SYSTEM ADMINISTRATION Chapter 12 Remote Access Protocols, Services, and Troubleshooting Understanding Remote Access • Remote access is the process of gaining access to some type of network remotely, or from a distant location. • Once the user is authenticated, he or she may or may not be required to log on a second time through the appropriate network client, i.e., the Novell Client for NetWare Networks or the Microsoft Client for Microsoft Networks. • Once users are authenticated, they have access to network resources, just like any other network client. • When using remote access, there are two components to consider: the remote access server and the remote access client. Remote Access Server (RAS) • Almost all major manufacturers of networking operating systems, such as Microsoft and Novell, make a remote access component that can be installed on their servers. • Once it is installed and configured, remote access clients have the ability to connect to the server and then access the network. RAS Installation • When you install the Routing and Remote Access Service (RRAS) on a Windows 2000 server, you enable support for both multiprotocol routing and remote access. • The multiprotocol routing component enables the server to act as a static router, making routing decisions for the AppleTalk, IPX, and IP protocols, through manually configured routing tables. RAS Configuration • Once the advanced RRAS service has been successfully completed, you have the option of making changes to the server’s configuration. Security • The Security screen determines the type of authentication that will be provided for dial-up clients. • You can also choose the authentication method that you want to use. Some examples are: – Extensible Authentication Protocol (EAP) – Microsoft Encrypted Authentication version 2 (MSCHAP v2) – Microsoft Encrypted Authentication (MS-CHAP) – Encrypted authentication (CHAP) – Shiva Password Authentication Protocol (SPAP) – Unencrypted password (PAP) • You may also choose to allow clients to connect without authentication. • The exact authentication method you choose will be determined the type of client that is connecting, the protocols used, etc. IP • The IP property sheet allows you to enable IP routing along with several other IP-based options. PPP • At the PPP screen, you can enable an RRAS server to support the Point-to-Point Protocol (PPP), and set several other options. • Multilink allows you to connect multiple adapters to multiple lines in order to take advantage of the bandwidth of more than one line. If you want to use multilink over a dial-up connection, the following rules apply: – The ISP you are dialing into must support the synchronization of multiple modems. – You will need to install multiple modems – You will need to plug a separate phone line into each modem. • An exception to this rule is ISDN. One ISDN adapter can act as more than one device because ISDN includes two 56-Kbps B channels. (continued) PPP (continued) • Each of these channels can be used independently of the other, essentially creating two separate physical devices. • A multilink connection can be used to combine multiple ISDN B channels of a basic rate interface (BRI) connection. • You may also select to use Bandwidth Allocation Protocol (BAP) and Bandwidth Allocation Control Protocol (BACP) to allow for dynamic control of the multilink bandwidth. – Both BAP and BACP are able to adapt to changing bandwidth conditions. BAP provides all of the parameters necessary to allow the client and server to negotiate when using multilink. Event Logging • The Event Logging Properties dialog box allows you to determine whether or not errors and warnings should be logged and the amount of information that is logged by each. • You can also enable or disable the logging of PPP events. Remote Access Client • From a hardware point of view, the client must have a modem installed and the modem must be connected to a phone line. • Once these physical requirements are met, a dial-up connection is established using system-supplied software. • Your dial-up connection has a number of properties that can be changed to help connect to an RRAS server. (continued) Remote Access Client (continued) Examples include: – General • Allows you to change the area code or phone number that is being dialed. – Options • Can be used to change dialing and redialing options. – Security • Used to set security validation options, such as using an unsecure versus a secure password for logon. (continued) Remote Access Client (continued) – Networking • Displays the networking components, such as clients, protocols, and services, that are being used to make the connection to the RRAS server. – Sharing • Allows you to enable and disable Internet connection sharing. Serial Line Internet Protocol (SLIP) • For the RRAS server and client to communicate with each other, they must use a protocol. • SLIP is a TCP/IP-based protocol that allows the client and