none
VPN Server (Server 2003) give 691 error after disconneted VPN session

    問題

  • Hello all,

      My VPN server, a Server 2003 server on a 2003 AD, allows users to connect, but once a user disconnects and anyone tries to connect they get "Error 691: The remote connection was denied because the username and password combination you provided is not recognized, or the selected authentication protocol is not permitted on the remote access serve."  If I reboot the server then one connection is allowed and once there is a disconnects then the same error comes up.

       I have tried different VPN server Machines, even a Server 2008 serever and I have the same problem, I have even reinstalled the original VPN server and I get the same error.

       I have my suspicions that the DNS server on the DC is causing the problems but I am not sure and I would not know where to start repairing it.

    Pleas any one with advice

    2012年6月27日 上午 08:18

解答

  • Hi all, 

       Very strange, I eventually removed the AV, Endpoint by bit defender, and then it worked, I reinstalled BD to test and it is still working, so I assume there is a End Point issue, I will report it to BD.

    Regards

    2012年7月9日 下午 01:05

所有回覆

  • Hello,

    you may better ask this in the networking forum http://social.technet.microsoft.com/Forums/en/winserverNIS/threads


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    2012年6月26日 下午 09:20
  • Hello all this is now permanent, it is almost like the VPN service cannot authenticate users to the domain.
    2012年6月27日 上午 09:37
  • Hi Rhys,

    Thanks for posting here.

    Have we set RRAS to work with RADIUS/IAS/NPS server for authentication ?  if so have we registered this RADIUS/IAS/NPS server into domain system and configured proper policies with defining conditions in it ? and what VPN tunnel are we using now ?

    Setting VPN service with RRAS is quite simple operation on Windows Server 2003 , all we need to do is setting it up by the wizard . so can you briefly discuss how did we configure that and your topologic ?

    Step-by-Step Guide for Setting Up VPN-based Remote Access in a Test Lab

    http://technet.microsoft.com/en-us/library/cc757206(WS.10).aspx

    Thanks.

    Tiger Li


    Tiger Li

    TechNet Community Support

    2012年6月28日 上午 02:38
  • Hello Tiger,

       I am not using RADIUS.

       The RRAS was working fin until about 2 weeks ago, then it started with this error.  It almost look like when it tries to authenticate it is looking at the wrong AD, or though I know it is highly unlikely, that it what it looks like.

    Regards

    Rhys

    2012年6月28日 上午 06:16
  • I have now reinstalled my server for the second time and I have the same problem.

    I have set up the VPN on my DC and it seems to work there.  Please guy any help would be appreciated!

    2012年7月4日 下午 12:16
  • Check that the server is a member of the RAS IAS servers group and has the apropriate permissions.

    In RRAS console, in Remote Access Policies, click properties on Connection to MS RRAS, make sure you have the grant remote access permisions.

    On a user's properties in the dail in tab, check the allow access and test it out.

    Check the event log for any issues and post them here please.


    MCTS - Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. http://mariusene.wordpress.com/

    2012年7月6日 下午 12:32
  • I have now reinstalled my server for the second time and I have the same problem.

    I have set up the VPN on my DC and it seems to work there.  Please guy any help would be appreciated!

    If I reboot the server then one connection is allowed and once there is a disconnects then the same error comes up.

    Is the main symptom  that only one connection is allowed, meaning that multiple users are not able to connect simultaneously? If so, that maybe be caused by a limitation on the firewall/router. Some firewalls, such as the Netgear ProSecure have this limitation. What brand router do you have?

    In the router, have you alllowed TCP 1723 and GRE? Note: Depending on name brand, GRE on some routers may be referred to as "PPTP passthrough" or "VPN Passthrough."

    Have you created a group in AD, added the users you want to allow VPN, then configured a RRAS policy to allow that group?

    If not, have you followed Tiger's link to configure RRAS?

    .

    Here are a couple of other links:

    Configure a Windows Server 2003 VPN on the server side (screen shots)
    http://articles.techrepublic.com.com/5100-10878_11-5805260.html

    Remote access/VPN server role: Configuring a remote access/VPN ...Remote access/VPN server role: Configuring a remote access/VPN server. Updated: January 21, 2005. Applies To: Windows Server 2003, Windows Server 2003 R2, ...
    http://technet.microsoft.com/en-us/library/cc736357(WS.10).aspx

    How to install and configure a Virtual Private Network server in ...You can configure the VPN server to use either Windows Server 2003 or Remote ...
    http://support.microsoft.com/kb/323441


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    2012年7月6日 下午 06:12
  • Hi all, 

       Very strange, I eventually removed the AV, Endpoint by bit defender, and then it worked, I reinstalled BD to test and it is still working, so I assume there is a End Point issue, I will report it to BD.

    Regards

    2012年7月9日 下午 01:05
  • Good to hear. Apparently setting up VPN after BD is installed, you would have to exclude it. Uninstalling BD then reinstalling it, it recognized it and allowed it.

    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    2012年7月9日 下午 07:51