VPN authentication fails in trusted domain (Full Version)

All Forums >> [ISA Server 2004 Firewall] >> VPN



Message


awj -> VPN authentication fails in trusted domain (8.Feb.2005 12:19:00 PM)

Hi there

I have setup ISA 2004 server in its own Domain running on Windows 2003 server, i then created a one way trust to the 2003 internal domain so i can log users access in the internal domain etc. All works well apart from when i try to connect as an external VPN user it fails to authenticate in the internal Domain. I can authenticate in the Firewall Domain. I have tried the usual making sure users have dial in access etc and the VPN stuff seems to be configured fine (I have this working on various other systems although the Firewall is a member server in the internal domain). The error that shows in the logs below

"Description: The VPN connection attempt by user Intdomain\user1 from VPN client IP address XX.XX.XX.XX could not be established. The failure is due to error: 0xc0040021"

Any ideas, anyone tested this configuration does it need any additional rules above the usual ones?




awj -> RE: VPN authentication fails in trusted domain (9.Feb.2005 1:45:00 PM)

Nobody have any ideas on this? Is anyone using a separate Domain for the Firewall with a one way trust, if so does the VPN in work ok?




UnifiedIT -> RE: VPN authentication fails in trusted domain (14.Feb.2005 1:32:00 PM)

I receive this same error. I see it posted on alot of message boards but no fixes are ever posted. Have you found a fix for this issue? My ISA is in my domain (not a seperate domain). Users can connect to the vpn and authenticate but can not access any resource or ping. This is not selective on the users. One time a user can connect another time they can not. A reboot always fixes it for me but then it just changes who can not connect
Very strange.
Mark




awj -> RE: VPN authentication fails in trusted domain (14.Feb.2005 6:27:00 PM)

I would suspect in your case it is due to a bug in Windows 2003 that causes the RRAS service to hang. There was a hotfix available on request but i am not sure if it was ever released for public downloads.

If you trawl this board you will be able to find the Hotfix number




awj -> RE: VPN authentication fails in trusted domain (16.Feb.2005 4:42:00 PM)

To update my previous post i have since found that making the trust 2 way gets the VPN working but that kind of defeats the purpose.




awj -> RE: VPN authentication fails in trusted domain (18.Mar.2005 3:44:00 PM)

For a further update after a good few weeks Microsoft support have not come up with an answer so probably easiest on a new install to just make ISA part of your Domain.




Page: [1]