RE: Internet Authentication Service Issues
- From: v-yanniw@xxxxxxxxxxxxxxxxxxxx ("Jenny wu [MSFT]")
- Date: Fri, 06 Jan 2006 10:16:43 GMT
Hi Laura,
Thanks for your update by mail.
I think the problem should be caused by that the SBS 2000 server (IAS
server) is not the DC. In SBS system there is no Trust will be available.
In SBS network, the following condition must be true:
- The SBS computer must be a domain controller that is installed on the
root of the domain.
- The SBS computer must hold all the Flexible Single Master Operation
(FSMO) roles.
- The SBS computer must be a global catalog server and must be the
licensing server.
- There must not be any existing domain trusts or child domains.
- Only one SBS server can exist on the domain.
I would like to suggest you re-configure your network structure to resolve
the issue. You can refer to the following article to process.
Chapter 9 - Installing Small Business Server in Existing Environments
http://www.microsoft.com/technet/prodtechnol/sbs/2000/reskit/sbrk0009.mspx
What is more, currently the SBS 2003 SP1 has been released for some time,
it is recommended that you upgrade the SBS 2000 server to SBS 2003 to
promote function.
The following articles may be useful to you, hope it helps.
Windows Small Business Server 2003: Frequently Asked Questions
http://www.microsoft.com/windowsserver2003/sbs/techinfo/overview/generalfaq.
mspx
884453 How to install Small Business Server 2003 in an existing Active
http://support.microsoft.com/?id=884453
Hope above information helps! If you have any further question on the issue
please feel free to let me know. I am happy to be assistance to you-)!
Have a nice day!
Sincerely,
Jenny Wu
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
The customer mail content:
===================
Hi Jenny,
Thanks for replying... I just need to get a couple of things
straightened out:
1) I actually have our gateway box (with Windows Server 2003) doing
Routing and Remote Access and am trying to make it the VPN server. Will
it be a problem? (It is a box that is not on the domain.)
2) I have my Domain Controller acting as the RADIUS server (this is not
the IAS server). Will this be a problem?
So this is my set-up:
GATEWAY BOX (Server 2003) - VPN Server & Routing & Remote Access (it has
been set up to do NAT & VPN)
DOMAIN CONTROLLER (Server 2000) - RADIUS Sever
MEMBER SERVER (SBS 2000) - IAS & Web Site Host
I am trying to get VPN working by using RADIUS and IAS and am trying to
get Outlook Web Access to work. I have followed the Microsoft articles
on how to configure Outlook Web Access which works internally but as
soon as you try it externally "Page Cannot be Displayed". When I try to
VPN in the client gets an error message 930... waiting for the IAS to
respond.
I have been trying to double check the settings on the IAS server but
that is when all the errors start appearing. I get responses from the
RADIUS and GATEWAY boxes when I try to VPN in but nothing from the IAS
server. (The problem has been getting sooooo frustrating.) Do I still do
what you have suggested below?
Sorry if this complicates things! Let me know if you need more
information.
Again, thanks you VERY much for all your help!!! I look forward to
hearing from you again.
Cheers,
Laura
===================
--------------------
>X-Tomcat-ID: 219600600
>References: <1136411241.689203.131560@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
>MIME-Version: 1.0
>Content-Type: text/plain
>Content-Transfer-Encoding: 7bit
>From: v-yanniw@xxxxxxxxxxxxxxxxxxxx ("Jenny wu [MSFT]")
>Organization: Microsoft
>Date: Thu, 05 Jan 2006 08:55:11 GMT
>Subject: RE: Internet Authentication Service Issues
>X-Tomcat-NG: microsoft.public.windows.server.sbs
>Message-ID: <go4DAXdEGHA.3764@xxxxxxxxxxxxxxxxxxxxx>
>Newsgroups: microsoft.public.windows.server.sbs
>Lines: 201
>Path: TK2MSFTNGXA02.phx.gbl
>Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:234289
>NNTP-Posting-Host: tomcatimport2.phx.gbl 10.201.218.182
>
>Hi Loz,
>
>Thanks for using the SBS newsgroup.
>
>>From your description, I understand that you received error when tried to
>open IAS server. If I am off base, please don't hesitate to let me know.
