Login Problems with RAS in Windows


The information in this article applies to: NOTE: although this article follows traditional structure of MSDN articles, it is not affiliated with MSDN in any way.

Symptoms

When you connect to remote network via RAS, connection is established successfully, but you get "access denied" error whenever you try to access any shares on remote network, including the shares on the RAS server itself.

Cause

When you log on to a Windows NT or Windows 2000 system you always specify user name and password (collectively known as credentials), or they are automatically specified for you by autologon (see Microsoft KB articles Q97597 and Q234562)

On Windows 98 the situation is more complicated: you may or may not specify credentials when you log on. Depending on system configuration the system may or may not ask for user name and password during startup. But even if the system asks you for credentials you can always dismiss the user name/password dialog by pressing the ESC key. In this case you will work without any credentials. Windows 98's TweakUI package also has autologon capability.

If you are using Windows 98 system without credentials, and your system is on a network, you cannot neither browse the network nor access network resources.

When you configure a RAS connection, you specify credentials for this connection. We shall call them RAS credentials. When dial up to a RAS server, the server uses RAS credentials to verify that you indeed have a right to make connection. If you don't, you will be disconnected.

The sticky point is that your original Windows credentials, not RAS credentials are used when you try to access resources on remote network! Usually, these credentials may not be valid on remote network and consequently access to network shares may be denied.

If you did not have any credentials at all (which is possible only on Windows 98), the system will prompt you for user name and password when you try to access a remote share or browse remote network for the first time.

More Details

Even if your system and remote system use the same user name and password, it does necessarily mean that remote system will recognize your credentials as valid. It depends on the following factors:

If your system is not in the domain and remote system is, access will be denied even if user name and passwrd on both systems are the same.

Resolution

Windows NT and 2000

With Windows NT/2000 you can manually specify user name and password when you connect to remote computer.

Method 1.
Open "Network Neighborhood" window (it's "My Network Places" in Windows 2000). You can browse the network even if you don't have correct credentials. When you click on a computer and access to that computer is denied, Windows presents "connect as" dialog. Enter "domain\user" for user name (without quotation marks; e.g. mydomain\ivan) and your password for password. If domain name, user name and password are correct, you will be allowed to use shares on that particular computer. You will have to repeat the procedure if you want to work with another remote computer.

Method 2.
Start cmd.exe (Start->Run->cmd.exe). On the command line type

net usedrive: \\computer\share /user:domain\user *

You will be prompted for the password and connected to remote share. E.g.:

net use z: \\myserver\docs /user:mydomain\ivan *

If you don't know share name and would like to see available shares on remote computer, you can give the following command:

net use \\computer\ipc$ /user:domain\user *

After this command is completed, remote computer is available for browsing. You can either open it from "Network Neighborhood" window (as in method 1 above), or view its shares by typing the following command:

net view \\computer

ipc$ is a special non-disk share used for communication between Windows systems. IPC stands for "inter-process communication".

Windows 98

Unfortunately, Windows 98 does not allow you to specify user name neither in "connect as" dialog nor in "net use" command.

Before using RAS you must make sure you are logged on to Windows 98 without any credentials at all. This way you will be able to specify correct credentials for remote domain.

Logoff from your currect Windows session: choose "Logoff user" from Start menu. When Windows asks you for user name and password, press ESC to logon without credentials. If you have autologon, press and hold right SHIFT key to temporary disable autologon.

If you don't have "Logoff" item in Start menu, it means that you already don't have any credentials, so you should not do anything.

When you dial up into your RAS server, you will have to type in your password twice: first time for the RAS and second time for remote network authentication.