Still using tired old pptp, but finding error 691 on the client end and no connections

home | blog | Teh Internet | guest blog |rants | placeholder | political | projects | Gwen and Liam | Citadel patched | Tools | Scouts


- Careful Chrome users, this search box might be "Not secure"



Check this:
Click Start, point to Administrative Tools and click on Internet Authentication Services.
Make sure the service is running (or just restart it if nobody else is connected)


If the service fails to start, and you have dns.exe listening on udp ports that should be reserved for RADIUS:
---------------------------------------------------------
Here is how to tell what is listening to ports on your MS box of twine:
ports in use


Check this fix out (to reserve ports) on a server where MS08-037 was installed:

Check the registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ReservedPorts
Add in important ports so the "special" fix to the dns vulnerability does not eat all important ports:

1645-1646 - Used by IAS
1701-1701 - Used by L2TP
1812-1813 - Used by IAS
2883-2883 - Used by AUTD
4500-4500 - Used by IPSEC

If the key does not exist:
   1. Start Registry Editor (Regedit.exe).
   2. Locate and then click the following registry subkey:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
   3. On the Edit menu, point to New, and then click Multi-string Value.
   4. Right-click the new value, click Rename, type ReservedPorts, and then press ENTER.
   5. Double-click the ReservedPorts value, type the range of ports that you want to reserve, and then click OK.

      Note You must type the range of ports in the following format:
      xxxx-yyyy
      To specify a single port, use the same value for x and y. For example, to specify port 4000, type 4000-4000.

      Warning If you specify the continuous ports separately and if one port is reserved and not used, the next port is not correctly reserved, and it is used.
   6. Click OK.
   7. Quit Registry Editor.

When you get an error about REG_MULTI_SZ it is ok (again, stellar programming).


And of course, as it is MS, reboot the server!


And, for future reference, the logs live here [IAS / Radius]:

Windows\System32\LogFiles\IN###.log




[æ]