System Event Log Error IDs

  • Article
On This Page

Common System Event Log Error IDs

Common System Event Log Error IDs

This chapter lists the top few event log error IDs, their description, the actual error messages that you might see, suggestions for troubleshooting and references to knowledge base articles, if any.

Event ID # 20050

Description The Windows NT 4.0 RRAS logs the Event ID 20050 when:

  • You are trying to configure RRAS and attempting to connect.

  • The remote access server does not accept a PPTP connection.

  • The remote access server running PPTP intermittently rejects client connections over an RRAS connection.

The following error message is logged in the event log on the PPTP server:

Event ID: 20050Source: Remote AccessDescription: The user Domain\User connected to port VPNx has been disconnected because the computer could not be projected onto the network.

The following table shows some questions that could facilitate troubleshooting.

Question

Answer

Are you having problems with network services such as DHCP, WINS, or DNS?

Yes

Are you having problems with WINS?

No

Are you having problems with DHCP?

No

Are you having problems integrating DNS and WINS?

No

Are you having problems configuring DNS?

No

Are you having problems with DNS Zone Transfers?

No

Problem resolution Examine the IPCP and PPP logs on the computer running RRAS. An example of a log examination could be as follows:

The call to activate a new route is not working properly and displays error 31.

IPCP.LOG: [205] 02:03:30: IPCP: RasActivateRoute done (31)
PPP.LOG: [205] 02:03:30:421: RasIPCPProjectionNotification returned 31

The RasActivateRoute entry in the log file is a reference to an API that submits the REQTYPE_ACTIVATEROUTE request that makes a route entry. In this case, the error indicates that the computer was not able to activate this route. This error is a result of projecting or "plumbing" the new route into the route table on the RRAS server for the connecting client. This only occurs when all the existing addresses have been used at least once and the clients connecting are actually recycling older, previously used IP addresses.

See hot fix in Q233048 for Microsoft RRAS Update for Windows NT Server version 4.0

KB articles The following articles refer to related solutions:

Q162927 Telnetting to Port 53 May Crash DNS Service

Q164982 Lack of Secondary Address May Cause DNS Service to Hang

Q168033 DNS Server Fails to Start After Promoting Secondary to Primary

Q171781 DNS Server Fails to Start Due to Unavailable RPC Server Error

Q177119 Unable to Create Zones in DNS Manager

Q159310 Updated Version of Dns.exe Fixes Several Problems

Q169461 Access Violation in DNS.EXE Caused by Malicious Telnet Attack

Q169371 DNS Error Message: No More Endpoints

Q154985 DNS Registry Key Not Updated When Changing Zone Type

Q173676 Client Cannot Resolve MX Record via Microsoft DNS Server

Q170518 DNS Admin Fails When Managing Large Number of Zones

Event ID # 20189

PPTP clients cannot connect to the Windows 2000 PPTP server.

Description When a Microsoft Windows 2000 Server is configured as a PPTP server and PPTP clients from Microsoft Windows NT, Windows 2000, Windows 95 or Windows 98 try to establish a PPTP session, they receive the following error message:

Error 649Login failed: username, password, or domain was incorrect.

The Windows 2000 PPTP server logs the following error message:

Event ID 20078
The account for user \username connected on port VPN3-127 does not have Remote Access privilege. The line has been disconnected. Event ID 20189
The user \username connected from x.x.x.x but failed an authentication attempt due to the following reason: The user tried to connect using an unauthorized dial-in media.

Problem resolution To resolve this, try the following procedure:

  1. Open the Routing and Remote Access snap-in.

  2. Expand the node under your PPTP server's name.

  3. Click the Remote Access Policies folder.

  4. Right-click the default policy named Allow access if dial-in permission is enabled, and then click Properties.

  5. Click Edit Profile in the Properties dialog box.

  6. On the Dial-in Constraints tab, complete one of the following tasks:

    • Clear the Restrict Dial-in Media option.

      OR

    • Select Restrict Dial-in Media, and then select Ethernet and VPN from the list of options available.

