Server 2003.....VPN.....User wants access from home to network. I thought i had all the permissions set but when user tries to connect from home we keep getting a permission error.....
Event Type: Warning
Event Source: IAS
Event Category: None
Event ID: 2
Date: 2/13/2008
Time: 6:56:44 PM
User: N/A
Computer: MTJ01
Description:
User dbilyeu was denied access.
Fully-Qualified-User-Name = kbjm-mtj.local/MyBusiness/Users/SBSUsers/David Bilyeu
NAS-IP-Address = 192.168.1.254
NAS-Identifier = <not present>
Called-Station-Identifier = <not present>
Calling-Station-Identifier = 0.0.0.0
Client-Friendly-Name = PIX Firewall
Client-IP-Address = 192.168.1.254
NAS-Port-Type = <not present>
NAS-Port = 4
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = Connections to other access servers
Authentication-Type = MS-CHAPv1
EAP-Type = <undetermined>
Reason-Code = 65
Reason = The connection attempt failed because remote access permission for the user account was denied. To allow remote access, enable remote access permission for the user account, or, if the user account specifies that access is controlled through the matching remote access policy, enable remote access permission for that remote access policy.
I check user's permissions in AD and the Dial-in is set "Control access through Remote Access Policy". Checked the policy and the following policies are there w/ the following set.
Policy Conditions:
NAS-Port-Type Matches "Virtual (VPN) AND - set to Virtual VPN and the Edit Dial In Profile has the Authentication set to MS-CHAP V2 checked and MS-CHAP checked.
VPN Users is also listed. I have user in this group.
If connection matches is set to grant access.
The other policy is titled Connections to Microsoft Routing and Remote Access Server. Grant remote access is checked.
Last policy is Connections to other access servers. I didn't change anything w/ this one because i assumed this does not apply for me?
What did I miss and why is access permission being denied?
TIA
Event Type: Warning
Event Source: IAS
Event Category: None
Event ID: 2
Date: 2/13/2008
Time: 6:56:44 PM
User: N/A
Computer: MTJ01
Description:
User dbilyeu was denied access.
Fully-Qualified-User-Name = kbjm-mtj.local/MyBusiness/Users/SBSUsers/David Bilyeu
NAS-IP-Address = 192.168.1.254
NAS-Identifier = <not present>
Called-Station-Identifier = <not present>
Calling-Station-Identifier = 0.0.0.0
Client-Friendly-Name = PIX Firewall
Client-IP-Address = 192.168.1.254
NAS-Port-Type = <not present>
NAS-Port = 4
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = Connections to other access servers
Authentication-Type = MS-CHAPv1
EAP-Type = <undetermined>
Reason-Code = 65
Reason = The connection attempt failed because remote access permission for the user account was denied. To allow remote access, enable remote access permission for the user account, or, if the user account specifies that access is controlled through the matching remote access policy, enable remote access permission for that remote access policy.
I check user's permissions in AD and the Dial-in is set "Control access through Remote Access Policy". Checked the policy and the following policies are there w/ the following set.
Policy Conditions:
NAS-Port-Type Matches "Virtual (VPN) AND - set to Virtual VPN and the Edit Dial In Profile has the Authentication set to MS-CHAP V2 checked and MS-CHAP checked.
VPN Users is also listed. I have user in this group.
If connection matches is set to grant access.
The other policy is titled Connections to Microsoft Routing and Remote Access Server. Grant remote access is checked.
Last policy is Connections to other access servers. I didn't change anything w/ this one because i assumed this does not apply for me?
What did I miss and why is access permission being denied?
TIA
