• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

VPN authentication fails in trusted domain

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> VPN >> VPN authentication fails in trusted domain Page: [1]
Login
Message << Older Topic   Newer Topic >>
VPN authentication fails in trusted domain - 8.Feb.2005 12:19:00 PM   
awj

 

Posts: 107
Joined: 26.Feb.2004
From: UK
Status: offline
Hi there

I have setup ISA 2004 server in its own Domain running on Windows 2003 server, i then created a one way trust to the 2003 internal domain so i can log users access in the internal domain etc. All works well apart from when i try to connect as an external VPN user it fails to authenticate in the internal Domain. I can authenticate in the Firewall Domain. I have tried the usual making sure users have dial in access etc and the VPN stuff seems to be configured fine (I have this working on various other systems although the Firewall is a member server in the internal domain). The error that shows in the logs below

"Description: The VPN connection attempt by user Intdomain\user1 from VPN client IP address XX.XX.XX.XX could not be established. The failure is due to error: 0xc0040021"

Any ideas, anyone tested this configuration does it need any additional rules above the usual ones?
Post #: 1
RE: VPN authentication fails in trusted domain - 9.Feb.2005 1:45:00 PM   
awj

 

Posts: 107
Joined: 26.Feb.2004
From: UK
Status: offline
Nobody have any ideas on this? Is anyone using a separate Domain for the Firewall with a one way trust, if so does the VPN in work ok?

(in reply to awj)
Post #: 2
RE: VPN authentication fails in trusted domain - 14.Feb.2005 1:32:00 PM   
UnifiedIT

 

Posts: 31
Joined: 20.Oct.2004
From: Grand Rapids, MI.
Status: offline
I receive this same error. I see it posted on alot of message boards but no fixes are ever posted. Have you found a fix for this issue? My ISA is in my domain (not a seperate domain). Users can connect to the vpn and authenticate but can not access any resource or ping. This is not selective on the users. One time a user can connect another time they can not. A reboot always fixes it for me but then it just changes who can not connect
Very strange.
Mark

(in reply to awj)
Post #: 3
RE: VPN authentication fails in trusted domain - 14.Feb.2005 6:27:00 PM   
awj

 

Posts: 107
Joined: 26.Feb.2004
From: UK
Status: offline
I would suspect in your case it is due to a bug in Windows 2003 that causes the RRAS service to hang. There was a hotfix available on request but i am not sure if it was ever released for public downloads.

If you trawl this board you will be able to find the Hotfix number

(in reply to awj)
Post #: 4
RE: VPN authentication fails in trusted domain - 16.Feb.2005 4:42:00 PM   
awj

 

Posts: 107
Joined: 26.Feb.2004
From: UK
Status: offline
To update my previous post i have since found that making the trust 2 way gets the VPN working but that kind of defeats the purpose.

(in reply to awj)
Post #: 5
RE: VPN authentication fails in trusted domain - 18.Mar.2005 3:44:00 PM   
awj

 

Posts: 107
Joined: 26.Feb.2004
From: UK
Status: offline
For a further update after a good few weeks Microsoft support have not come up with an answer so probably easiest on a new install to just make ISA part of your Domain.

(in reply to awj)
Post #: 6

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> VPN >> VPN authentication fails in trusted domain Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts