RRAS authentication Event ID 930 (client) 20073 (server)
I have two forests which have two way trusts in place. Both are 2003 Domain/Forest I have RRAS installed on a 2000 server and it will not authenticate users in the remote forest. I have a second RRAS installed on a 2003 server and that will happily authenticate users in the remote forest. Both RRAS will authenticate local server user accounts and local domain user accounts. There is nothing logged on the Domain Controllers of the remote domain. The error message is one I have Bing'd/Googl'd "The authentication server did not respond to authentication requests in a timely fashion." and nothing has helped. What difference is there between W2K and 2K3 that prevents the 2000 server from being allowed to authenticate the users? This only started after the last Domain Controller (remote domain) was upgraded from 2000 to 2003 r2. Any help advice would be most appreciated. Chris
December 21st, 2010 7:07am

Hi, Thanks for the post. To enable a remote access server that is running Windows 2000 in a domain in one Active Directory forest to authenticate the remote access credentials for a user account in a domain in another Active Directory forest, you must use a RADIUS proxy between the remote access server and the IAS server. A RADIUS proxy is a RADIUS server that forwards RADIUS requests between RADIUS clients and RADIUS servers. The RADIUS proxy acts as a RADIUS server to RADIUS clients and a RADIUS client to RADIUS servers. Windows 2000 does not support RADIUS proxy. RADIUS proxy is supported by the Internet Connection Services for Microsoft RAS, Commercial Edition for Windows NT Server 4.0, an upgrade to the Internet Connection Services for Microsoft RAS component of the Windows NT 4.0 Option Pack. For more information, please take a look at this article (http://technet.microsoft.com/en-us/library/bb742380.aspx) If we do have a RADIUS proxy, this issue may occur if the computer account has permissions to read the Active Directory directory service record, but it does not have permissions to write to the Active Directory record. This issue may also occur if the default path to the Routing and Remote Access log file has been changed or is not valid. Please refer to the following KB article to troubleshoot it: http://support.microsoft.com/kb/826899 Hope this helps. Miles Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
December 23rd, 2010 4:07am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics