Re: VERY frustrating 2000 server RRAS/VPN problem

jjd228_at_NOSPAMoptonline.net
Date: 04/02/04 

Date: Fri, 02 Apr 2004 16:46:03 GMT

ok, so please let me get this all straight.

first, i only have one nic in the machine. so youre telling me that i dont
have to configure a dhcp relay agent, NOR do i have to create a pool of ip
addresses within RRAS... youre saying that i dont have to do either? please
verify that and i will test it.

"Phillip Windell" <@.> wrote in message
news:uODNekMGEHA.3540@TK2MSFTNGP09.phx.gbl...
> Your client machine receives an address when connecting (or it should),
> therefore it is already in the same subnet (or it should be), so there is
no
> "routing",...you can not "route" to where you are already at to start
with.
> You need to verify which address your client is receiving and verify
> specifically which machine you can ping and which you cannot, and the
subnet
> each is in if there are multiple subnets. Knowing *all* this makes a big
> difference when trying to troublshoot this type of stuff.
>
>
> --
>
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
>
>
> <jjd228@NOSPAMoptonline.net> wrote in message
> news:oyfbc.24175$Nu3.6348790@news4.srv.hcvlny.cv.net...
> > great! i can connect now. however i cant ping any machines on the
network.
> i
> > imagine i need to create a static route somewhere. i know that when
using
> > dialin access via a phone modem to act as in ISP a static route must be
> > created with 0.0.0.0... would this be the same case?
> >
> >
> > "Matthew [MSFT]" <mfresoli@online.microsoft.com> wrote in message
> > news:OO79DKMGEHA.1128@TK2MSFTNGP11.phx.gbl...
> > > If you are using the domain name when logging one with the VPN client,
> > then
> > > the server is mostlikely trying to use the domain admin account.
> > >
> > > When logging on, try using the context machinename\username, where
> machine
> > > name is the RRAS server name.
> > >
> > > Another thing to try would be creating a new user locally that does
not
> > have
> > > a domain account and give it dial in permissions.
> > >
> > > On your VPN connection properties, leave the domain name blank when
> > logging
> > > on.
> > >
> > >
> > >
> > > --
> > > [This posting is provided AS IS
> > > with no warranties, and confers
> > > no rights.]
> > > <jjd228@NOSPAMoptonline.net> wrote in message
> > > news:qMebc.23891$Nu3.6221665@news4.srv.hcvlny.cv.net...
> > > > since the machine is a stand alone server i am using the local
> > > administrator
> > > > account. would the fact that there is also an account named
> > administrator
> > > in
> > > > AD be causing a problem? there is on,y one DC. i have not changed
the
> > > policy
> > > > to GRANT because my understanding of the default policy is that
access
> > > will
> > > > be allowed IF dialin access is permitted at the user level as long
as
> > day
> > > > and time restrictions do not match. please advise...
> > > >
> > > >
> > > >
> > > > "Matthew [MSFT]" <mfresoli@online.microsoft.com> wrote in message
> > > > news:%23XMTP3LGEHA.3372@TK2MSFTNGP09.phx.gbl...
> > > > > Hi,
> > > > >
> > > > > Are you using a local user account or domain account? If domain
> > > account,
> > > > > make sure there is no local account with the same name on the
> server.
> > > > >
> > > > > Also, is there more than one DC? Check to see if the dial in
> > > permissions
> > > > > replicated to all DCs if using a domain account.
> > > > >
> > > > > If you change the RAS policy to Grant remote access permissions
> based
> > on
> > > > the
> > > > > conditions, does this work?
> > > > >
> > > > > -Matt
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > [This posting is provided AS IS
> > > > > with no warranties, and confers
> > > > > no rights.]
> > > > > <jjd228@NOSPAMoptonline.net> wrote in message
> > > > > news:i_dbc.23612$Nu3.6078728@news4.srv.hcvlny.cv.net...
> > > > > > i setup rras as a remote access server. i leave the default
remote
> > > > access
> > > > > > policy alone. i then open the properties for a user account and
on
> > the
> > > > > > dial-in tab i click to ALLOW remote access via dial in or vpn.
> guess
> > > > what?
> > > > > a
> > > > > > vpn connection attempt is denied and says the user does not have
> > > dialin
> > > > > > rights! ive rebooted, logged in physically at the machine,
logged
> > off,
> > > > > tried
> > > > > > again... same thing! whats the problem? the server is a member
of
> a
> > > > domain
> > > > > > but is NOT a domain controller. would there be a setting on the
> > > default
> > > > > > domain security policy that could be screwing me up?
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: Was Theo_delight prosecueted recently?
    ... who you got into trouble with apologies to David ... Look dip stick, you re not a barrister, youre not lawyer, youre not a ... Well you usually dont come on after that time and you dont try to bait ... others and leaves just the "dodgy folk" for you to deal with. ...
    (uk.legal)
  • Re: [GW] Rumored release dates
    ... sling insults. ... you throw a pathetic jackass a bone and you just revel in it dont ... talk shit we can talk shit. ... so common mr intellegent, tell me what youre ...
    (rec.games.miniatures.warhammer)
  • Re: OT - Obama vs. Bush: NO DIFFERENCE
    ... and put up exactly why youre phonier than an 8 dollar bill and you ... just fucking snipped that shit like nobody noticed... ... this is the whole fucking point knumbskull you dont... ...
    (alt.sports.basketball.nba.la-lakers)
  • Fwd: Re: Question for DumbFuck Xtian Fundies About Earths Derivation
    ... arf meow arf - raggedy ann and andy for president and vice ... and i commented on these and your response was ... the best youve come up is claiming youre not expert ... your concept of science is to quote people you dont understand ...
    (talk.origins)
  • Re: [GW] Rumored release dates
    ... sling insults. ... talk shit we can talk shit. ... so common mr intellegent, tell me what youre ... i dont crawl on the floor looking for ...
    (rec.games.miniatures.warhammer)