server to talk with each other. • SLIP connections are now an older technology with many limitations. • SLIP is being replaced by a newer technology, the Point-to-Point Protocol (PPP). Point-to-Point Protocol (PPP) • Point-to-Point Protocol (PPP) is also a serialcommunications based protocol that allows a dial-up client to access an RRAS server. • PPP provides error-checking features that SLIP does not, and it has the ability to share a data line. • PPP can handle synchronous and asynchronous communications. (continued) Point-to-Point Protocol (PPP) (continued) • PPP has the added advantage of allowing you to use more than one protocol. While SLIP can only transport TCP/IP traffic, PPP can transport TCP/IP, IPX/SPX, and even AppleTalk traffic. • All of these protocols can be transported at the same time using PPP’s multiprotocol transport mechanism. • PPP also provides additional security through the use of both Password Authentication Protocol (PAP) and Challenge-Handshake Authentication Protocol (CHAP). Point to Point Tunneling Protocol (PPTP) • The Point-to-Point Tunneling Protocol (PPTP) was designed as a more secure way of transmitting messages across the Internet. • PPTP is commonly used to create virtual private networks (VPNs). Independent Computing Architecture (ICA) Protocol • Independent Computing Architecture (ICA) is a Presentation layer protocol that allows any Microsoft Windows client to act as a thin client. • That means that the client computer, even though it has a hard drive and its own processing power, connects to a central server, which actually runs the application. • All keystrokes and mouse movements and strokes on the client are transmitted to the server, where they are executed. • The server responds by sending screen updates back to the client computer. These screen updates are displayed in one or more windows on the client PC. Troubleshooting RAS Problems • The important thing to remember about the RAS environment is that standard networking rules apply. • This means that the client computers must have some type of network adapter, in this case a modem. • The client computer must be running the appropriate client software and network protocol. Troubleshooting Authentication Failure • When an authentication failure occurs, always ensure you are typing the correct user name and password. • Although user names are generally not case sensitive, passwords are, so make sure the Caps Lock key is not engaged and try again. • If you are still unable to authenticate, check with the server administrator to make sure your account has not been locked out or changed in any way. • Have the administrator reset the password and try again. • Another area to check is the type of security and protocols that are being used. • The client and the server must be able to speak the same language in order to authenticate your request to logon to the server. • Make sure you have physical connectivity to the server. Troubleshooting Protocol Configuration • Since one of the primary uses of RRAS is to enable Internet connectivity, all RRAS servers will generally use the TCP/IP protocol. • Therefore, the TCP/IP protocol must be installed on the client computer. • You may or may not be required to manually configure your TCP/IP addressing parameters. If you are, the standard rules concerning address class, subnet mask, etc., must be followed. • The information must be entered correctly into the correct boxes and all settings, to include DNS servers, must be assigned. (continued) Troubleshooting Protocol Configuration (continued) • In cases where you are required to statically or manually assign IP addressing information, your ISP should provide you with written instructions. • Today, most ISPs will assign IP addresses to client computers dynamically. That means that when you log on to the RRAS server, the server will pass all of the addressing parameters to the client. • The client must still have the TCP/IP protocol installed and it must be configured to automatically accept IP addressing. • You may also be required to configure the client software on the computer to designate if the computer belongs to a Windows domain or workgroup. Troubleshooting Physical Connectivity • If your dial-up connection was working correctly and suddenly stopped, begin by conducting some simple checks of the modem and phone line. • Although features vary from brand to brand and model to model, most modems contain one or more lights that will give you an idea whether the problem is with the modem, the telephone line, or the computer. (continued) Troubleshooting Physical Connectivity (continued) • Some of the status lights that are common on most modems include: – Activity – TX and RX • If the lights are not lit, check the Device Manager utility to ensure the network card is configured correctly. • Check the status of the adapter to ensure it is functioning correctly. • Finally, check the telephone wiring at your home or office.