|
Home > Archive > 70-216 > March 2003 > Remote Access Server
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Remote Access Server
|
|
| striker100 2003-02-23, 12:54 pm |
| I have configured Remote access server on w2k advanced server and made a dailup on the client machine(win98) to connect to the server.When i connect,I am able to connect to server just for 3-4 seconds and connection gets dropped and ask me to reconnect.I have check all the permission in user acounts,protocols and all seems ok to me.I have also made chgs in speed,still no luck.In RAS i have tried both basic and advanced setup still didnt work. | |
| jeff_j_black 2003-02-24, 4:46 pm |
| RRAS can be difficult.
In mixed mode, users need to have explicit permission to dial in.
In native mode, permissions defer to policy.
The default policy in RRAS is set to not allow access. You have to manually change the default policy to allow access.
The connection needs to meet all of the conditions of the profile.
For test purposes, make sure RRAS logging is turned on, so you can see what is going on. Also only use PAP and no encryption to test.
You can sometimes get some logging on the client end as well, under the properties of the modem.
Sounds like either policy or authentication/encryption are the snag as you don't get to stay on long enough to generate much more observations. | |
| luisjo 2003-02-24, 5:17 pm |
| You always giving good advices and sharing knowledge. | |
| striker100 2003-02-26, 12:57 am |
| The users have the permission to dialin.In the policy grant permsission is selected. Even the remote logging is selected.
I have checked the event viewer,most of the warnings says "UNABLE TO CONTACT DHCP SERVER.THE AUTOMATIC PRIVATE IP ADDRESS 169.254.32.93 WILL BE ASSIGNED TO DIAL IN CLIENT.CLIENT MAY BE UNABLE TO ACCESS RESOURCES ON THE NETWORK."WITH THE IP KEEPS ON CHANGING
I HAVE SEEN ANOTHER WARNING SUCH AS" A CERTIFICATE COULDNOT BE FOUND.CONNECTION THAT USE THE L2TP PROTOCOL OVER IPSEC REQUIRE THE INSTALLATION OF A MACHINE CERTIFICATE,ALSO KNOWN AS A COMPUTER CERTIFICATE.NO L2TP CALLS WILL BE ACCEPTED."
ONE OF THE WARNING WERE "THE USER FHSERVER\USER1 CONNECTED TO PORT COM3 HAS BEEN DISCONNECTED BECAUSE NO NETWORK PROTOCOLS WERE SUCCESSFULLY NEGIOTED."
FHSERVER IS THE NAME OF THE SERVER AND USER1 IS THE USER I CREATED.AFTER THIS WARNINGS I ALSO CONFIGURED DHCP AND TRIED AGAIN WITH NO LUCK.I HAVE ALSO CONFIGURED STATIC IP AS THE USER1 CONNECT,STILL NO LUCK.i HAVE CHECKED FOR THE PROTOCOL,IN THE CLIENT MACHINE I USE TCP/IP AND NETBEUI AND ON THE SERVER IN THE INCOMING CONNECTION THERE IS TCP/IP ALSO. | |
| jeff_j_black 2003-02-26, 8:06 am |
| In order for the client to get an address via DHCP you need to configure your RRAS with DHCP Relay. Think of your remote clients as being on a separate segment of the LAN. When they dial in, they need a way to get an address DHCP Relay will do that for them.
Your remote access policy, first has to have 'Grant Access' checked on the settings page.
In the edit profile page, authentication tab, unselect all type of authentication except for PAP. On the encryption page, clear all encryption except for No Encryption.
On the client side, your dial-up settings have to match. Type of server you are calling should be PPP, Allow unsecured password should be checked and TCP/IP settings should match what you have chosen on the server.
Just remember, if the call coming in does not match the criteria in the remote access policy, the call does not go through. Example, if on the server you say 'server will supply address' and on the client you configure one, the call may not go through.
Provided that the client has dialin permission, matches the conditions of the remote access policy, and matches each and every setting in the profile of the policy, then the call goes through.
Again, I am only recommending these settings for testing purpose. As you get the wrinkles out, you can implement Authentication and Encryption according to what you client and server can support. It is just easier to get all of these things out of the picture until you can eliminate the root problem.
