> wrote in message news:<OFQKJSCLEHA.1612@TK2MSFTNGP12.phx.gbl>...
> Does the account have read-write permissions in the Active directory service
> record?
>
> --
>
> Thanks
> Sharoon
> sharoons@online.microsoft.com
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
> "Steve Waibel" <stevewaibel@hotmail.com> wrote in message
> news:444fe334.0404260934.efdb668@posting.google.com...
> > I just upgraded a NT domain to Windows 2003 with Active Directory.
> > There was a Windows 2000 member server running before the upgrade that
> > provided VPN access via the Microsoft-included Routing and Remote
> > Access. Since the upgrade to Windows 2003 and Active Directory, the
> > VPN no longer works and returns error 930 to all users logging in.
> > Event 20073 as shown below, is logged on the Remote Access Server with
> > each login attempt.
> >
> > Event Type: Error
> > Event Source: RemoteAccess
> > Event Category: None
> > Event ID: 20073
> > Date: 4/26/2004
> > Time: 9:16:36 AM
> > User: N/A
> > Computer: COMPUTER_Name
> > Description:
> > The following error occurred in the Point to Point Protocol module on
> > port: VPN4-127, UserName: Domain\JoeUser. The authentication server
> > did not respond to authentication requests in a timely fashion.
> >
> > I have already completed the steps detailed in the following Microsoft
> > KBs:
> >
> > Routing and Remote Access Server Stops Authenticating Dial-Up
> > Networking Clients
> > http://support.microsoft.com/default.aspx?scid=kb;[LN];Q227747
> >
> > Error Message: Error 930; The Authentication Server Did Not Respond to
> > Authentication Requests in a Timely Fashion
> > http://support.microsoft.com/default.aspx?scid=kb;EN-US;299684
> >
> > Error 930" Error Message When You Use a VPN Connection to Log On to a
> > Server That Is Running Routing and Remote Access
> > http://support.microsoft.com/default.aspx?scid=kb;en-us;826899
> >
> > What else can I try?
> >
> > Thanks for any suggestions.
> >
> > Steve

Relevant Pages

  • Re: RAS errors - removing Everyone from Pre-Windows 2000
    ... When your RADIUS server is not reachable from your VPN server. ... Active Directory directory service record, but it does not have permissions ... Expand your domain. ... Right-click Domain Controllers, and then click Properties. ...
    (microsoft.public.win2000.ras_routing)
  • Re: VPN error 930
    ... When your RADIUS server is not reachable from your VPN server. ... This issue may occur if the computer account has permissions to read the Active Directory directory service record, but it does not have permissions to write to the Active Directory record. ... Expand your domain. ... Click the Group Policy tab, click Default Domain Controllers Policy, and then click Edit. ...
    (microsoft.public.win2000.ras_routing)
  • Re: RAS errors - removing Everyone from Pre-Windows 2000
    ... We do not have Radius Setup, is this a requirement or can ... permissions to read the ... >to write to the Active Directory record. ... Expand Computer Configuration, expand Windows ...
    (microsoft.public.win2000.ras_routing)
  • Cant access policies
    ... I have a Windows 2000 domain which I have recently extended the schema to ... allow 2003 domain controllers, I have since added 2 2003 DC's ... I've worked through an MS article on manually setting the permissions on the ... 2003 servers as the primary DNS all my active directory operations fail (but ...
    (microsoft.public.win2000.active_directory)
  • Re: Why do i need to know AD ?
    ... DNS Support for Active Directory Technical Reference ... Is the directory service included in the Windows Server 2000/2003 family. ... controller to interact with domain controllers in the domain running Windows ... used to configure replication between sites. ...
    (microsoft.public.windows.server.active_directory)