RRAS Issues

[ppuddick]

First of all thanks for taking the time to read this. This is a strange one! I have a Win2000 Server running Active Directory with RRAS setup with a 56k modem. (For outgoing IP traffic I have put an ISDN router on the LAN for web and email - this is working fine!). I have configured RRAS to the letter (from my windows 2000 server manuals). I have granted 5 users dial-in privileges and I have also made sure that the Domain Controller is a member of the RAS and IAS security group.

The problem I having is that whenever anybody attempts to dial in they are always greeted with "Error 649 - user account does not have permissions to dial in" when I know for a fact thay they have. This is an improvement on the situation last week when I was getting Error 678, but I've since changed the modem in the machine. Some authentication is taking place but something, somewhere is blocking any remote access! I've played about with CHAP and PAP authentication on both clients and the server and that hasn't had any effect! I've setup RRAS on 2000 before no problems but this one really has me stumped.

Oh, and I've checked and the line itself is ok. Any help would be much appreciated (I have no hair left now) and thanks for reading

 

[hewissa]

I trust you did this but for arguements sake, check the user profile and see if they have Dial-In enabled. Secondly check the Access Policy on the RRAS and see if it is enabled there.

Hewissa

MCSE, CCNA, CIW

 

[ppuddick]

Hi Hewissa, thanks for your reply. This is the thing. The user profile has dial-in permissions enabled and I have enabled the RRAS policy as I know that it is disabled by default. I've mucked about with different methods of authentication - PAP, CHAP, MSCHAP, MSCHAPv2,etc - No joy!

 

[hewissa]

Enable the policy, but also enable in the policy the Dial-In Right.

Hewissa

MCSE, CCNA, CIW

 

[ppuddick]

Right

 

[hewissa]

Hmm, what is the security setting in the policy/dial-in connection. Is it set to Strongest, strong.....and the dial-in what is it set to, connect even without encryption etc?

Hewissa

MCSE, CCNA, CIW

 

[lhcon]

Did you ever get this resolved. I am having the same issue and it's making me suicidal.

Thanks
Chuck

 

[shunter40]

I had the exact same problem. If someone dialed in during the day there was no problem getting in, but if they dialed in after I left the office, they couldn't. The answer? I couldn't log off the Windows 2000 server at night! So, in place of a better answer, I lock the computer, which doesn't log off the administrator, but it stops anyone from messing with the system. No problems since then!

 

[lhcon]

The problem I am having is when dialing in I keep getting Error 649 - user account does not have permissions to dial in" I'm using the administrator account on my laptop. if I plug the laptop into the network the laptop logs right in but if I dialin I get error 649

any help would be appreciated

Thanks

chuck

 

[shunter40]

It doesn't matter what permissions you have when you are dialing in. Like I said before, you need to have your network server logged in as administrator, then you will be able to dial in.

 

[lhcon]

The server is logged in as administrator but I still get permission errors when dialing in. I didn't have this problem with NT 4 but since it died and we got this Win2k box I can't get in. were a small office 10 people and one server. We always dialed in in the past and now with the Win2k its a big pain.

Thanks
Chuck

 

[hewissa]

Check your policies, and profiles. Ensure that users have the right to dial in and the RRAS policy is configured to allow dial-in clients.

Hewissa

MCSE, CCNA, CIW

 

[dsherrill]

I just experienced the same problem. One thing that took care of the issue for me was to check the security on the laptop/remtote machine's DUN connectoid. It has the same options as the Authentication methods in RRAS. I don't know if it is the best choice, but I use the advanced settings, with Microsoft CHAP Version 2, and selected the box for auto use of Windows logon name and password (and domain if any). This took care of the problem for me. Both MSCHAP versions are what I use on the server authentication method.

Good luck

 

[shunter40]

My modem was working fine for two months until out of the blue, I received an Error 678: The remote computer did not respond. I hadn't changed anything. I did a lot of troubleshooting, then just decided to download the latest driver for my USR5699B Winmodem. After the install, I rebooted the server, tried dialing in, upon which I received an Error 913: A remote Access Client attempted to connect over a port that was reserved for Routers only. I went into Administrative Tools, Routing and Remote Access, Ports. My modem should have been listed there, but wasn't. I right-clicked on Ports, Properties, clicked on my modem, clicked the Configure button and clicked on "Remote Access connections (inbound only)" and pressed OK. I dialed in, it rang, answered, verified my user name and password and it connected!