Re: Handheld device remote networking issues into RAS
- From: "Bill Grant" <not.available@online>
- Date: Sat, 21 Jan 2006 14:50:12 +1100
The message you quote tells you why CHAP isn't working. It needs the
reversibly encrypted password option. This is off by default in server 2003.
nosurfdj wrote:
> We have a bunch of NEC MobilePros, mainly 770, 780, 790s that remote
> users use to dial in to our RAS server.
> Everything was working fine until we moved RAS to a Windows 2003
> server, from a NT Server.
> The handhelds will dial and connect to the server, but as soon as that
> happens there is a message displayed on the handhelds that says:
> responding to authentication challenge
>
> Another window pops up almost simultaneously that says:
> Disconnected.
>
> I checked the event log on the server and found this warning event:
> Source-Remote Access
> Event ID 20187
> The user domain\user failed an authentication attempt due to the
> following reason: The user could not be authenticated using Challenge
> Handshake Authentication Protocol (CHAP). A reversibly encrypted
> password does not exist for this user account. To ensure that
> reversibly encrypted passwords are enabled, check either the domain
> password policy or the password settings on the user account.
>
> There is another event right after it, same source
> Event ID 20014
> The user domain\user has connected and failed to authenticate on port
> COM1. The line has been disconnected.
>
> I don't understand why I'm getting this second event. I've created a
> policy in Routing and Remote Access to allow the group that the
> account is in to be granted
> remote access permission.
> And in regard to the first event, I don't understand why CHAP won't
> work-I've enabled the policy to allow CHAP authentication, as well as
> others.
>
> I've also checked some of the logs on the server and found some
> information, but I haven't found much information on it and what it
> means exactly.
>
> from RASAUTH log
> [4056] 10:35:31:668: IASResponse = 2, FailureReason = 0x13
>
> from RASCHAP log
> [3184] 01-10 10:35:31:637: CS_ChallengeSent...
> [3184] 01-10 10:35:31:668: ChapMakeMessage,RBuf=00000000
> [3184] 01-10 10:35:31:668: Result=691,Tries=2
> [3184] 01-10 10:35:31:668: CS_Done...
>
> FROM IASSAM log
> [4056] 01-10 10:35:31:668: LogonUser failed: The specified directory
> service attribute or value does not exist.
>
> from PPP log
> 3184] 01-10 10:35:31:668: Auth Protocol c223 terminated with error 691
>
> from RASMAN
> Disconnecting Port 0xCOM1, reason 0
>
> In Active Directory, I've also disabled 2 settings that could cause
> problems: computer config/windows settings/security settings/local
> policies/security option
> Microsoft network server: digitally sign communications (always)
> Microsoft network client: digitally sign communications (always)
>
> I understand that there is also a setting in AD that will store all
> passwords with reversible encryption, but it is considered a security
> risk. I haven't tried changing this setting and then dialing in. I
> hope there's other options.
>
> Any help is appreciated.
.
- Follow-Ups:
- Re: Handheld device remote networking issues into RAS
- From: nosurfdj
- Re: Handheld device remote networking issues into RAS
- From: nosurfdj
- Re: Handheld device remote networking issues into RAS
- Prev by Date: Installing Second Network Adaptor
- Next by Date: Re: Installing Second Network Adaptor
- Previous by thread: Installing Second Network Adaptor
- Next by thread: Re: Handheld device remote networking issues into RAS
- Index(es):
Relevant Pages
|
Loading
