Event ID 20258 — RAS Connection
Applies To: Windows Server 2008 R2
A server running Routing and Remote Access provides two different types of remote access connectivity: virtual private networking (VPN) and dial-up networking. VPN is the creation of secured, point-to-point connections across a private network or a public network, such as the Internet. A VPN client uses special TCP/IP-based protocols called tunneling protocols to make a virtual call to a virtual port on a VPN server. In dial-up networking, a remote access client makes a nonpermanent, dial-up connection to a physical port on a remote access server by using the service of a telecommunications provider, such as analog phone or ISDN. In contrast to dial-up networking, VPN is always a logical, indirect connection between the VPN client and the VPN server over a public network, such as the Internet.
Event Details
Product: | Windows Operating System |
ID: | 20258 |
Source: | RemoteAccess |
Version: | 6.1 |
Symbolic Name: | ROUTERLOG_NO_DIALIN_PRIVILEGE_COID |
Message: | The account for user: %1\%2 connected on port: %3 does not have remote access privilege. The line has been disconnected. |
Resolve
Configure access privileges
To perform these procedures, you must be a member of the Administrators group, or you must have been delegated the appropriate authority.
Follow the procedures in the order in which they appear until the problem is resolved.
Configure remote access user properties
To configure remote access user properties:
If the remote access server is part of a Windows Server 2008 or Windows Server 2003 domain:
- Click Start, click Administrative Tools, and then double-click Active Directory Users and Computers.
- In the console tree, click Users (console tree location: Active Directory Users and Computers/domain name/Users).
- In the details pane, right-click a user name, and then click Properties.
- On the Dial-in tab, under Remote Access Permission (Dial-in or VPN), click Allow access, Deny access, or Control access through NPS Network Policy, and then click OK.
- Configure other settings, as appropriate.
If the remote access server is a standalone server (not part of a domain):
- Click Start, click Administrative Tools, and then double-click Computer Management.
- In the console tree, click Users (console tree location: Computer Management/System Tools/Local Users and Groups/Users).
- In the details pane, right-click a user name, and then click Properties.
- On the Dial-in tab, under Remote Access Permission (Dial-in or VPN), click Allow access, Deny access, or Control access through NPS Network Policy, and then click OK.
- Configure other settings, as appropriate.
Unlock remote access client
- For more information about how to configure remote access client lockout, see article 816118 in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkID=92611).
Configure remote access server to access Active Directory
For a remote access server that is a member server of a domain that is configured for Windows authentication, check that:
- The RAS and IAS Servers security group exists. If not, create the group, and then set the group type to Security and the group scope to Domain local.
- The RAS and IAS Servers security group has read permission to the RAS and IAS Servers Access Check object.
- The computer account of the remote access server computer is a member of the RAS and IAS Servers security group. You can use the netsh ras show registeredserver command to view the current registration. You can use the netsh ras add registeredserver command to register the server in a domain.
- If you add or remove the remote access server to or from the RAS and IAS Servers security group, the change does not take effect immediately (due to the way that Active Directory information is cached). To make the change take effect immediately, you must restart the remote access server computer.
- The remote access server has joined the domain.
Verify
To verify that the remote access server can accept connections, establish a remote access connection from a client computer.
To create a VPN connection:
- Click Start, and then click Control Panel.
- Click Network and Internet, click Network and Sharing Center, and then click Set up a connection or network.
- Click Connect to a workplace, and then click Next.
- Complete the steps in the Connect to a Workplace wizard.
To connect to a remote access server:
- In Network and Sharing Center, click Manage network connections.
- Double-click the VPN connection, and then click Connect.
- Verify that the connection was established successfully.