• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

L2TP VPN fails with incorrect username password

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> VPN >> L2TP VPN fails with incorrect username password Page: [1]
Login
Message << Older Topic   Newer Topic >>
L2TP VPN fails with incorrect username password - 10.Jun.2008 12:35:55 PM   
johnspie

 

Posts: 11
Joined: 2.Feb.2006
Status: offline 		Hello,

Trying to get a L2TP VPN setup using a PSK. (rarely use vpn).
When the client initaites the requests ISA 2006 (W2K3 SP2) allows it and then it is refused from the DC b/c of incorrect username/pasword. (ev id 20189).
The username/password is correct and so is the PSK.

Thanks in advance for any help!

John
Post #: 1
RE: L2TP VPN fails with incorrect username password - 11.Jun.2008 11:22:38 AM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline 		Hello John,

is the account used by you a domain account or a local account? If itīs a domain account, check the ISA logs and make sure the user is contacting the domain controller.

Regards,
Paulo Oliveira.

(in reply to johnspie)
Post #: 2
RE: L2TP VPN fails with incorrect username password - 11.Jun.2008 11:43:26 AM   
johnspie

 

Posts: 11
Joined: 2.Feb.2006
Status: offline 		Thanks Paulo for you reply,

The account is a domain account which is a member of a global group (eg. vpn users); this global group is defined in the groups tab of the vpn properties within ISA.  The user account does hit the dc, and event id 529 is logged; which again is bad username/password? Thanks. 

(in reply to johnspie)
Post #: 3
RE: L2TP VPN fails with incorrect username password - 11.Jun.2008 1:03:53 PM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline 		Is the DC hardened or configured to only support NTLMv2?

By default ISA VPN can only provide NTLMv1 requests...

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to johnspie)
Post #: 4
RE: L2TP VPN fails with incorrect username password - 11.Jun.2008 2:34:51 PM   
johnspie

 

Posts: 11
Joined: 2.Feb.2006
Status: offline 		Thank you Jason!

The DC was hardened and set to the highest auth level; ommiting NTLMv1.
XP clients worked great until I tried the VPN!

Thanks again,

John

(in reply to johnspie)
Post #: 5
RE: L2TP VPN fails with incorrect username password - 11.Jun.2008 5:49:38 PM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline 		ISA VPN can be made NTLMv2 aware if you still want the DC at the highest level.

Have a look here for how: http://blogs.isaserver.org/shinder/2006/05/17/ntlmv2-and-isa-firewall-vpn-services-the-solution/

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to johnspie)
Post #: 6
RE: L2TP VPN fails with incorrect username password - 12.Jun.2008 10:10:37 AM   
johnspie

 

Posts: 11
Joined: 2.Feb.2006
Status: offline 		Thanks!

Since we are running ISA on Server 2003 SP2 the hotfix was already integrated into the OS. -So I just made the registry change and now we can use NTLMv2 for VPN authentication. Sweet!


(in reply to Jason Jones)
Post #: 7

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> VPN >> L2TP VPN fails with incorrect username password Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts