Troubleshooting Remote Access Policies

A common problem with remote access policies is that a connection attempt is denied when it should be allowed. When in doubt, apply the logic of Figure 7.7 to the parameters of the connection attempt, the dial-in properties of the user account, and the remote access policies. However, troubleshooting the denial of the connection attempt can be very time consuming when there are multiple remote access policies in place.

When multiple remote access policies are configured and you want to determine which remote access policy is denying the connection attempt, then enable the logging of authentication requests for local files from Remote Access Logging in the Routing and Remote Access snap-in. Logged authentication requests contain the name of the remote access policy used in either accepting or rejecting the connection attempt.