Discussion:
RAS site to site vpn User Authentication
(too old to reply)
StinkyDuck
2007-07-05 18:57:42 UTC
Permalink
We are trying to setup a RAS site to site VPN connection. Both sites
have domains. We were able to successfully setup a site to site VPN but
have some questions concerning user credentials.

If a user at site A attempts to connect to a server/computer/network
share on site B, how do the credentials work? Are the credentials
passed through the VPN connection? When trying to connect to a
server/computer/network share will it use the credentials of the Demand
Dial user?

We would like user from both domains to be able to access
server/computer/network shares on either domains. Do we need to perform
a trust between the domains first?

Any help would be greatly appreciated.

-StinkyDuck
Robert L [MVP - Networking]
2007-07-05 21:25:34 UTC
Permalink
If you have a lot users need to access each other, it is better to create trust. If only a few users, you may just create the same username and password on the remote server.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"StinkyDuck" <***@gmail.com> wrote in message news:***@TK2MSFTNGP02.phx.gbl...
We are trying to setup a RAS site to site VPN connection. Both sites
have domains. We were able to successfully setup a site to site VPN but
have some questions concerning user credentials.

If a user at site A attempts to connect to a server/computer/network
share on site B, how do the credentials work? Are the credentials
passed through the VPN connection? When trying to connect to a
server/computer/network share will it use the credentials of the Demand
Dial user?

We would like user from both domains to be able to access
server/computer/network shares on either domains. Do we need to perform
a trust between the domains first?

Any help would be greatly appreciated.

-StinkyDuck
StinkyDuck
2007-07-05 22:21:21 UTC
Permalink
Post by StinkyDuck
We are trying to setup a RAS site to site VPN connection. Both sites
have domains. We were able to successfully setup a site to site VPN
but have some questions concerning user credentials.
If a user at site A attempts to connect to a server/computer/network
share on site B, how do the credentials work? Are the credentials
passed through the VPN connection? When trying to connect to a
server/computer/network share will it use the credentials of the
Demand Dial user?
We would like user from both domains to be able to access
server/computer/network shares on either domains. Do we need to
perform a trust between the domains first?
Any help would be greatly appreciated.
-StinkyDuck
When I try to establish the VPN connection, I'm getting the following error:

An error occurred during connection of the interface.
No more connections can be made to this remote computer at this time
because there are already as many connections as the computer can accept.

I'm not sure what to look for at this point.

-StinkyDuck
Kurt
2007-07-06 02:00:18 UTC
Permalink
Post by StinkyDuck
Post by StinkyDuck
We are trying to setup a RAS site to site VPN connection. Both sites
have domains. We were able to successfully setup a site to site VPN
but have some questions concerning user credentials.
If a user at site A attempts to connect to a server/computer/network
share on site B, how do the credentials work? Are the credentials
passed through the VPN connection? When trying to connect to a
server/computer/network share will it use the credentials of the
Demand Dial user?
We would like user from both domains to be able to access
server/computer/network shares on either domains. Do we need to
perform a trust between the domains first?
Any help would be greatly appreciated.
-StinkyDuck
An error occurred during connection of the interface.
No more connections can be made to this remote computer at this time
because there are already as many connections as the computer can accept.
I'm not sure what to look for at this point.
-StinkyDuck
It's possible that the error id directly related to the VPN, or that you
simply don't have enough server CALs for additional connections. Maybe
you can answer these questions to help with the diagnosis:

1) What type of site-to-site VPN? (You said RAS, but specifically PPTP?,
L2TP?, etc.).

2) Remote server licensed in "per server" or "per device/user" mode?

3) How many licenses?

4) How many connections?

...kurt
StinkyDuck
2007-07-06 04:21:06 UTC
Permalink
Post by Kurt
Post by StinkyDuck
Post by StinkyDuck
We are trying to setup a RAS site to site VPN connection. Both
sites have domains. We were able to successfully setup a site to
site VPN but have some questions concerning user credentials.
If a user at site A attempts to connect to a server/computer/network
share on site B, how do the credentials work? Are the credentials
passed through the VPN connection? When trying to connect to a
server/computer/network share will it use the credentials of the
Demand Dial user?
We would like user from both domains to be able to access
server/computer/network shares on either domains. Do we need to
perform a trust between the domains first?
Any help would be greatly appreciated.
-StinkyDuck
An error occurred during connection of the interface.
No more connections can be made to this remote computer at this time
because there are already as many connections as the computer can accept.
I'm not sure what to look for at this point.
-StinkyDuck
It's possible that the error id directly related to the VPN, or that
you simply don't have enough server CALs for additional connections.
1) What type of site-to-site VPN? (You said RAS, but specifically
PPTP?, L2TP?, etc.).
2) Remote server licensed in "per server" or "per device/user" mode?
3) How many licenses?
4) How many connections?
...kurt
I have setup PPTP.

The licensing is per device. We are running Win2003 Small Business
Server. When checking the licenses it says the following:
Installed Licenses: 45
Maximum Usage: 34

I'm just trying to connect the DOD connection and the connection error
comes up.

-StinkyDuck
StinkyDuck
2007-07-06 04:26:19 UTC
Permalink
Post by StinkyDuck
We are trying to setup a RAS site to site VPN connection. Both sites
have domains. We were able to successfully setup a site to site VPN
but have some questions concerning user credentials.
If a user at site A attempts to connect to a server/computer/network
share on site B, how do the credentials work? Are the credentials
passed through the VPN connection? When trying to connect to a
server/computer/network share will it use the credentials of the
Demand Dial user?
We would like user from both domains to be able to access
server/computer/network shares on either domains. Do we need to
perform a trust between the domains first?
Any help would be greatly appreciated.
-StinkyDuck
Here is an article i found browing Google Groups. Doesn't make much
sense though. Can anyone shed some light?

http://groups.google.com/group/microsoft.public.windows.server.sbs/browse_thread/thread/30d367cdcd6b0321/d029c090fa1f00d5?lnk=st&q=event+id+20097&rnum=1&hl=en#d029c090fa1f00d5

-StinkyDuck
unknown
2008-12-02 17:37:35 UTC
Permalink
Licenses have an affect on your connections but ALSO WAN Miniports do too.

In your RAS look at the item titled "Ports". It will be on the left under the RAS Server you selected.

"Right Mouse click" on Ports and select "Properties".

You will probably see two items:

WAN Miniport (PPTP)
WAN Miniport (L2TP)

On the FAR RIGHT COLUMN look at the "Number of Ports"

Double click on the line item and increase the number until you see your users connecting.

This works for demand dial and remote access as router.

(Note: I have noticed that even though the "Ports" listing will show some "inactive", this is not a clear representation of how many are available based upon the protocol you are using.)
Hamish Blake
2008-12-08 02:57:00 UTC
Permalink
Hi Mark,

We are having an issue where we have set the number of ports to be 128 for
both PPTP and L2TP but no more than 16 simultaneous connection are allowed.

I am at my wits end trying to figure this one out. Any ideas?
Post by unknown
Licenses have an affect on your connections but ALSO WAN Miniports do too.
In your RAS look at the item titled "Ports". It will be on the left under the RAS Server you selected.
"Right Mouse click" on Ports and select "Properties".
WAN Miniport (PPTP)
WAN Miniport (L2TP)
On the FAR RIGHT COLUMN look at the "Number of Ports"
Double click on the line item and increase the number until you see your users connecting.
This works for demand dial and remote access as router.
(Note: I have noticed that even though the "Ports" listing will show some "inactive", this is not a clear representation of how many are available based upon the protocol you are using.)
Loading...