Routing and Remote Access Server Stops Authenticating Dial-Up Networking Clients

• Microsoft Windows 2000 Advanced Server
• Microsoft Windows 2000 Datacenter Server
• Microsoft Windows 2000 Professional
• Microsoft Windows 2000 Server
• Microsoft Windows NT Server version 4.0
• Microsoft Windows NT Workstation version 4.0
• Microsoft Windows 95
• Microsoft Windows 98
• Microsoft Windows 98 Second Edition

SYMPTOMS

When a Routing and Remote Access Services (RRAS) server joins a Windows 2000 domain, client authentication appears not to work. The RRAS server still authenticates client accounts that are local to the RRAS server, but it does not authenticate domain accounts. You may receive one of the following error messages on the Dial-Up Networking (DUN) client:

Error 619, "The port was disconnected."





Error 645, "Dial-Up Networking could not complete the connection to the server."

Event id: 20073
Source: Router
Description: The following error occurred in the Point to Point Protocol module on port: port number, UserName: user name. The authentication server did not respond to authentication requests in a timely fashion.

CAUSE

This issue occurs because the account you were logged on with at the time you joined the domain did not have administrator privileges on the Windows 2000 domain. Because of this, services that could easily compromise network security, such as RRAS, deny clients the ability to obtain access to the domain.

RESOLUTION

To work around this issue, you must register the RRAS server in Active Directory using an account that has domain administrator permissions. To do so, use either of the following methods:

Add the RRAS Computer to the Appropriate Group

1. Log on your Windows 2000-based computer with an account that has administrator privileges on the Windows 2000 domain.



2. Launch the Active Directory Users and Computers MMC snap-in, and then double-click your domain name.



3. Double-click the Users folder, and then double-click the RAS and IAS Servers security group.



4. Select the members tab.



5. Add the RRAS server to this group.

Use the Netsh.exe Utility

Method 1

Method 2

1. At a command prompt on the RRAS computer, type runas /user:domain name\administrator name "cmd", where domain name is the appropriate domain name, and administrator name is the appropriate administrator name. You are then prompted to enter a password for this account. If this computer is able to connect to the domain controller and verify the credentials, a command prompt opens with the following information in the title bar:

   cmd (running as domain name\administrator name)




2. At a command prompt, type netsh ras add registeredserver at a command prompt, and then press ENTER.

Registration completed successfully:
RAS Server: RAS server name
Domain: domain name

Registration FAILED:
RAS Server: RAS server name
Domain: domain name The specified domain either does not exist or could not be contacted.

STATUS

This behavior is by design.

MORE INFORMATION

This behavior is designed to increase security by requiring administrator permissions before a RRAS server may be added to the Active Directory. This issue does not occur if you are logged in with an account that has administrator privileges in the Windows 2000 domain at the time you install and configure RRAS. In this situation, the RRAS server is automatically registered in the Active Directory.

Additional query words: pptp vpn kbfaqw2knet

Keywords : kberrmsg kbnetwork kbtool win95 win98 win98se
Version : WINDOWS:2000,95; winnt:4.0
Platform : WINDOWS winnt
Issue type : kbprb