  7. Click Apply, and then click OK.

KB articles Q266460 PPTP Clients Cannot Connect to Windows 2000 PPTP Server.

Event ID # 1051

Among the leading cause for customer service calls are authorization problems with the DHCP server. These problems generate Event 1051

Description

  • The DHCP Server service has not started.

    Cause: It is possible that the DHCP was not authorized in the AD.

  • The DHCP server stopped running.

    Cause: If your server had been issuing DHCP leases to clients for some time and then suddenly stopped running then it has been unauthorized.

  • A new DHCP server is not able to authorize in a network that already has authorized DHCP servers.

  • Existing DHCP servers might get unauthorized during the attempt to authorize a new DHCP server.

    You may receive one of the following error messages:

    • 



The specified servers are already present in the Directory Service


-OR-


DHCP Server not authorized:Error:Event ID: 1051Source: DHCPServer
The DHCP/BINL service has determined that it is not authorized to service clients on this network for the Windows domain: yourdomainname.com


Problem resolution
Logon with an account that has enterprise administrator privileges and authorize the server using the Active Directory Sites and Services snap-in. If that does not resolve your problem, check the following possibilities:


    

  • It is possible that an administrator from another site may have unauthorized the server. Reauthorize the server, and clients should be able to log on successfully. (See procedure later in this section on how to reauthorize your DHCP server.)
    

    • 

  • It could also be that the server was never touched since the time when the server was promoted to Active Directory. In this case, the server will continue to work. However, the first time that you access the DHCP snap-in, you will have to authorize it.
    

    • 

  • A last possibility is that some level of corruption could have occurred in the Active Directory configuration.
    

    • 

  • In some cases, you might need to perform one or both of the following procedures:
    

      

    • Delete the DHCP servers in Active Directory Sites and Services, and then reauthorize the DHCP servers.
      

      • 

    • Authorize the DHCP servers by using Adsiedit.msc, which is an administrative tool that is included in the support tools for Windows 2000. Adsiedit.msc is installed when you install the support tools from the Support\Tools folder on the Windows 2000 Server CD-ROM or the Windows 2000 Professional CD-ROM.
      

      • 

    

    • 











Note: To learn more about how to use Adsiedit.msc, see Authorizing the DHCP Servers by Using Adsiedit.msc in the KB article # Q306925.







To resolve the authorization problem, you need to re-authorize your DHCP server. To do so:


    

  1. Go to Start, Programs, Administrative Tools, DHCP to start the DHCP snap-in.
    

    2. 

  2. Right-click DHCP in the upper-left corner of the DHCP snap-in, and then select Manage Authorized Servers. If your server is not already listed, select Authorize, and enter the IP address of the server you want to authorize.
    

    3. 

  3. When prompted, select Yes to verify that the IP address is correct.
    

    4. 

  4. Restart the DHCP server.
    

    5. 



OR


    

  1. Start the Active Directory Sites and Services MMC.
    

    2. 

  2. Click Services, and then click Net Services.
    

    3. 

  3. Delete the DHCP servers that you cannot add to the Active Directory.
    

    4. 

  4. Either force replication for the Active Directory to the other sites or wait for the replication cycle.
    

    5. 

  5. Reauthorize the DHCP servers.
    

    6. 



You can also change the rogue detection settings to try and resolve this problem. Try the following:


    

  1. Set DisableRogueDetection to 1.
    

    Set the following registry key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DHCPServer\Parameters
    

    Value name: DisableRogueDetection
Data type: REG_DWORD
Value data: 1
    

    2. 

  2. Restart the server for the setting to take effect.
    

    3. 



Changing authorization intervals:


A Windows 2000 DHCP server verifies authorization status with the Active Directory when it starts and then does so again approximately every 60 minutes. If the server fails, it retries every five minutes. This process can consume as much as 1 MB of bandwidth. So if you have multiple DHCP servers, the authorization process can slow down performance considerably.


To resolve this issue:


    

  1. Upgrade each DHCP Server to Windows 2000 SP2, which has been optimized to reduce the inefficiency in the authorization process.
    

