VPN Error

[Ben]

I am running a Windows 2003 server. (Testing it out), I have a XP remote
client trying to connect to the server via VPN.
When trying to connect I and getting "Error 647: The account is disabled" on
the remote client side. Even though on the Server side the user that I am
trying to log in with has Dial-up access enabled. I have also tried with
other users and no luck.
I have tried and tried messing with the different policies and ect, but
having no luck.
So I am needing some help, If you have any ideas or things I should try and
think about please responded.
I also wouldn't doubt that it is the smallest stupidest thing that I just
have over looked or not thinking about.

I thank you all a head of time.

Thanks
Ben

 

[Wajihy [MSFT]]

what is the error you get from the server side ( check the eventviewer)?

 

[Ben]

The server log states 2 errors:
1st:
The following error occurred in the Point to Point Protocol module on
port VPN4-127, Username <Unauthenticated User>. The account is disabled.

2nd:
The user connection from (and it gives IP address from the remote
client) but failed an authentication attempt due to the following reason:
Authentication failed because the user account is not enabled. Before the
account can be authenticated, a person with administrative rights for either
the computer or domain must enable the account.

Those are the 2 errors on the server side. However when I double check the
User settings on the server I have the Dial-in Allowed. I have tried this
with different users and remote computers, even creating new users and still
getting the same thing on everything.

Any thoughts would help. Thanks again.
Ben

 

[Sam Salhi [MSFT]]

ok I need to make 2 points here,
a) Looks like when you're dialing in, you're not specifying the username,
and this [by default] is mapped to the "guest" account
b) If you do want to do unauthenticated access, then you need to enable the
guest account in AD (or on the server machine)



--
===========================================================
This posting is provided "AS IS" with no warranties and confers no rights
===========================================================

 

[Ben]

Here are those files requestd. However it is saying that I am trying to
login with the Guest account but I am not. I am entering the username as an
real username. Even made fake user account "chuck" and it gave me this
error.

Also the rastls.log file is empty.

Again I am not all that savy on RAS and VPN so I might not have configured
it all right too. This stuff is new to me. But I guess we all have to start
somewhere right?


Thanks again for your help
Ben

 

[Sam Salhi [MSFT]]

do you think you can provide a netmon capture of the authentication?


--
===========================================================
This posting is provided "AS IS" with no warranties and confers no rights
===========================================================

I am using AD, but I am pointing the login to the AD domain. The server is
hosting the domain. (Lets call it domain "Test")
So when trying to login it asks for:
Username: I enter username (Lets say "Chuck"
Password: "password
Domain: "Test"

but as you can see it is still trying to login in as guest. Even though I am
using "chuck" as my username. I dont get it.

I hope this helps you guys, cause Im still in the dark.

Thanks again for all your time and help.

Ben

Points I have mentioned are based on the event you supplied me, but that ok,
There seems to be a configuration issue somewhere, because if your account
keeps coming up as "disabled" then it was successfully retrieved from

the

AD
and decided it is disabled. So the next question would be, are you running
against AD or Local account on the IAS server?
If the server is member of a domain, it will normally go to the AD to lookup
the user. If you're trying to connect with a local account on a member
server then you must specify the domain of the user as the local IAS server
name, (either in the username in the format ComputerName\User or in the
domain field)

Check it out and let us know if it worked


--
===========================================================
This posting is provided "AS IS" with no warranties and confers no rights
===========================================================

I do login with a username and password on the client computer. When I dial
in it comes up with a screen asking for the username and password of the
user I would like to logon with. Also I have tried with both using Domain
name and not.

Thank you, but I don't think that is it. Any other thoughts?

Thanks again for all your help.
Ben


ok I need to make 2 points here,
a) Looks like when you're dialing in, you're not specifying the username,
and this [by default] is mapped to the "guest" account
b) If you do want to do unauthenticated access, then you need to enable
the
guest account in AD (or on the server machine)



--
===========================================================
This posting is provided "AS IS" with no warranties and confers no rights
===========================================================


The server log states 2 errors:
1st:
The following error occurred in the Point to Point Protocol module
on
port VPN4-127, Username <Unauthenticated User>. The account is disabled.

2nd:
The user connection from (and it gives IP address from the remote
client) but failed an authentication attempt due to the following
reason:
Authentication failed because the user account is not enabled. Before
the
account can be authenticated, a person with administrative rights for
either
the computer or domain must enable the account.

Those are the 2 errors on the server side. However when I double check
the
User settings on the server I have the Dial-in Allowed. I have tried
this
with different users and remote computers, even creating new users and
still
getting the same thing on everything.

Any thoughts would help. Thanks again.
Ben


what is the error you get from the server side ( check the
eventviewer)?

