If your Windows 2000 RRAS server frequently disconnects clients before authentication is successful, you may wish to extend the the authentication time limit. To do so, use Regedt32 to navigate to:
Edit or Add Value name AuthenticateTime, a REG_DWORD data type. The valid range is 20 - 600 seconds, using the Decimal Radix, and the default is 120 seconds.
NOTE: You can use the Max time limit for authentication Group Policy at
Computer Settings\Software Policies\Windows NT Remote Access.
NOTE: You must stop and restart RRAS for the change to become effective.
You may also wish to adjust the number of authentication attempts. By default, the RRAS server attempts to authenticate the user 2 times. You can set AuthenticateRetries, a REG_DWORD data type, to a number between 0 and 10 (Decimal).
NOTE: AuthenticateRetries can be set using the Max number of unsuccessful authentication retries Group Policy.