    2. 

  2. Use Regedt32 to Add Value name RogueAuthorizationRecheckInterval, a REG_DWORD data type, at HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DHCPServer\Parameters.
    

    3. 

  3. Change the minutes between authorizations from the default value of 60 minutes to a number that yields acceptable performance.
    

    4. 



KB articles
Q306925 Cannot Authorize New DHCP Server in Active Directory.


Q303525 Invalid LDAP Filter for DHCP Server Authorization.


Q299363 An Event ID 1051 Message May Be Displayed After You Install Service Pack 2.


Event ID # 20187


Description
The users <domain name>\<user id> failed an authentication attempt due to the following reason:


The current configuration only supports local user accounts:


Problem resolution
Edit the registry HKEY_CURRENT_USER\RemoteAccess\Profile\<DUN name> and delete the "Domain" string.


OR


Enter the host computer name in the Domain field in the password dialog box on the client computer.


Event ID # 20049


Description
You may receive an error message when you attempt to connect your Windows 2000-based computer that uses RAS to a Windows NT Server 4.0-based computer that uses the RRAS Update.


The Windows 2000-based computer displays the following error message when it cannot establish a connection:


Retrying authentication...Error 691: Access denied because username and/or password is invalid on the domain.


The Windows NT Server 4.0-based computer logs the following error messages in the system log


Event ID: 20049Source: RouterType: WarningDescription: The user connected to port %Name% has been disconnected due to an authentication timeout.


Problem resolution
You may get this message if your remote access server is located behind a firewall. To resolve this issue, make sure that the firewall is configured to allow VPN traffic.


Microsoft has confirmed this to be an issue in Windows NT version 4.0. This issue was first corrected in Windows NT 4.0 Service Pack 4. To resolve this issue, obtain the latest service pack for Windows NT version 4.0. For additional information, please see Q152734 How to Obtain the Latest Windows NT 4.0 Service Pack.


KB articles
For additional information about RRAS and PPTP upgrades, please see the following articles in the Microsoft Knowledge Base:


Q189594 RRAS Upgrade for WinNT Server 4.0 Hotfix Pack 3.0 Release Notes.


Q189595 PPTP Performance & Security Upgrade for WinNT 4.0 Release Notes.


Event ID # 20014


Description
You may receive an error message when you attempt to connect your Windows 2000-based computer that uses RAS to a Windows NT Server 4.0-based computer that uses the RRAS Update.


The Windows 2000-based computer displays the following error message when it cannot establish a connection:


Retrying authentication...Error 691: Access denied because username and/or password is invalid on the domain.


The Windows NT Server 4.0-based computer logs the following error messages in the system log


Event ID: 20014Source: RouterType: WarningDescription: The user connected to port %Name% has been disconnected due to an authentication timeout.


Problem resolution
Install the latest RRAS upgrade for Windows NT Server 4.0 Hotfix Pack. Follow the instructions below to obtain and install the upgrade:


    

  1. Download and install the PPTP Performance Update for Windows NT 4.0 from the following location: ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/hotfixes-postSP3/pptp3-fix/NOTE: Do not restart your computer after you install the PPTP update.
    

    2. 

  2. Download and install the RRAS Upgrade for Windows NT Server 4.0 Hotfix Pack 3.0 from the following location: ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/hotfixes-postSP3/rras30-fix/.
    

    3. 

  3. Restart your computer.
    

    4. 



Microsoft has confirmed this to be a problem in Windows NT version 4.0 first corrected in Windows NT 4.0 Service Pack 4. To resolve this issue, obtain the latest service pack for Windows NT version 4.0.


KB articles
For additional information about the RRAS and PPTP upgrades, please see the following articles in the Microsoft Knowledge Base:


Q189594 RRAS Upgrade for WinNT Server 4.0 Hotfix Pack 3.0 Release Notes.


Q189595 PPTP Performance & Security Upgrade for WinNT 4.0 Release Notes.


