Microsoft KB Archive/822628

= Users Cannot Negotiate a Connection When a Remote Access Policy Forces Them to Use PPTP =

PSS ID Number: 822628

Article Last Modified on 6/25/2003

-

The information in this article applies to:


 * Microsoft Windows 2000 Server SP4
 * Microsoft Windows 2000 Advanced Server SP4
 * Microsoft Windows 2000 Professional SP4

-





SYMPTOMS
When you create a remote access policy that forces certain remote users to log on to the network by using a Point to Point Tunneling Protocol (PPTP) connection, these users may be denied access when they try to connect to the remote access server.



CAUSE
This issue may occur if all the following conditions are true:
 * Both Layer-2 Tunneling Protocol (L2TP) and PPTP are enabled on the remote access server.

-and-
 * You configure the remote access policy to permit users to gain remote access to the network only by using a PPTP connection.

-and-
 * On the remote access client computers, the Automatic option is selected in the Type of VPN server I am calling list. This list appears on the Networking tab in the properties of the remote access connection.



RESOLUTION
To resolve this issue, specify the connection type that you want to permit in the properties of the remote access connection on the client computers. To do so:
 * 1) On each client computer, click Start, point to Settings, point to Network and Dial-up Connections, right-click the remote access connection, and then click Properties.
 * 2) Click the Networking tab.
 * 3) In the Type of VPN server I am calling list, click Point to Point Tunneling Protocol (PPTP), and then click OK.



MORE INFORMATION
The Automatic option in the properties of the remote access connection is designed so that the client computer tries to first authenticate by using the default protocol. In Windows 2000 Service Pack 4 (SP4), L2TP is the default protocol used. If the connection cannot be negotiated by using the default protocol, Windows tries the next protocol. In Windows 2000 SP4, this is PPTP.

However, if a user is denied access after trying to negotiate a connection by using the default protocol, Windows does not try to negotiate a connection with the other protocol. For additional information about this issue on a Microsoft Windows XP-based computer, click the following article number to view the article in the Microsoft Knowledge Base:

822649 Users Cannot Negotiate a Connection When a Remote Access Policy Forces Them to Use L2TP

Additional query words: vpn permission dialup dial-in privilege right

Keywords: kbprb KB822628

Technology: kbwin2000AdvServSearch kbWin2000AdvServSP4 kbwin2000ProSearch kbWin2000ProSP4 kbwin2000Search kbwin2000ServSearch kbwin2000ServSP4 kbWinAdvServSearch

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© 2004 Microsoft Corporation. All rights reserved.