>
>To resolve the problem, I suggest we use the rarepair to reinstall RRAS
and
>IAS:
>
>1. Run the tool RArepair.exe to reinstall RAS components.
>
>2. Restart the computer and reconfigure the RRAS and IAS server.
>
>Note: I will attach the rarepair utility to you via email.
>
>I would like to suggest you refer to the following KB articles to
configure
>RRAS and IAS server:
>
>HOW TO: Turn On and Configure Inbound VPN Access in Small Business:
>http://support.microsoft.com/?id=320697
>
>HOW TO: Configure a Primary Internet Authentication Service Server on a
>Domain Controller
>http://support.microsoft.com/kb/317588/EN-US/
>
>If the issue persists, please help me collect some information to isolate
>the issue:
>
>1. Please catch some screen shots when reproduced the issue.
>
>To make a screen shot:
>A. Press Alt + Pr Scrn to capture a screen shot.
>B. From Start, go to Run, enter pbrush in the Open box, and then click OK.
>C. Use Ctrl + V to paste the screen shot to the canvas.
>D. From the File menu, go to Save and save as a JPG file.
>
>2. Can you find any related error events in the Event Viewer? Please save
>me the text of system and application log for further analysis:
>
>To save a text copy of Application /System log:
>
>A. Open Event Viewer: Start -> All Programs -> Administrative Tools ->
>Event Viewer.
>B. Right-click on Application/System log and select "Save Log File As?".
>
>Please add all files to a zip file and mail it to my working mailbox:
>v-yanniw@xxxxxxxxxxxxx
>
>Hope above information helps! I am happy to be assistance to you and look
>forward to your reply!
>
>Have a nice day!
>
>Sincerely,
>
>Jenny Wu
>Microsoft CSS Online Newsgroup Support
>Get Secure! - www.microsoft.com/security
>======================================================
>This newsgroup only focuses on SBS technical issues. If you have issues
>regarding other Microsoft products, you'd better post in the corresponding
>newsgroups so that they can be resolved in an efficient and timely manner.
>You can locate the newsgroup here:
>http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>
>When opening a new thread via the web interface, we recommend you check
the
>"Notify me of replies" box to receive e-mail notifications when there are
>any updates in your thread. When responding to posts via your newsreader,
>please "Reply to Group" so that others may learn and benefit from your
>issue.
>
>Microsoft engineers can only focus on one issue per thread. Although we
>provide other information for your reference, we recommend you post
>different incidents in different threads to keep the thread clean. In
doing
>so, it will ensure your issues are resolved in a timely manner.
>
>For urgent issues, you may want to contact Microsoft CSS directly. Please
>check http://support.microsoft.com for regional support phone numbers.
>
>Any input or comments in this thread are highly appreciated.
>======================================================
>This posting is provided "AS IS" with no warranties, and confers no rights.
>
>This step-by-step article describes how to correctly configure Routing and
>Remote Access (RRAS) on Small Business Server (SBS) 2000 to accept
incoming
>VPN connections from remote workstations.
>
>>From your description, my understanding on this issue is that after
>upgrading the server from SBS 2000 to SBS 2003, IAS service cannot start
>properly. If I have misunderstood anything, please feel free to let me
know.
>
>Based on my research, this issue could happen when IAS database was
damaged
>during the upgrade. Let's try the following suggestion:
>
>(1). Go to %systemroot%\system32\ias folder. During upgrade IAS should
have
>created a file called iasnew.mdb.
>(2). Rename ias.mdb to ias.mdb1
>(3). Rename iasnew.mdb to ias.mdb
>(4). Reboot the server and see if IAS service can start successfully now.
>
>Please take your time to try the suggestions and let me know the result at
>your earliest convenience. Your time and patience will be greatly
>
>
>
>Have a nice day!
>
>Sincerely,
>
>Jenny Wu
>Microsoft CSS Online Newsgroup Support
>From: "Loz" <lozzie16@xxxxxxxxxxxxxx>
>Newsgroups: microsoft.public.windows.server.sbs
>Subject: Internet Authentication Service Issues
>Date: 4 Jan 2006 13:47:21 -0800
>
>I am having problems with IAS on SBS 2000.
