Re: Win2K3 domain account connecting to Win2K VPN server in an NT4 dom

From: "Robert L [MS-MVP]" <noreply@xxxxxxxxxxx>
Date: Fri, 28 Oct 2005 09:30:40 -0500

re-configure the RRAS may fix the problem. or check this troubleshooting tips,

VPN error code
Receiving VPN error 619 while connecting to a VPN via SBC ... VPN Error 930 -
The authentication server did not respond to authentication requests in a ...
www.chicagotech.net/vpnerrors.htm

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com

"AI" <{adi-spf4}{remove this text and the braces}@avivausa.com> wrote in message news:3D8611AE-B33A-4282-BF72-59A45C01DF9A@xxxxxxxxxxxxx...
I have a Windows 2000 VPN server (running ISA 2000) that is a member of a
Windows NT 4.0 domain. I have set up a Windows 2003 Active Directory domain,
running in Native Mode, and I am testing migrating the Windows NT 4.0
accounts to the new domain. The problem is that when I migrate accounts
(with the ADMT) from NT4 to AD, those accounts can no longer be authenticated
by the VPN server. When I try to connect from the client, I receive the
following error:

Verifying username and password...
Error 930: The authentication server did not respond to authentication
request in a timely fashion.

On the VPN server, the following event is logged:

Event ID: 20073
Source: RemoteAccess
Description: The following error occurred in the Point to Point Protocol
module on port: VPN<##>, UserName: <ADDOMAIN\username>. The authentication
server did not respond to authentication requests in a timely fashion.

- In the AD domain, the Everyone group is a member of the Pre-Windows 2000
Compatible group.
- I have set up trusts in both directions between the domains, and have
verified that the trusts are functioning properly.
- The VPN server is configured to use Windows authentication, not RADIUS.
- Accounts in the NT4 domain are still able to authenticate. Accounts that
are able to authenticate to the VPN when they are in the NT4 domain lose
access when they are migrated to the AD domain, so that pretty much rules out
any issues with a mismatch in authentication protocols or configuration on
the user account’s Dial-In tab (although I did verify that dial-in access is
still allowed in the account properties after the migration).
- When the account is migrated, the user profile is also migrated, so the
configuration of the VPN connection must be correct (it was working when the
account was in the NT4 domain).
- The connection protocol is PPTP.
- Before anyone says anything about adding the ISA/VPN server’s account to
the RAS and ISA Servers group in the AD domain, remember that it’s the *user*
that is in the AD domain, whereas the server is in the NT4 domain (and
therefore cannot be added to a Domain Local group in the AD domain).

Based on what I’ve read, my configuration – an AD user connecting to a VPN
server in an NT4 domain using pass-through authentication – should work fine
as long as the Everyone group is in the Pre-Windows 2000 Compatible group in
the AD domain. What am I missing?

Follow-Ups:
- Re: Win2K3 domain account connecting to Win2K VPN server in an NT4
  - From: AI

Prev by Date: Re: Corporate Network - Forcing a RAS client to only access a Terminal Server
Next by Date: Re: Win2K3 domain account connecting to Win2K VPN server in an NT4
Previous by thread: Ghost IP assignmnet
Next by thread: Re: Win2K3 domain account connecting to Win2K VPN server in an NT4
Index(es):
- Date
- Thread

Relevant Pages

RE: VPN Configuration error
... Remote Access wizard to configure VPN. ... How to move the client programs folder to another location in Windows Small ... or if the SBS SP1 did not finish the installation. ... On the SBS server, click Start, click Run, type "regedit" (without the ...
(microsoft.public.windows.server.sbs)
RE: Beginners Questions
... We do use Windows form on the presentation layer which is on ... terminal server and call web services on the business logic side. ... of using "proxy" authentication on SQL Server. ... > I have written an app with a Windows Forms UI that is deployed to clients ...
(microsoft.public.dotnet.distributed_apps)
Re: VPN with SBS Premuim
... Windows 2003 SP2 networking issues, and then re-ran the CEICW again this time ... I understand that after installing ISA 2004 on the SBS ... server, VPN does not work. ... if you installed SP2 on the SBS server without ...
(microsoft.public.windows.server.sbs)
RE: VPN Problem, PC not Authenticating with Server
... is the VPN server, SBS or router? ... Regarding the configuration of L2TP VPN, please also refer to the following ... 818043 L2TP/IPsec NAT-T update for Windows XP and Windows 2000 ... Computer certificates for L2TP/IPSec VPN connections ...
(microsoft.public.windows.server.sbs)
RE: VPN
... possible to verify the identity of the server". ... Authentication, the Internet Authentication Service need to be ... On the VPN server, click Start, click Run, type rrasmgmt.msc, and then ... Windows Authentication, under Accounting Provider, click to select Windows ...
(microsoft.public.windows.server.sbs)