PPTP Clients Cannot Connect to Windows 2000 PPTP Server (266460)


The information in this article applies to:

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
This article was previously published under Q266460

SUMMARY

When a Microsoft Windows 2000 Server is configured as a Point-to-Point Tunneling Protocol (PPTP) server and PPTP clients from either Microsoft Windows NT, Windows 2000, or Windows 95 or 98 try to establish a PPTP session, they receive the following error message:
Error 649
Login failed: username, password, or domain was incorrect.
The Windows 2000 PPTP Server logs the following error message:
Event ID 20078
The account for user \username connected on port VPN3-127 does not have Remote Access privilege. The line has been disconnected.

Event ID 20189
The user Administrator connected from x.x.x.x but failed an authentication attempt due to the following reason: The user tried to connect using an unauthorized dial-in media.

MORE INFORMATION

To resolve this behavior, follow these steps:
  1. Start the Routing and Remote Access administrative tool.
  2. Expand the options under your Remote Access Service (RAS) server's name.
  3. Click Remote Access Policies, and then right-click and go to Properties on the default policy called Allow access if dial-in permission is enabled.
  4. Click Edit Profile.
  5. On the Dial-in Constraints tab, do one of the following:

    • Clear the Restrict Dial-in Media option.

      -or-
    • Select Restrict Dial-in Media, and then select Ethernet and VPN from the list of options available.
  6. Click Apply, and then click OK.
Modification Type:MinorLast Reviewed:1/20/2006
Keywords:kbinfo KB266460
©2004 Microsoft Corporation. All rights reserved.