>
>Whenever I open IAS the following errors occur (in this order):
>
>Remote Access Policies Error - An error occurred while trying to make a
>connection to the datastore.
>
>Logging Error - An error occurred while trying to make a connection to
>the datastore.
>
>IAS Error - There was an error getting connection to the datastore.
>
>Then once the errors are acknowledged right clicking on "Internet
>Authentication Service (Local)" and selecting properties the following
>error occurs:
>
>IAS Error - Connection attempt failed.
>
>I believe this may be the reason why I am unable to get Outlook Web
>Access working (even though I have following the steps from Microsoft
>for setting it up correctly) as well as VPN connections... all the
>errors I receive in the RADIUS server and gateway machine indicate they
>are waiting for a signature request. Even though I have configured
>Access Policies, enabled and configured the RADIUS server and triple
>checked the shared secret on all servers.
>
>Any ideas or help much appreciated! :) Cheers!
>
>
>
>
>--------------------
>>From: "Loz" <lozzie16@xxxxxxxxxxxxxx>
>>Newsgroups: microsoft.public.windows.server.sbs
>>Subject: Internet Authentication Service Issues
>>Date: 4 Jan 2006 13:47:21 -0800
>>Organization: http://groups.google.com
>>Lines: 28
>>Message-ID: <1136411241.689203.131560@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
>>NNTP-Posting-Host: 210.15.202.170
>>Mime-Version: 1.0
>>Content-Type: text/plain; charset="iso-8859-1"
>>X-Trace: posting.google.com 1136411246 5798 127.0.0.1 (4 Jan 2006
21:47:26
>GMT)
>>X-Complaints-To: groups-abuse@xxxxxxxxxx
>>NNTP-Posting-Date: Wed, 4 Jan 2006 21:47:26 +0000 (UTC)
>>User-Agent: G2/0.2
>>X-HTTP-UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1;
>.NET CLR 1.1.4322),gzip(gfe),gzip(gfe)
>>Complaints-To: groups-abuse@xxxxxxxxxx
>>Injection-Info: o13g2000cwo.googlegroups.com; posting-host=210.15.202.170;
>> posting-account=ZV7IWA0AAAALA5SoX2REzKHEwoiBjNDj
>>Path:
>TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.sul.t-online.de!t-onl
i
>ne.de!border2.nntp.dca.giganews.com!border1.nntp.dca.giganews.com!nntp.giga
n
>ews.com!postnews.google.com!o13g2000cwo.googlegroups.com!not-for-mail
>>Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:234126
>>X-Tomcat-NG: microsoft.public.windows.server.sbs
>>
>>I am having problems with IAS on SBS 2000.
>>
>>Whenever I open IAS the following errors occur (in this order):
>>
>>Remote Access Policies Error - An error occurred while trying to make a
>>connection to the datastore.
>>
>>Logging Error - An error occurred while trying to make a connection to
>>the datastore.
>>
>>IAS Error - There was an error getting connection to the datastore.
>>
>>Then once the errors are acknowledged right clicking on "Internet
>>Authentication Service (Local)" and selecting properties the following
>>error occurs:
>>
>>IAS Error - Connection attempt failed.
>>
>>I believe this may be the reason why I am unable to get Outlook Web
>>Access working (even though I have following the steps from Microsoft
>>for setting it up correctly) as well as VPN connections... all the
>>errors I receive in the RADIUS server and gateway machine indicate they
>>are waiting for a signature request. Even though I have configured
>>Access Policies, enabled and configured the RADIUS server and triple
>>checked the shared secret on all servers.
>>
>>Any ideas or help much appreciated! :) Cheers!
>>
>>
>
>
.
- Follow-Ups:
- RE: Internet Authentication Service Issues
- From: "Jenny wu [MSFT]"
- RE: Internet Authentication Service Issues
- References:
- Internet Authentication Service Issues
- From: Loz
- RE: Internet Authentication Service Issues
- From: "Jenny wu [MSFT]"
- Internet Authentication Service Issues
- Prev by Date: RE: Errors when Enabling the VPN
- Next by Date: Re: Setting up a second network card (WAN)
- Previous by thread: RE: Internet Authentication Service Issues
- Next by thread: RE: Internet Authentication Service Issues
- Index(es):
Relevant Pages
|
