Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 20073 Source: RemoteAccess

Source
Level
Description
The following error occurred in the Point to Point Protocol module on port: <port_name>, UserName: <username>. <error description>
Comments
 
In our case our 20187 and 20073 errors were caused by the DC rejecting the users creds or at least getting munged somewhere in the process. The fix had to do with MSChapv2 and NTLMv2 settings on the local policy of the RRAS server. One possible result of this mismatch is the account being locked out even though the correct creds were entered. On top of changing the RRAS server Network Security NTLM level to match the domain, I also added key "Enable NTLMv2 Compatibility" key to the registry as the link states however, not sure if it was that or both that did the trick. For an overview of the NTLM settings see ME823659 and for the fix see ME893318.
Resetting the shared secret between the IAS server using RADIUS and the VPN server fixed the problem for me. Both servers in this case were running Windows Server 2003 and the domain was in Native 2003 mode.
The Routing and Remote Access service is not available because the system could not establish the Point to Point protocol. See MSW2KDB for a list of possible causes.

As per Microsoft: "This behavior can occur because the Routing and Remote Access server has not been set up as a Remote Authentication Dial-In User Service (RADIUS) client in the IAS Microsoft Management Console (MMC)". See ME299684 for more information.

As per Microsoft: "This issue may occur if the computer account has permissions to read the Active Directory directory service record, but it does not have permissions to write to the Active Directory record. This issue may also occur if the default path to the Routing and Remote Access log file has been changed or is not valid". See ME826899 to fix this problem.

From a newsgroup post: "When first started, RAS was working fine. Clients could dial in without any problems. One day I had to put down the server for a while and then the fun started. After the server rebooted clients could still dial-in but they where being rejected at the authentication stage. Event viewer showed event ID 20073 – "The following error occurred in the Point to Point Protocol module on port: COM1, Username: DOMAIN/username. The authentication server did not respond to authentication requests in a timely fashion". Next step I disabled RRAS on the Server and tried to restart. This turned out not to be such a good idea, the configuration wizard goes through the process and just at the end a dialogue box appears stating that "An error occurred starting the RRAS Service". After plenty of retries, I finally succeeded. Instead of using the RRAS wizard to set everything up, I checked the "enable but configure manually option". Everything started fine, and the configuration settings were fine". See ME243374 for information directly related to this newsgroup post.
I got this error (along with event 20049 and error 930 on the RAS client machines) only because the global catalog server was unavailable when RAS clients tried to log in. Got the global catalog server back online and everything worked fine again.
If the domain is in native mode, running the following command from your DC's should solve the problem: “net localgroup "Pre-Windows 2000 Compatible Access" everyone /add”. See ME240855 for more information.


After looking through all the logs it was determined that the log file under Remote Access Logging was corrupted. Unchecked Remote Access Logging and all is well.
Error: "The remote computer does not support the required data encryption type." - ME227747 helps remedy this condition.
Error: "The authentication server did not respond to authentication requests in a timely fashion." - See ME227747.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...