Re: VERY frustrating 2000 server RRAS/VPN problem

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Phillip Windell (_at_.)
Date: 04/02/04 

Date: Fri, 2 Apr 2004 09:42:32 -0600

Your client machine receives an address when connecting (or it should),
therefore it is already in the same subnet (or it should be), so there is no
"routing",...you can not "route" to where you are already at to start with.
You need to verify which address your client is receiving and verify
specifically which machine you can ping and which you cannot, and the subnet
each is in if there are multiple subnets. Knowing *all* this makes a big
difference when trying to troublshoot this type of stuff. 

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
<jjd228@NOSPAMoptonline.net> wrote in message
news:oyfbc.24175$Nu3.6348790@news4.srv.hcvlny.cv.net...
> great! i can connect now. however i cant ping any machines on the network.
i
> imagine i need to create a static route somewhere. i know that when using
> dialin access via a phone modem to act as in ISP a static route must be
> created with 0.0.0.0... would this be the same case?
>
>
> "Matthew [MSFT]" <mfresoli@online.microsoft.com> wrote in message
> news:OO79DKMGEHA.1128@TK2MSFTNGP11.phx.gbl...
> > If you are using the domain name when logging one with the VPN client,
> then
> > the server is mostlikely trying to use the domain admin account.
> >
> > When logging on, try using the context machinename\username, where
machine
> > name is the RRAS server name.
> >
> > Another thing to try would be creating a new user locally that does not
> have
> > a domain account and give it dial in permissions.
> >
> > On your VPN connection properties, leave the domain name blank when
> logging
> > on.
> >
> >
> >
> > --
> > [This posting is provided AS IS
> > with no warranties, and confers
> > no rights.]
> > <jjd228@NOSPAMoptonline.net> wrote in message
> > news:qMebc.23891$Nu3.6221665@news4.srv.hcvlny.cv.net...
> > > since the machine is a stand alone server i am using the local
> > administrator
> > > account. would the fact that there is also an account named
> administrator
> > in
> > > AD be causing a problem? there is on,y one DC. i have not changed the
> > policy
> > > to GRANT because my understanding of the default policy is that access
> > will
> > > be allowed IF dialin access is permitted at the user level as long as
> day
> > > and time restrictions do not match. please advise...
> > >
> > >
> > >
> > > "Matthew [MSFT]" <mfresoli@online.microsoft.com> wrote in message
> > > news:%23XMTP3LGEHA.3372@TK2MSFTNGP09.phx.gbl...
> > > > Hi,
> > > >
> > > > Are you using a local user account or domain account?  If domain
> > account,
> > > > make sure there is no local account with the same name on the
server.
> > > >
> > > > Also, is there more than one DC?  Check to see if the dial in
> > permissions
> > > > replicated to all DCs if using a domain account.
> > > >
> > > > If you change the RAS policy to Grant remote access permissions
based
> on
> > > the
> > > > conditions, does this work?
> > > >
> > > > -Matt
> > > >
> > > >
> > > >
> > > > --
> > > > [This posting is provided AS IS
> > > > with no warranties, and confers
> > > > no rights.]
> > > > <jjd228@NOSPAMoptonline.net> wrote in message
> > > > news:i_dbc.23612$Nu3.6078728@news4.srv.hcvlny.cv.net...
> > > > > i setup rras as a remote access server. i leave the default remote
> > > access
> > > > > policy alone. i then open the properties for a user account and on
> the
> > > > > dial-in tab i click to ALLOW remote access via dial in or vpn.
guess
> > > what?
> > > > a
> > > > > vpn connection attempt is denied and says the user does not have
> > dialin
> > > > > rights! ive rebooted, logged in physically at the machine, logged
> off,
> > > > tried
> > > > > again... same thing! whats the problem? the server is a member of
a
> > > domain
> > > > > but is NOT a domain controller. would there be a setting on the
> > default
> > > > > domain security policy that could be screwing me up?
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Relevant Pages

  • RE: Cant install Windows Small Business 2003 Client
    ... Make sure that the Small Business Server ... that if the client computer is asking for the user and password is because is ... Try deleting one computer and create a new user account and recreate the ... computer object to see if that account can be use connectcomputer then. ...
    (microsoft.public.windows.server.sbs)
  • Re: Using EFS with Network Shares and SFU 3.5
    ... It does not take EFS into account. ... could again use the sharing server audit logs to see if success ... Read extended attribute and Read data, since the NFS client may ... Windows and *nix clients. ...
    (microsoft.public.windows.server.security)
  • RE: configuring client users
    ... This newsgroup only focuses on SBS technical issues. ... | Thread-Topic: configuring client users ... |> computer to SBS server while we need use "set up computer wizard" to ... |> For user account issue, please understand that if you join the client ...
    (microsoft.public.windows.server.sbs)
  • RE: SBS client updates over WAN remote sites
    ... User Wizard for the remote users on the SBS 2003 server, ... client applications such as Internet Explorer 6.0, Microsoft Office Outlook ... You can apply the following software on the subnet 10.0.2.0 using Group ...
    (microsoft.public.windows.server.sbs)
  • RE: configuring client users
    ... > Welcome to SBS newsgroup. ... we use "connect computer wizard" to connect the client ... > computer to SBS server while we need use "set up computer wizard" to set up ... > best interest to rerun the wizard again to add the client computer account ...
    (microsoft.public.windows.server.sbs)