VPN clients get error 930 since network upgrade.

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Our VPN server is a Windows 2000 member server.
I upgraded our NT4 PDC to Windows 2003 Active Directory.
Now, clients receive the 930 error when trying to VPN to the 2000 server.

In active directory, I have added the 2000 server to the RRAS/IAS group. I
have stopped and restarted RRAS on the 2000 server. All accounts have Dial-In
privelages. Even the user's computer account has dial-in privelages.

The 2000 server shows event ID 20073 whenever someone tries to VPN in.

I have temporarily turned off the Windows2003 server so I am running with 2
NT BDC's. With 2003 off, users can now VPN in.

What can I do to resolve this?
 
quoted from http://www.ChicagoTech.net

Error 930: The authentication server did not respond to authentication
requests in a timely fashion.
SYMPTOMS: after setup Routing and Remote Access service for VPN or dial-up
on a server to use RADIUS, or upgrade the server to a new OS, 1) the client
computers may receive the following error message: Error 930: The
authentication server did not respond to authentication requests in a timely
fashion. 2) On the RRAS server Event ID: 20073 The following error occurred
in the Point-to-Point Protocol module port: Port, UserName: Username. The
authentication server did not respond to authentication requests in a timely
fashion. 3) On the IAS server, the following error message may be reported
Event ID: 13 A request was received from the invalid client IP Address
IP_Address.
Causes: 1) The default path to the Remote Access log file has been changed
or is not valid.
2) The VPN server has not been set up as a RADIUS client in the IAS.
3) This behavior will occur if the VPN user has permissions to read only on
the Active Directory directory service record.
4) Refer to error 619 resolution - add the vpn to the appropriate group.
--
For more and other information, go to http://www.ChicagoTech.net

Don't send e-mail or reply to me except you need consulting services.
Posting on MS newsgroup will benefit all readers and you may get more help.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on
http://www.ChicagoTech.net
Networking Solutions, http://www.chicagotech.net/networksolutions.htm
VPN Solutions, http://www.chicagotech.net/vpnsolutions.htm
VPN Process and Error Analysis, http://www.chicagotech.net/VPN process.htm
VPN Troubleshooting, http://www.chicagotech.net/vpn.htm
This posting is provided "AS IS" with no warranties.
 
I have read that canned response about 20 times in other posts. That is not
what I asked.
Please read my original post and respond to my question.
Thank you.
 
Instead of using the dialin privileges, set the user's accounts to use
remote access policy option. Then check that the remote access policy is set
to allow remote access. A common method is to set up a special group for
remote users, and make membership of that group a condition in the remote
access policy.
 
Back
Top