RRAS Authentication and Accounting

Updated: December 16, 2008

Applies To: Windows Server 2008 R2

If a remote access server is configured for Windows authentication, the security features of Windows Server 2008 are used to verify the credentials for authentication, and the dial-in properties of the user account are used to authorize the connection.

If the remote access server is configured for RADIUS authentication, the connection request, including credentials, is forwarded to the RADIUS server for authentication and authorization. If the RADIUS server is a computer running Network Policy Server (NPS), NPS performs authentication against the credentials that are stored in the user account database, such as Active Directory Domain Services (AD DS) or the local Security Accounts Manager (SAM) database on the server running NPS. NPS performs authorization using the dial-in properties of the user account and with network policies that are configured in NPS.

Events

Event ID Source Message

20084

RemoteAccess

The remote access server will stop using IP address: %1 because it was unable to renew the lease from the DHCP server, the administrator switched between static address pool and DHCP addresses, or the administrator changed to a different network for DHCP addresses.

20085

RemoteAccess

The remote access server was unable to renew the lease for IP address: %1 from the DHCP server. The user assigned with this IP address will be unable to access network resources using IP. Reconnecting to the server will restore IP connectivity.

20101

RemoteAccess

Using the default value for registry parameter: %1 because the value given is not in the allowed range for the parameter.

20170

RemoteAccess

The user %1 has connected and failed to authenticate because of the following error: %2.

20187

RemoteAccess

The user: %1 failed an authentication attempt due to the following reason: %2

20189

RemoteAccess

The user: %1 connected from: %2 but failed an authentication attempt due to the following reason: %3

20191

RemoteAccess

Because the certificate that was configured for clients dialing in with EAP-TLS was not found, a default certificate is being sent to user: %1. Go to the user's remote access policy and configure the Extensible Authentication Protocol (EAP).

20215

RemoteAccess

The IAS/RADIUS server has passed an invalid value to the server running Routing and Remote Access for the following RADIUS attribute: Attribute Type %1; Vendor ID %2; Vendor specific type %3. Use the netsh ras set tracing command to enable packet tracing. Ensure that the RADIUS packets conform to the standards specified in RFC 2548.

20269

RemoteAccess

The user: %1 failed an authentication attempt due to the following reason: %2

20271

RemoteAccess

The user: %1 connected from: %2 but failed an authentication attempt due to the following reason: %3

Related Management Information

RRAS Server

Routing and Remote Access Service Infrastructure

Community Additions

ADD
Show: