2003 VPN server in NT4 domain

Discussion in 'Windows Networking' started by Jason, Dec 12, 2005.

  1. Jason

    Jason Guest

    Brief Network Topology:
    4 subnets - 192.168.100, 101, 102, 103
    DC in each subnet with PDC in 100 subnet
    2003 VPN member server is in 100 subnet
    The GPO is set to lock accounts after 5 incorrect tries. The trouble I
    am having is that the first user who tries to VPN in gets locked after
    one attempt, even if the logon info is correct. Once the first person
    tries to log on via VPN, everyone else gets in with no problems. The
    System log on the VPN server has, literally, hundreds of 21089 events
    followed by one 20049 event for every attempted VPN logon that fails.
    The first five 21089 events state that the domain\username couldn't
    logon because the username or password is incorrect. However, the user
    never even gets a second chance to try logging on so why does the
    server have 5 entries for incorrect username/password? The next
    hundred 21089 events state the domain\username couldn't be
    authenticated because the account is locked. The 20049 event states
    that the user (just says user not the actual user's account) connected
    to port xxxx but was disconnected because authentication did not
    complete in required time.
    For the latest instance of this problem I noticed that a DC that is not
    in same subnet as VPN server has exact same events in System log at
    same time as in VPN server's log.
    Is this a known issue between 2003 member server and NT4 DCs? Is it
    possible that ther error is occuring because the VPN server is trying
    to authenticate users to a DC not on its subnet?
    Jason, Dec 12, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.