Got an odd one that I can't find a solution to... W2K3 AD with 2-way trust to old NT4.0 domain. Got a member server in old, W2K server running RAS. If I connect using credentials in the old domain, I connect fine. If I try to connect using credentials in the new domain, I get a client error "The authentication server did not respond in a timely fashion", and event ID 20073 pops into RAS server event log. Did some checking and found that adding the RAS server to the "RAS and IAS Servers" security group in AD should fix it. Problem is, I can't find any server objects/machine objects to add to the group, only users and groups. (This also happens trying to add objects to any groups) Also supposed to be able to use "netsh ras add registeredserver" to do this, but that fails with "The specified domain either does not exist or could not be contacted". Domain and server name show correctly at that command. Trust is working for all other functions. Pre-Windows 2000 Compatible access is set to everyone. Can't migrate this box to the new AD yet since I still have remote users on the old domain and we can't migrate them for a while yet. I also don't want to migrate the remote users if they can't get to the RAS server. :-) Not using IAS. The whole Windows-based RAS is going to go away in a few months courtesy of Cisco VPN or another similar solution, but I need to make this work for now. It appears that AD doesn't support adding NT4 machine accounts to the groups. Any ideas? Thanks!
********************** Charlie Kaiser MCSE, CCNA Systems Engineer Essex Credit / Brickwalk 510 985 0975 x5083 ********************** List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