For additional information, please see the following articles in the Microsoft Knowledge Base:


Q152734 How to Obtain the Latest Windows NT 4.0 Service Pack.


Q191854 RAS Authentication Does Not Work Connecting to RRAS server.


Event ID # 20073


Description
When you set up IAS for RRAS for either VPN or dial-up traffic, the client computers may receive the following error message:


Error 930: The authentication server did not respond to authentication requests in a timely fashion.


On the RRAS server, the following error message may be reported:


Event Type: ErrorEvent Source: RemoteAccessEvent Category: NoneEvent ID: 20073Date: May 22, 2001Time: 11:59:48 A.M.User: N/AComputer: ComputernameDescription: The following error occurred in the Point-to-Point Protocol module port: Port, UserName: Username.
The authentication server did not respond to authentication requests in a timely fashion.



On the IAS server, the following error message may be reported where IP_Address is the IP address of the RRAS server:


Event Type: ErrorEvent Source: IASEvent Category: NoneEvent ID: 13Date: May 22, 2001Time: 11:59:48 A.M.User: N/AComputer: ComputernameDescription: A request was received from the invalid client IP Address IP_Address.



Cause
This can occur if the RRAS server has not been set up as a RADIUS client in the IAS MMC.


Problem resolution
To resolve this, add the RADIUS clients in the IAS snap-in:


    

  1. Click Start, click Control Panel, double-click Administrative Tools, and then click Internet Authentication Service.
    

    2. 

  2. Right-click Clients, and then click New Client.
    

    3. 

  3. In the Friendly Name field, enter a descriptive name.
    

    4. 

  4. In Protocol, click RADIUS, and then click Next.
    

    5. 

  5. In the Client Address (IP or Domain Name System [DNS]) field, enter the DNS or IP address for the client. If you use a DNS name, click Verify. In the Resolve DNS Name dialog box, click Resolve, and then select the IP address that you want to associate with that name from "Search Results."
    

    6. 

  6. If the client is a NAS and you plan to use NAS-specific remote access policies for configuration purposes, for example, a remote access policy that contains vendor-specific attributes, click Client Vendor, and then click the name of the manufacturer. If you do not know the name of the manufacturer or the name is not on the list, click RADIUS Standard. If the RADIUS client is running either Microsoft Windows NT Server or Windows 2000 Server with RRAS, click Microsoft.
    

    7. 

  7. In the Shared Secret field, enter the shared secret for the client, and then enter it again in the Confirm Shared Secret field.
    

    8. 

  8. If your NAS supports the use of the signature attribute for verification (with PAP, CHAP, MS-CHAP, or MS-CHAP v2), click to select the Client must always send the signature attribute in the request check box.
    

    9. 











Note: If NAS does not support the signature attribute for PAP, CHAP, MS-CHAP, or MS-CHAP v2, do not select the Client must always send the signature attribute in the request check box.







KB articles
For more information, see Q299684.


Event ID # 20171


Description
The following event may be recorded in the Event Viewer on a Windows 2000-based server running the RRAS and configured for L2TP connections:


Event Type: WarningEvent Source: RemoteAccessEvent Category: NoneEvent ID: 20171Description: Failed to apply IP Security on port Server name and L2tp Port number because of error: The RPC server is unavailable. No calls will be accepted to this port.



In addition, the L2TP clients will not be able to connect to the remote access server when this event is logged.


Cause
This event is typically logged on Windows 2000 servers that are running RRAS and Internet Security and Acceleration (ISA) Server on the same server, due to a race condition between these two services. A race condition is when supposedly asynchronous events suddenly occur simultaneously.


Problem resolution
To work around this problem, configure RRAS to start manually instead of automatically, and then after you start the computer, you can manually start the Routing and Remote Access.


To configure RRAS to start manually, use the Services tool in the Administrative Tools folder (Click Start, point to Programs, and then click Administrative Tools), or change the configuration in the properties of the RRAS service.


Simply setting dependencies for the RRAS service may not resolve this race condition, which is why the workaround that is provided here is suggested.


KB articles
For additional information, see Q306193.