RRAS Authentication and Accounting
Applies To: Windows Server 2008
If a remote access server is configured for Windows authentication, the security features of Windows Server 2008 are used to verify the credentials for authentication, and the dial-in properties of the user account are used to authorize the connection.
If the remote access server is configured for RADIUS authentication, the connection request, including credentials, is forwarded to the RADIUS server for authentication and authorization. If the RADIUS server is a computer running Network Policy Server (NPS), NPS performs authentication against the credentials that are stored in the user account database, such as Active Directory Domain Services (AD DS) or the local Security Accounts Manager (SAM) database on the server running NPS. NPS performs authorization using the dial-in properties of the user account and with network policies that are configured in NPS.
Events
| Event ID | Source | Message |
|---|---|---|
RemoteAccess |
The remote access server will stop using IP address: %1 because it was unable to renew the lease from the DHCP server, the administrator switched between static address pool and DHCP addresses, or the administrator changed to a different network for DHCP addresses. | |
RemoteAccess |
The remote access server was unable to renew the lease for IP address: %1 from the DHCP server. The user assigned with this IP address will be unable to access network resources using IP. Reconnecting to the server will restore IP connectivity. | |
RemoteAccess |
Using the default value for registry parameter: %1 because the value given is not in the allowed range for the parameter. | |
RemoteAccess |
The user %1 has connected and failed to authenticate because of the following error: %2. | |
RemoteAccess |
The user: %1 failed an authentication attempt due to the following reason: %2 | |
RemoteAccess |
The user: %1 connected from: %2 but failed an authentication attempt due to the following reason: %3 | |
RemoteAccess |
Because the certificate that was configured for clients dialing in with EAP-TLS was not found, a default certificate is being sent to user: %1. Go to the user's remote access policy and configure the Extensible Authentication Protocol (EAP). | |
RemoteAccess |
The IAS/RADIUS server has passed an invalid value to the server running Routing and Remote Access for the following RADIUS attribute: Attribute Type %1; Vendor ID %2; Vendor specific type %3. Use the netsh ras set tracing command to enable packet tracing. Ensure that the RADIUS packets conform to the standards specified in RFC 2548. | |
RemoteAccess |
The user: %1 failed an authentication attempt due to the following reason: %2 | |
RemoteAccess |
The user: %1 connected from: %2 but failed an authentication attempt due to the following reason: %3 |