Gateway-to-Gateway VPN configuration problems

[gchaple]

When I run the Remote VPN wizard it fails with a dialog box from ISA Server
"The wizard cannot create the Virtual Private Network (VPN) connection. An action to allow dial-in permissions failed"

I am using the Evaluation copy of ISA Server on w2kSP2 at both ends

RRAS does not seem to be touched.
I can not find any clues in the ISA logs or Event Viewer.
Has anyone seen this before?

What is galling is that I DID get it to work, but for various reasons had to reinstall ISA server at one end (made the server a Domain Controller so restoring the ISA server settings did not work). And since then the ISA Server has been re-installed at the other end too.

The Local VPN wizard runs OK
A new static route and demand-dial interface appear in RRAS
The .vpc file is used on the Remote ISA server with the Remote VPN wizard.
The password is accepted and the decoded information looks OK

But the RRAS static route and demand-dial interface are not created.

I have checked LAT on both Servers

 

[Sithl0rd]

This seems to be an easy problem to fix. Since you promoted your server to a Domain Controller you left it in Mixed mode, and by default a mixed mode domain sets dial in permissions for everyone to Deny. Go to Active Directory Users and Computers, Select the User account object you are using to allow the VPN connection to be established. Go to the properties of that account and Select Dial-In. Under the dial-in tab change the option from Deny Access to Allow Access

 

[NetFortify]

Yes, I have the same problem. The problem occured when I promoted to a domain controller. Microsoft says they can not recreate the problem. We are doing it all the old fasion way with RRAS. If anyone finds out why the wizard can not set dial-in permission, that would be great. Again, from my point it is when we promoted to a domain controller. Must be a rights, policy, etc, thing....