--

This posting is provided "AS IS", with NO warranties and confers NO
rights
I am running a Windows 2003 server. (Testing it out), I have a XP
remote
client trying to connect to the server via VPN.
When trying to connect I and getting "Error 647: The account is
disabled"
on
the remote client side. Even though on the Server side the

user
that

I
am
trying to log in with has Dial-up access enabled. I have also tried
with
other users and no luck.
I have tried and tried messing with the different policies and ect,
but
having no luck.
So I am needing some help, If you have any ideas or things I should
try
and
think about please responded.
I also wouldn't doubt that it is the smallest stupidest thing

that

I
just
have over looked or not thinking about.

I thank you all a head of time.

Thanks
Ben

 

[Ben]

I have tried to login with different users, The client is using Win XP Pro
and the Server is Server 2003. Do you want me to login with a different user
and resend those files?
Also how would I try to do netmon and send the file?

Thanks
Ben

also, Can you try and authenticate with a different user?
Are you using Win2k or WS2003??

--
===========================================================
This posting is provided "AS IS" with no warranties and confers no rights
===========================================================

I am using AD, but I am pointing the login to the AD domain. The server is
hosting the domain. (Lets call it domain "Test")
So when trying to login it asks for:
Username: I enter username (Lets say "Chuck"
Password: "password
Domain: "Test"

but as you can see it is still trying to login in as guest. Even though

I

am
using "chuck" as my username. I dont get it.

I hope this helps you guys, cause Im still in the dark.

Thanks again for all your time and help.

Ben

Points I have mentioned are based on the event you supplied me, but

that
ok,

There seems to be a configuration issue somewhere, because if your account
keeps coming up as "disabled" then it was successfully retrieved from

the

AD
and decided it is disabled. So the next question would be, are you running
against AD or Local account on the IAS server?
If the server is member of a domain, it will normally go to the AD to lookup
the user. If you're trying to connect with a local account on a member
server then you must specify the domain of the user as the local IAS server
name, (either in the username in the format ComputerName\User or in the
domain field)

Check it out and let us know if it worked


--
===========================================================
This posting is provided "AS IS" with no warranties and confers no rights
===========================================================


I do login with a username and password on the client computer. When I
dial
in it comes up with a screen asking for the username and password of the
user I would like to logon with. Also I have tried with both using Domain
name and not.

Thank you, but I don't think that is it. Any other thoughts?

Thanks again for all your help.
Ben


ok I need to make 2 points here,
a) Looks like when you're dialing in, you're not specifying the
username,
and this [by default] is mapped to the "guest" account
b) If you do want to do unauthenticated access, then you need to enable
the
guest account in AD (or on the server machine)



--
===========================================================
This posting is provided "AS IS" with no warranties and confers no
rights
===========================================================


The server log states 2 errors:
1st:
The following error occurred in the Point to Point Protocol module
on
port VPN4-127, Username <Unauthenticated User>. The account is
disabled.

2nd:
The user connection from (and it gives IP address from the remote
client) but failed an authentication attempt due to the following
reason:
Authentication failed because the user account is not enabled. Before
the
account can be authenticated, a person with administrative

rights
for

either
the computer or domain must enable the account.

Those are the 2 errors on the server side. However when I double check
the
User settings on the server I have the Dial-in Allowed. I have tried
this
with different users and remote computers, even creating new

users
and

still
getting the same thing on everything.

Any thoughts would help. Thanks again.
Ben


what is the error you get from the server side ( check the
eventviewer)?

confers
NO

rights
I am running a Windows 2003 server. (Testing it out), I have

a
XP

remote
client trying to connect to the server via VPN.
When trying to connect I and getting "Error 647: The account is
disabled"
on
the remote client side. Even though on the Server side the user
that
I
am
trying to log in with has Dial-up access enabled. I have also
tried
with
other users and no luck.
I have tried and tried messing with the different policies and
ect,
but
having no luck.
So I am needing some help, If you have any ideas or things I
should
try
and
think about please responded.
I also wouldn't doubt that it is the smallest stupidest

thing
that

I
just
have over looked or not thinking about.

I thank you all a head of time.

Thanks
Ben

 

[Wajihy [MSFT]]

just try to connect locally on a machine that is member of the domain using
the same user account that you used to connect

 

[Ben]

I can connect locally but not using VPN.

Gives me the same error

Thanks
Ben

 

[Ben]

If I take out VPN. And just try to login to the server by going to the
client and going to run, and typing in \\IP_ADDRESS , some clients will come
up with username and password prompts.
However some just come up with a Open Window that has nothing in it. What
could cause it not to prompt for a username and password?
Any thoughts?

Thanks again for all your guys help.
Ben