The subject behavior generates an event log entry similar to:
Event type: Error
Event Source: IAS
Event ID: 3
Description: Access request for user DomainName\UserName was discarded.
Fully-Qualified-User-Name = DomainName\UserName
NAS-IP-Address = NASIPAddress
NAS-Identifier = NASIdentfier
Called-Station-Identifier = CalledStationIdentifier
Calling-Station-Identifier = CallingStationIdentifier
Client-Friendly-Name = ClientFriendlyName
Client-IP-Address = ClientIPAddress
NAS-Port-Type = NASPortType
NAS-Port = NASPortNumber
Reason-Code = 2
Reason = The service does not have sufficient access rights to process the request.
This behavior will occur if any of the following are true:
- The Windows 2000 IAS server authenticates to a Windows NT 4.0 member RAS or RRAS server in your domain, or a trusted Windows 2000 domain.
- The Windows 2000 IAS server authenticates to Windows 2000 remote access server in a Windows NT 4.0 domain that accesses user accounts in a trusted Windows 2000 domain.
1. Windows NT 4.0 must be running Service Pack 4 or later.
2. On your domain controller(s), open a CMD.EXE prompt and type the following command, followed by Enter:
net localgroup "Pre-Windows 2000 Compatible Access" everyone /add
3. Restart the domain controller(s).