Event ID 20085 — RRAS Authentication and Accounting

Updated: December 16, 2008

Applies To: Windows Server 2008 R2

yellow

If a remote access server is configured for Windows authentication, the security features of Windows Server 2008 are used to verify the credentials for authentication, and the dial-in properties of the user account are used to authorize the connection.

If the remote access server is configured for RADIUS authentication, the connection request, including credentials, is forwarded to the RADIUS server for authentication and authorization. If the RADIUS server is a computer running Network Policy Server (NPS), NPS performs authentication against the credentials that are stored in the user account database, such as Active Directory Domain Services (AD DS) or the local Security Accounts Manager (SAM) database on the server running NPS. NPS performs authorization using the dial-in properties of the user account and with network policies that are configured in NPS.

Event Details

Product: Windows Operating System
ID: 20085
Source: RemoteAccess
Version: 6.1
Symbolic Name: ROUTERLOG_CLIENT_ADDR_LEASE_LOST
Message: The remote access server was unable to renew the lease for IP address: %1 from the DHCP server. The user assigned with this IP address will be unable to access network resources using IP. Reconnecting to the server will restore IP connectivity.

Diagnose

This error might be caused by one of the following conditions:

  • The DHCP server cannot be reached or is not running.
  • The RADIUS server cannot be reached or is not running.
  • The RADIUS server has passed a value to the Routing and Remote Access server that is not valid.

To perform these procedures, you must have membership in Administrators, or you must have been delegated the appropriate authority.

Check the adapter for the DHCP server

  1. Open Routing and Remote Access. Click Start, click Run, type rrasmgmt.msc, and then press ENTER.
  2. In the console tree, right-click the server name, and then click Properties.
  3. On the IPv4 tab, check that the adapter selected is the correct one to receive IP addresses from the DHCP server.
  4. If the adapter is not correct, see the section titled "Restore connection to the DHCP server."

Check RADIUS authentication server settings

  1. Open Routing and Remote Access.
  2. Right-click the server name for which you want to configure RADIUS authentication, and then click Properties.
  3. On the Security tab, in Authentication provider, click RADIUS authentication, and then click Configure.
  4. Check the settings for the RADIUS authentication server.

Check RADIUS accounting server settings

  1. Open Routing and Remote Access.
  2. Right-click the server name for which you want to configure RADIUS accounting, and then click Properties.
  3. On the Security tab, in Accounting provider, click RADIUS accounting, and then click Configure.
  4. Check the settings for the RADIUS accounting server.

Resolve

Resolve

Restore connection to the DHCP server

To perform this procedure, you must have membership in Administrators, or you must have been delegated the appropriate authority.

To select the adapter for the DHCP server:

  1. Open Routing and Remote Access. Click Start, click Run, type rrasmgmt.msc, and then press ENTER.
  2. In the console tree, right-click the server name, and then click Properties.
  3. On the IPv4 tab, select the adapter to receive IP addresses from the DHCP server.

Enable packet tracing

Possible resolution:

  • Use the netsh ras set tracing command to enable packet tracing. Ensure that the RADIUS packets conform to the standards specified in RFC 2548.

Review the remote access service error code

There is not enough information available in the Routing and Remote Access service event message to provide a recommendation for the resolution of the problem. If you continue to get this error, contact Microsoft Product Support Services. For more information, see http://go.microsoft.com/fwlink/?LinkId=52267.

For more information about remote access service error codes, see article 163111 in the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkID=91455).

Correct the registry parameter

Possible resolution:

  • Correct the registry parameter or ignore the error. This error does not cause any interruption in service.

To correct the registry parameter:

  1. Open Registry Editor. Click Start, click Run, type regedit, and then press ENTER.
  2. Right-click HKEY_LOCAL_MACHINE, and then click Find.
  3. Enter the registry parameter name from the event text, and then click Find Next to search through the registry.
  4. Correct the registry parameter.

 

Configure network policy for EAP

In Windows Server 2008, network policy is managed through Network Policy Server (NPS). For information about creating and configuring network policies, see "Checklist: Configure NPS for Dial-up and VPN Access," "Create Policies for Dial-Up or VPN with a Wizard," and "EAP Overview" in Windows Server 2008 NPS Help.

Verify

To verify that the remote access server can accept connections, establish a remote access connection from a client computer.

To create a VPN connection:

  1. Click Start, and then click Control Panel.
  2. Click Network and Internet, click Network and Sharing Center, and then click Set up a connection or network.
  3. Click Connect to a workplace, and then click Next.
  4. Complete the steps in the Connect to a Workplace wizard.

To connect to a remote access server:

  1. In Network and Sharing Center, click Manage network connections.
  2. Double-click the VPN connection, and then click Connect.
  3. Verify that the connection was established successfully.

Related Management Information

RRAS Authentication and Accounting

Routing and Remote Access Service Infrastructure

Community Additions

ADD
Show: