IAS error 49

Attempting to setup IAS so that a Watchguard firewall can authenticate PPTP
connections. Following Watchguard instructions and MS instructions installed
IAS on a Win2003 Server, SP2, domain controller. Registered the server with
Active Directory. There is one policy which says to grant access to the
windows group pptp_users. The pptp_user group is populated with users who
have dial-in access rights in their profile and we're using reversible
encryption at the domain level. Here is the error I receive when trying to
connect. Any ideas on how to solve this is appreciated.

User xxxxx was denied access.
Fully-Qualified-User-Name = <undetermined>
NAS-IP-Address = 127.0.0.1
NAS-Identifier = <not present>
Called-Station-Identifier = <not present>
Calling-Station-Identifier = <not present>
Client-Friendly-Name = Firebox
Client-IP-Address = 65.181.48.59
NAS-Port-Type = <not present>
NAS-Port = 0
Proxy-Policy-Name = <none>
Authentication-Provider = <undetermined>
Authentication-Server = <undetermined>
Policy-Name = <undetermined>
Authentication-Type = <undetermined>
EAP-Type = <undetermined>
Reason-Code = 49
Reason = The connection attempt did not match any connection request policy.

Is it possible you deleted the default Connection Request Policies policy
when you created the policy? This post may help,

IAS Reason-Code = 49
http://www.chicagotech.net/netforums...hp?p=2854#2854
--
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com


"barberless" <(E-Mail Removed)> wrote in message
news:8C8936AA-4675-4452-9148-(E-Mail Removed)...
> Attempting to setup IAS so that a Watchguard firewall can authenticate
> PPTP
> connections. Following Watchguard instructions and MS instructions
> installed
> IAS on a Win2003 Server, SP2, domain controller. Registered the server
> with
> Active Directory. There is one policy which says to grant access to the
> windows group pptp_users. The pptp_user group is populated with users who
> have dial-in access rights in their profile and we're using reversible
> encryption at the domain level. Here is the error I receive when trying
> to
> connect. Any ideas on how to solve this is appreciated.
>
> User xxxxx was denied access.
> Fully-Qualified-User-Name = <undetermined>
> NAS-IP-Address = 127.0.0.1
> NAS-Identifier = <not present>
> Called-Station-Identifier = <not present>
> Calling-Station-Identifier = <not present>
> Client-Friendly-Name = Firebox
> Client-IP-Address = 65.181.48.59
> NAS-Port-Type = <not present>
> NAS-Port = 0
> Proxy-Policy-Name = <none>
> Authentication-Provider = <undetermined>
> Authentication-Server = <undetermined>
> Policy-Name = <undetermined>
> Authentication-Type = <undetermined>
> EAP-Type = <undetermined>
> Reason-Code = 49
> Reason = The connection attempt did not match any connection request
> policy.
>

Yes, I saw this post and restored the ias.mdb and recreated everything, but
didn't see any difference in the policy options. I also uninstalled IAS,
re-copied the ias.mdb, restarted, reinstalled and the policy list was already
populated with the policy I created previously. Perhaps I misunderstood the
instructions in the post. After copying the ias.mdb file, what should the
next step have been?

Thanks for responding.

"Robert L (MS-MVP)" wrote:

> Is it possible you deleted the default Connection Request Policies policy
> when you created the policy? This post may help,
>
> IAS Reason-Code = 49
> http://www.chicagotech.net/netforums...hp?p=2854#2854
> --
> Bob Lin, MS-MVP, MCSE & CNE
> Networking, Internet, Routing, VPN Troubleshooting on
> http://www.ChicagoTech.net
> How to Setup Windows, Network, VPN & Remote Access on
> http://www.HowToNetworking.com
>
>
> "barberless" <(E-Mail Removed)> wrote in message
> news:8C8936AA-4675-4452-9148-(E-Mail Removed)...
> > Attempting to setup IAS so that a Watchguard firewall can authenticate
> > PPTP
> > connections. Following Watchguard instructions and MS instructions
> > installed
> > IAS on a Win2003 Server, SP2, domain controller. Registered the server
> > with
> > Active Directory. There is one policy which says to grant access to the
> > windows group pptp_users. The pptp_user group is populated with users who
> > have dial-in access rights in their profile and we're using reversible
> > encryption at the domain level. Here is the error I receive when trying
> > to
> > connect. Any ideas on how to solve this is appreciated.
> >
> > User xxxxx was denied access.
> > Fully-Qualified-User-Name = <undetermined>
> > NAS-IP-Address = 127.0.0.1
> > NAS-Identifier = <not present>
> > Called-Station-Identifier = <not present>
> > Calling-Station-Identifier = <not present>
> > Client-Friendly-Name = Firebox
> > Client-IP-Address = 65.181.48.59
> > NAS-Port-Type = <not present>
> > NAS-Port = 0
> > Proxy-Policy-Name = <none>
> > Authentication-Provider = <undetermined>
> > Authentication-Server = <undetermined>
> > Policy-Name = <undetermined>
> > Authentication-Type = <undetermined>
> > EAP-Type = <undetermined>
> > Reason-Code = 49
> > Reason = The connection attempt did not match any connection request
> > policy.
> >
>
>
>

I was not able to get this working on the original server. Switched to a
different dc and it works perfectly now.

"barberless" wrote:

> Yes, I saw this post and restored the ias.mdb and recreated everything, but
> didn't see any difference in the policy options. I also uninstalled IAS,
> re-copied the ias.mdb, restarted, reinstalled and the policy list was already
> populated with the policy I created previously. Perhaps I misunderstood the
> instructions in the post. After copying the ias.mdb file, what should the
> next step have been?
>
> Thanks for responding.
>
> "Robert L (MS-MVP)" wrote:
>
> > Is it possible you deleted the default Connection Request Policies policy
> > when you created the policy? This post may help,
> >
> > IAS Reason-Code = 49
> > http://www.chicagotech.net/netforums...hp?p=2854#2854
> > --
> > Bob Lin, MS-MVP, MCSE & CNE
> > Networking, Internet, Routing, VPN Troubleshooting on
> > http://www.ChicagoTech.net
> > How to Setup Windows, Network, VPN & Remote Access on
> > http://www.HowToNetworking.com
> >
> >
> > "barberless" <(E-Mail Removed)> wrote in message
> > news:8C8936AA-4675-4452-9148-(E-Mail Removed)...
> > > Attempting to setup IAS so that a Watchguard firewall can authenticate
> > > PPTP
> > > connections. Following Watchguard instructions and MS instructions
> > > installed
> > > IAS on a Win2003 Server, SP2, domain controller. Registered the server
> > > with
> > > Active Directory. There is one policy which says to grant access to the
> > > windows group pptp_users. The pptp_user group is populated with users who
> > > have dial-in access rights in their profile and we're using reversible
> > > encryption at the domain level. Here is the error I receive when trying
> > > to
> > > connect. Any ideas on how to solve this is appreciated.
> > >
> > > User xxxxx was denied access.
> > > Fully-Qualified-User-Name = <undetermined>
> > > NAS-IP-Address = 127.0.0.1
> > > NAS-Identifier = <not present>
> > > Called-Station-Identifier = <not present>
> > > Calling-Station-Identifier = <not present>
> > > Client-Friendly-Name = Firebox
> > > Client-IP-Address = 65.181.48.59
> > > NAS-Port-Type = <not present>
> > > NAS-Port = 0
> > > Proxy-Policy-Name = <none>
> > > Authentication-Provider = <undetermined>
> > > Authentication-Server = <undetermined>
> > > Policy-Name = <undetermined>
> > > Authentication-Type = <undetermined>
> > > EAP-Type = <undetermined>
> > > Reason-Code = 49
> > > Reason = The connection attempt did not match any connection request
> > > policy.
> > >
> >
> >
> >