vpn issues

[Pantlegz]

so my latest project is this nifty windows server 2k8 vpn concentrator that wont work I have is setup exactly how technet described and it's not able to authenticate(error 691). In the server's event viewer it says that the login failed due to incorrect username/password but I have verified that I'm using the correct combo there. I am using a certificate server, as they said to, which was a pain to setup but I have the correct certificate on both the server and client. But alas, it fails and it's kind of annoying honestly. I know it would be better to just use the ASA for this, but I would also like to know how to set this up correctly.

Anyone have experience with any sort of windows RRAS/vpn setup? Willing to give me any insight? I would guess you would need more info than what I have here, just let me know what you need and I'll get it in class tomorrow.

 

[phoenix79]

If you're using a domain login, you may try using the "DomainName\UserName" structure to log in.

 

[imagoon]

How are you trying to do this? In a test network or from outside? If you can try from inside your router #1 (weird routing issues can present as 691 rarely.) Otherwise you need to give me a bit more to go on. Is it truly in concentrator mode or are you just sharing your own personal domain (was yourdomain.someschool.local no?) Sometimes you have to use domain\username but shouldn't if you running only 1 domain. As a side note, this isn't your domain controller is it? RRAS messes with DNS / IPs etc. I ran in to some really strange issues in a DC + RRAS system. MS even mentioned that is not recommended.

 

[Pantlegz]

It has a place to put the domain in (win7 pro) but I could try that too, I guess.

it's a test network, directly connected. I wasn't sure if that was causing issues or not. They're both on the same domain. yea the RRAS is on the DC, but I manually added the name/ip in the host table of the client machine. the request is getting to the server, I see it generate an event each time I try to log in, it just fails. I could add another server, and a router if needed but I would like to keep this to just these 2 machines if possible.

 

[Pantlegz]

So I killed the certificate server, trying to eliminate that as the issue but its still giving me authentication errors. Also tried the domain name\user name thing with no luck as well I'll beat my head against it a little longer then I'll just take the RRAS off the DC and see how that works unless anyone else has other ideas.

So I was able to get pptp to work, had a few dns/dhcp issues I resolved as well. But L2TP still wont connect... I think my certificate server is jacked, so I'll scrap that part of it and just use pptp i guess.

 

[imagoon]

L2TP is definitely more difficult to get running over pptp. You need Enterprise to auto issue workstation certs. Each workstation / user will need the correct certificates issued as well.