No Authentication Using Non-Domain Controller for RAS Server (178274)


The information in this article applies to:

  • Microsoft Windows NT Workstation 3.5
  • Microsoft Windows NT Workstation 3.51
  • Microsoft Windows NT Workstation 4.0
  • Microsoft Windows NT Server 3.5
  • Microsoft Windows NT Server 3.51
  • Microsoft Windows NT Server 4.0
  • Microsoft Windows for Workgroups 3.11
  • Microsoft TCP/IP-32 for Windows for Workgroups
  • Microsoft Windows 95
This article was previously published under Q178274

SYMPTOMS

When you attempt to connect to a computer running Windows NT Server and the Remote Access Service (RAS) from either a RAS client or a Dial-Up Networking (DUN) client, you may receive the following error:
No domain server was available to validate your password. You may not be able to gain access to some network resources.
The RAS server is using a RAS device that uses its own Point to Point Protocol (PPP) validation.

CAUSE

Certain RAS devices may use their own PPP validation and not the validation of the RAS server. This may not be a problem if such a device is directly connected to a primary domain controller (PDC) or a backup domain controller (BDC). However, if the RAS server is a member server that participates in domain security, the RAS client may not be able to get validated.

RESOLUTION

To resolve this problem, perform one of the following:

  • Exchange your RAS device for one that is on the Microsoft Windows NT Server Hardware Compatibility List. For more information, see the following article in the Microsoft Knowledge Base:

    131303 Latest Windows 2000 and Windows NT Hardware Compatibility List (HCL)

    -or-

  • On the RAS client, specify the domain name in the user credentials, such as the following:

    <DomainName>\<UserName>

MORE INFORMATION

The problem has to do with the way the authentication takes place. The RAS server attempts to log the client into its local account database first (if one exists). Next, the RAS server appends the domain name and sends the validation request to the appropriate domain controller. If the RAS device attempts the validation, it never appends the domain name. As a result, if there is not an account in the local account database, the client will not be validated.
Modification Type:MajorLast Reviewed:11/21/2003
Keywords:kbinterop kbnetwork kbprb KB178274
©2003 Microsoft Corporation. All rights reserved.