Jump to content

Recommended Posts

Posted

About to seriously pull out hair that I don't have! I've been working on this for the past hour and a half looking at YouTube how-to's trainsignal vid's, etc. For some weird reason even I'm testing locally right now once I get it working locally I'm sure it will work remotely.

I've created my polices with NPS, removed polices, created new one's, modified policies, registered NPS with AD. As far as the user accounts go I've set to Allow dial in access and I've tried even setting to control access through NPS. I've unticked the box in the policy to ignore user's dial in properties, so it should work right? Wrong.

This has got me pretty frustrated, because working with NPS seems easy and looking at the log file I wasn't able to make much sense of any error's there. However I did see in the event viewer in the network policy access events that "user account USER connected on port PORT, but does not have remote access privileges. I don't understand how that is if I have granted access to the user account?

The funny thing is the default Admin account connects just fine. Looking at and comparing the user attributes to a second admin account I've created the only difference is a few groups that the secondary account does not belong to.

My goal is to create a working PPTP VPN connection and Radius authentication for wireless. Neither are working. As far as Radius goes every vid and learning module I've watched always used certificate services and joined the machines to the domain.

Can this be done without using certificates and joining the pc to the domain?

Posted
Posted

Could you provide a copy of those log files for us?

Posted

I figured it out. After hours of frustration, but now I am documenting everything. As far as the fix for anyone interested I should have tried to connect after each change I made, but it was either...

1. Symantec Endpoint Protection in the Network and Sharing Center -> Network Connections -> Advanced -> Advanced Settings -> Provider Order tab

and what I did was arrow up the Microsoft Windows Network to be first in line. Prior it was set for Symantec SNAC network provider order.

or

2. A Network policy (after the many many many that I've created and modified) that the only difference is in the Conditions I added authentication type MS-CHAP v1 & v2, v1,v2 CPW and EAP and the only Constraint I added was Microsoft Secured Password (EAP-MSCHAP v2).

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...