RRAS - so simple



this is basic but impossible, for me, apparently.

Can not enable anything but lan to lan routing. Trying to enable NAT or
dial in I get:

Error: event id: 20153 and 7024
The Remote Access and Routing service did not start because of the following
error: Access was denied because the username and/or password was invalid on
the domain.

computer1, Win2003 member server of mydomain.com on Win2003 box. computer1
is a member of the AD group RAS and IAS servers.

domain using default domain group policy.

used netsh ras add registeredserver sucessfully to register the server in

how can I verify that The RAS and IAS Servers security group has Read
permission to the RAS and IAS Servers Access Check object?, as stated at:


Does service need to use domain id and password instead of local system
account. security event log has vague auditing of my attempts but no failure

Pleeeeeease help!

Bill Grant

If the machine is now a member of the IAS and RAS server group, RRAS is
controlled by AD, not by the local SAM database. Clients will need to
authenticate against AD, and you will need domain credentials to administer

It is a bit like RADIUS. The local machine does the remote access stuff,
but the admin has been offloaded to a "higher authority".

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question