Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
The following error occurred in the Point to Point Protocol module on port: <port_name>, UserName: <username>. <error description>
|English: Request a translation of the event description in plain English.|
In our case our 20187 and 20073 errors were caused by the DC rejecting the users creds or at least getting munged somewhere in the process. The fix had to do with MSChapv2 and NTLMv2 settings on the local policy of the RRAS server. One possible result of this mismatch is the account being locked out even though the correct creds were entered. On top of changing the RRAS server Network Security NTLM level to match the domain, I also added key "Enable NTLMv2 Compatibility" key to the registry as the link states however, not sure if it was that or both that did the trick. For an overview of the NTLM settings see ME823659 and for the fix see ME893318.
Resetting the shared secret between the IAS server using RADIUS and the VPN server fixed the problem for me. Both servers in this case were running Windows Server 2003 and the domain was in Native 2003 mode.
The Routing and Remote Access service is not available because the system could not establish the Point to Point protocol. See MSW2KDB for a list of possible causes.
As per Microsoft: "This behavior can occur because the Routing and Remote Access server has not been set up as a Remote Authentication Dial-In User Service (RADIUS) client in the IAS Microsoft Management Console (MMC)". See ME299684 for more information.
As per Microsoft: "This issue may occur if the computer account has permissions to read the Active Directory directory service record, but it does not have permissions to write to the Active Directory record. This issue may also occur if the default path to the Routing and Remote Access log file has been changed or is not valid". See ME826899 to fix this problem.
From a newsgroup post: "When first started, RAS was working fine. Clients could dial in without any problems. One day I had to put down the server for a while and then the fun started. After the server rebooted clients could still dial-in but they where being rejected at the authentication stage. Event viewer showed event ID 20073 – "The following error occurred in the Point to Point Protocol module on port: COM1, Username: DOMAIN/username. The authentication server did not respond to authentication requests in a timely fashion". Next step I disabled RRAS on the Server and tried to restart. This turned out not to be such a good idea, the configuration wizard goes through the process and just at the end a dialogue box appears stating that "An error occurred starting the RRAS Service". After plenty of retries, I finally succeeded. Instead of using the RRAS wizard to set everything up, I checked the "enable but configure manually option". Everything started fine, and the configuration settings were fine". See ME243374 for information directly related to this newsgroup post.
I got this error (along with event 20049 and error 930 on the RAS client machines) only because the global catalog server was unavailable when RAS clients tried to log in. Got the global catalog server back online and everything worked fine again.
If the domain is in native mode, running the following command from your DC's should solve the problem: “net localgroup "Pre-Windows 2000 Compatible Access" everyone /add”. See ME240855 for more information.
After looking through all the logs it was determined that the log file under Remote Access Logging was corrupted. Unchecked Remote Access Logging and all is well.
Eric W. Bowers
Error: "The remote computer does not support the required data encryption type." - ME227747 helps remedy this condition.
Error: "The authentication server did not respond to authentication requests in a timely fashion." - See ME227747.
|Private comment: Subscribers only. See example of private comment|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated