Microsoft KB Archive/250881

From BetaArchive Wiki
Knowledge Base

Article ID: 250881

Article Last Modified on 2/28/2007


  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server

This article was previously published under Q250881

IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry


When you configure a Windows 2000-based computer that is a member of a domain, there is no option in the Routing and Remote Access (RRAS) snapin to configure "Allow calling computer to specify its own IP address."


This issue is caused by changes to RRAS in Windows 2000.


WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
To resolve this issue and configure the "Allow calling computer to specify its own IP address" feature, use the appropriate method:

Method 1

NOTE: The registry key listed below will only be used if the remote access policy is set to "Server settings define policy." If the policy is set to anything else, then the registry key is ignored. Once the registry key is set manually, configuring or disabling RRAS will not reset the registry key.

Use Registry Editor (Regedit.exe) to locate the following key in the registry:


Add a new DWORD Value with the following registry value:

Value Name: AllowClientIpAddresses
   Data Type:  REG_DWORD
   Value:      1

Method 2

Windows 2000 RRAS and the Internet Authentication Service (IAS) use remote access policies to determine if a connection should be accepted. You may configure the "Allow calling computer to specify its own IP address" feature by modifying remote access policies. By default, Windows 2000 configures a default policy called "Allow access if dial-in permission." You can either modify the default policy or create a new policy. To modify the default policy:

NOTE: By following the steps below, any client with remote access rights will be allowed to request a Transport Control Protocol/Internet Protocol (TCP/IP) address. If you do not want every client to be able to do this, you must create a new policy with new conditions. Then, only users who meet the conditions of the policy will be allowed to request a predetermined TCP/IP address.

  1. Depending on how your user authentication is configured, open either the IAS Microsoft Management Console (MMC), or the RRAS MMC snapin.
  2. Select Remote Access Policies.
  3. Right-click Allow access if dial-in permission is enabled, and then click Properties.
  4. On the Policy Condition dialog box, click Edit Profile.
  5. From the Edit Dial-in properties dialog box, click IP.
  6. Click Client may request an IP address, click OK, and then click OK.


This behavior is by design.


When a Windows 2000-based computer is not part of a domain, an Incoming Connections icon is present in My Network Places. To enable this functionality:

  1. Right-click My Network Places, and then click Properties.
  2. Right-click Incoming Connections, click Properties, and then click Networking.
  3. Click Internet Protocol(TCP/IP), and then click Properties.
  4. Click Allow calling computer to specify its own IP address, and then close My Network Places.

For more information about RRAS, click the following article numbers to view the articles in the Microsoft Knowledge Base:

227747 RRAS server stops authenticating DUN clients

240855 Using Windows NT 4.0 RAS Servers in a Windows 2000 Domain

191854 RAS Authentication Does Not Work Connecting to RRAS Server

Keywords: kbenv kbnetwork kbprb kbui KB250881