"Error 930" error message when you use a VPN connection to log on to a server that is running Routing and Remote Access (826899)


The information in this article applies to:

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server

SYMPTOMS

When you use a virtual private network (VPN) connection to log on to a server that is running Routing and Remote Access on a Microsoft Windows 2000 domain, one or both of the following issues may occur:
  • You receive the following error message on the client computer:
    Error 930: The authentication server did not respond to authentication requests in a timely fashion.
  • The following error events are logged to the application event log on the server that is running Routing and Remote Access: Event Type: Error
    Event Source: RemoteAccess
    Event Category: None
    Event ID: 20073
    Date: May 22, 2001
    Time: 11:59:48 A.M.
    User: N/A
    Computer: Computer_Name
    Description: The following error occurred in the Point-to-Point Protocol module port: Port, UserName: Username. The authentication server did not respond to authentication requests in a timely fashion.
    Event Type: Error
    Event Source: Netlogon
    Event Category: None
    Event ID: 5788
    Date: May 22, 2001
    Time: 11:59:48 A.M.
    User: N/A
    Computer: Computer_Name
    Error Message: Attempt to update Host Service Principal Names (SPNs) of the computer object in Active Directory failed. The updated values were UNAVAILABLE and UNAVAILABLE. The following error occurred: Access is denied.
    Event Type: Error
    Event Source: Netlogon
    Event Category: None
    Event ID: 5789
    Date: May 22, 2001
    Time: 11:59:48 A.M.
    User: N/A
    Computer: Computer_Name
    Error Message: Attempt to update DNS host name of the computer object in Active Directory failed. The updated value was fully qualified computername. The following error occurred: Access is denied.

CAUSE

This issue may occur if the computer account has permissions to read the Active Directory directory service record, but it does not have permissions to write to the Active Directory record. This issue may also occur if the default path to the Routing and Remote Access log file has been changed or is not valid.

RESOLUTION

To resolve this issue, verify the user permissions in the Active Directory Users and Computers snap-in on a Windows 2000 domain controller. To do this, follow these steps:
  1. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
  2. Expand your domain.
  3. Right-click Domain Controllers, and then click Properties.
  4. Click the Group Policy tab, click Default Domain Controllers Policy, and then click Edit.
  5. Expand Computer Configuration, expand Windows Settings, expand Security Settings, expand Local Policies, and then click User Rights Assignment.
  6. Double-click Access this computer from the network.
  7. By default, the Administrators, the Authenticated Users, and the Everyone groups are assigned this user right. If these groups are not assigned this user right, add them. To do so, click Add, locate the user or group you want to add, and then click OK two times.
The local System account must also have write permissions to the Routing and Remote Access log folder. Following is the default path:

%SYSTEMROOT%\System32\LogFiles

To change or verify the path of the Routing and Remote Access log folder, follow these steps:
  1. Click Start, point to Programs, point to Administrative Tools, and then click Routing and Remote Access.
  2. Click the Route Access Logging object.
  3. Verify that the path of the logging directory is as follows:

    %SYSTEMROOT%\System32\LogFiles

  4. Exit the Routing and Remote Access tool.
Modification Type:MajorLast Reviewed:7/23/2004
Keywords:kberrmsg kbprb KB826899 kbAudEndUser kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.