Without going serial to serial on a null modem cable, this type of lab can be difficult to arrange, so you are to be commended in your efforts. Keep posting logs and let's see if we can't get this licked. | |
| adam salam 2003-02-26, 10:44 am |
| By the way, is there any way to simulate RAS in a home network or should i use ISP only to achieve that?
my network consists of three W2k pro clients, one W2k advanced server DC, and another one member server.
thanks | |
| jeff_j_black 2003-02-26, 1:15 pm |
| If your server has a modem, you can dial in to your network, it is like operating your own ISP. That is what you will learn about when you go through this exercise. | |
| striker100 2003-02-27, 1:39 am |
| I have changed the modem of the server and did the connection and guess what It worked by the grace of God.I removed the ras and dhcp and made an incoming connection on the server.But there is small problem which i m facing.Bascially i have no domain and it is workgroup environment.
The problem is when i connect with a user after veryifying username and password checkbox it keeps on asking the username, password and domain.In domain box i have given the name of the server and even the workgroup,it doesnt take it and disconnects me.The username and password is all correct and it has permissions to dial in, i have even changed the user. But when i connnect with administrator it doesnt ask me abt username,password and domain and connects properly.Right now I have asked him to connect with administrator.
But I didnt understnd why i m not able to connect with a user? | |
| adam salam 2003-02-27, 1:51 am |
| quote:
Originally posted by jeff_j_black
If your server has a modem, you can dial in to your network, it is like operating your own ISP. That is what you will learn about when you go through this exercise.
thanks, what I mean is when I dial into the RAS offcourse I need to use a modem from the client side and a modem on the RAS side, so a modem need a dialing tone to work,also I need a telephone number to dial, how to establish that please. | |
| striker100 2003-02-27, 2:42 am |
| There should be two telephone lines one for the server and other for the client.In the Routing and Remote Access u have to configure it has a RAS server On the RAS server or on the domain depends whether u have domain or workgroup environment. u should create user a/c and give them the permission to dialin. Your remote access policy should have Grant Access checked.U should also have DHCP installed and configured.In the DHCP u have to make scope and specify the ip address to be used and given to client upon requesting. On the client side make a dialup connection to the server modem(phoneline of server) and use those a/c who has the permission to dialin. OR What can be done is dont do any of the Ras and dhcp stuff if u want it simple enough. In the server just make a new connection to Accept incoming connection and u can specify who all can connect.Create a user with permission to dialin and give me static ip too.On the client side make a dialup,the way u do it for internet but connect to server phoneline with user u just created who should have the permission to dialin.
Anywhere,Pls correct me if i am wrong. | |
| adam salam 2003-02-27, 2:58 am |
| quote:
Originally posted by striker100
There should be two telephone lines one for the server and other for the client.In the Routing and Remote Access u have to configure it has a RAS server On the RAS server or on the domain depends whether u have domain or workgroup environment. u should create user a/c and give them the permission to dialin. Your remote access policy should have Grant Access checked.U should also have DHCP installed and configured.In the DHCP u have to make scope and specify the ip address to be used and given to client upon requesting. On the client side make a dialup connection to the server modem(phoneline of server) and use those a/c who has the permission to dialin. OR What can be done is dont do any of the Ras and dhcp stuff if u want it simple enough. In the server just make a new connection to Accept incoming connection and u can specify who all can connect.Create a user with permission to dialin and give me static ip too.On the client side make a dialup,the way u do it for internet but connect to server phoneline with user u just created who should have the permission to dialin.
Anywhere,Pls correct me if i am wrong.
thanks i look to it like that basically, I think you need a phone line for thr server and another one for the client, so you can't simulate the ras in your home network.
Please jeff_j_black can you make your post clearer (If your server has a modem, you can dial in to your network, it is like operating your own ISP. That is what you will learn about when you go through this exercise.
Thanks | |
| nhat777 2003-02-27, 5:53 pm |
| I was able to simulate VPN from PC to PC at home network using ethernet. For dial-up I think we need 2 phone lines..but if some one can simulate dialup just using one phone line or serial port to serial port, I'll be interested to know too! | |
| Slinky 2003-02-27, 7:17 pm |
| You can use a null modem cable between 2 computers and use that for demand dialing if you want. I've done it before and its a pretty decent simulation if you don't have 2 modems or 2 phone lines. | |
| me? I dunno... 2003-03-03, 6:07 pm |
| I also connected vpn across lan with no modems. Why cant I just use my one phone line for the client, and dial up to the addresse of my ras server connected to cable connection. (moved last fall, got cable now  ) | |
| Slinky 2003-03-03, 11:36 pm |
| You mean connect to the internet with dialup, and then VPN to the server that's connected to the cable modem? I do that myself, I just get a free internet provider like NetZero and have at it. |
|
|
|
|