VPN error 930

[Frizzb]

Hi,

I'm setting up a VPN on a Windows 2000 SP4 server. It is
configured with an internal network NIC & an internet
enabled nic. It is set up to allocate ip addresses using
the internal DHCP server ( so the dhcp relay agent is
configured on the VPN box). When my Windows 2000 cliens
attempt to access the VPN they recieve an an error 930.

The VPN box reports an event id:20073 (authentication
server did not respond to auth req in a timely fashion).

Following the steps in kb articles kb 826899 and
kb 299684 regarding group policy permissions and
certificates did not help. The DC is setup as the CA root
and the VPN box is enabled there as a client, the VPN box
can be "pinged" by remote clients and it is set for
windows authentication (MS CHAPv2 & MS CHAP)

Any help is appreciated!!

 

[Priya Raghavan [MSFT]]

Hi Frizzb,

There should not be any issues with respect to certificates because you are trying MSCHAP authentication.
There are 2 main causes for this error:

1. When your RADIUS server is not reachable from your VPN server.
2. This issue may occur if the computer account has permissions to read the Active Directory directory service record, but it does not have permissions to write to the Active Directory record.

In your case, the first option is not possible as you are using Windows Auth.

To resolve the second case, follow these steps:

Verify the user permissions in the Active Directory Users and Computers snap-in on a Windows 2000 domain controller. To do this, follow these steps:
1.. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
2.. Expand your domain.
3.. Right-click Domain Controllers, and then click Properties.
4.. Click the Group Policy tab, click Default Domain Controllers Policy, and then click Edit.
5.. Expand Computer Configuration, expand Windows Settings, expand Security Settings, expand Local Policies, and then click User Rights Assignment.
6.. Double-click Access this computer from the network.
7.. By default, the Administrators, the Authenticated Users, and the Everyone groups are assigned this user right. If these groups are not assigned this user right, add them. To do so, click Add, locate the user or group you want to add, and then click OK two times.
Thanks,
Priya.



This posting is provided "AS IS" with no warranties and confers no rights.
Please reply to the newsgroup so that others may benefit.

 

[Sharoon Shetty K [MSFT]]

Check the KB article 227747
http://support.microsoft.com/default.aspx?scid=kb;[LN];Q227747

Hope it helps!
Sharoon