Windows NT 4.0 Remote Access Service (RAS) Configuration Guide

Tyler Maginnis | January 21, 2024

Windows NT 4.0RASRemote AccessDial-upNetwork AccessSecurity

Need Professional Windows NT Server 4.0?

Get expert assistance with your windows nt server 4.0 implementation and management. Tyler on Tech Louisville provides priority support for Louisville businesses.

Call Now: (202) 948-8888 Email for Quote

Same-day service available for Louisville area

Windows NT 4.0 Remote Access Service (RAS) Configuration Guide

Introduction

Remote Access Service (RAS) enables Windows NT Server 4.0 to accept incoming dial-up connections and provide network access to remote users. This guide covers installation, configuration, security, and troubleshooting of RAS.

Understanding RAS

RAS Components

  • RAS Server: Accepts incoming connections
  • RAS Client: Dials into RAS servers
  • Protocols: PPP, SLIP (legacy)
  • Authentication: PAP, CHAP, MS-CHAP
  • Supported Connections: Modem, ISDN, X.25

Use Cases

  • Remote employee access
  • Branch office connectivity
  • Telecommuter support
  • Emergency access
  • Vendor connections

Installing RAS

Prerequisites

  • Windows NT Server 4.0
  • Modem or ISDN adapter
  • Available COM port or multiport card
  • Phone lines for dial-in

Installation Process

  1. Add RAS Service Control Panel → Network → Services → Add Select "Remote Access Service" Insert NT Server CD Click OK

  2. Detect Hardware

  3. RAS setup detects modems
  4. Or manually add devices

  5. Configure each port

  6. Port Configuration Remote Access Setup Add → Select Port (COM1, COM2, etc.) Configure → Usage: [ ] Dial out only [ ] Receive calls only [X] Dial out and Receive calls

  7. Network Configuration ``` Network → Configure

Protocols: [X] NetBEUI [X] TCP/IP [X] IPX

Encryption settings: [X] Allow any authentication including clear text [ ] Require encrypted authentication [ ] Require Microsoft encrypted authentication ```

Modem Configuration

  1. Install Modem Control Panel → Modems Add → Detect or manual selection Select COM port

  2. Modem Properties Maximum speed: 115200 (for 56K modems) [ ] Only connect at this speed [X] Enable hardware flow control [ ] Enable modem error control [ ] Enable modem compression

Configuring RAS Server

Basic Configuration

  1. Server Settings ``` Remote Access Admin → Server → Configuration

Total ports configured: 4 Ports in use: 0 Total Remote Access Clients: 0 ```

  1. Port Status Port Status User Started COM1 Inactive - - COM2 Inactive - -

Protocol Configuration

TCP/IP Settings

  1. IP Address Assignment ``` RAS Setup → Network → TCP/IP Configure

Allow remote TCP/IP clients to access: [X] This computer only [ ] Entire network

IP address assignment: [ ] DHCP server [X] Static address pool Begin: 192.168.100.1 End: 192.168.100.50 ```

  1. Client Settings [ ] Allow remote clients to request predetermined IP [X] Assign same IP to client each time

NetBEUI Configuration

Allow remote NetBEUI clients to access:
[X] This computer only
[ ] Entire network

IPX Configuration

IPX Network Number Assignment:
[X] Allocate automatically
[ ] Allocate same number to all clients
    Network Number: [________]

Security Configuration

Authentication Methods

  1. Configure Authentication ``` Network Configuration → Encryption settings:

[ ] Allow any authentication including clear text [ ] Require encrypted authentication [X] Require Microsoft encrypted authentication [ ] Require data encryption ```

  1. Authentication Protocols
  2. PAP: Password Authentication Protocol (clear text)
  3. CHAP: Challenge Handshake Authentication Protocol
  4. MS-CHAP: Microsoft encrypted authentication
  5. MS-CHAP v2: Stronger encryption (with SP4+)

User Permissions

  1. Grant Dial-in Permission ``` User Manager → User Properties → Dialin

[X] Grant dialin permission to user

Call Back: ( ) No Call Back ( ) Set By Caller ( ) Preset To: [phone number] ```

  1. RAS Groups Create groups for RAS users:
  2. RAS_Users
  3. RAS_Admins
  4. RAS_Callback

Callback Security

Benefits of callback: - Verifies user location - Reduces phone charges - Additional security layer

Configuration options: 1. No Callback: Standard connection 2. Set By Caller: User specifies number 3. Preset To: Fixed callback number

Managing RAS

Remote Access Admin Tool

  1. Start RAS Admin Start → Programs → Administrative Tools → Remote Access Admin

  2. Monitor Active Users ``` Shows:

  3. Connected users
  4. Connection time
  5. Port usage

  6. Protocol information ```

  7. Disconnect Users

  8. Select user
  9. Server → Disconnect User
  10. Or send message before disconnect

Port Management

  1. View Port Status ``` Communication Ports shows:
  2. Port name
  3. Status (Active/Inactive)
  4. Connected user

  5. Duration ```

  6. Reset Port

  7. Select port
  8. Port → Reset
  9. Clears hung connections

Logging and Auditing

  1. Enable Logging Registry: HKLM\System\CurrentControlSet\Services\RemoteAccess\Parameters Logging = 1 (Enable)

  2. Log File Location ``` %SystemRoot%\System32\RAS\

  3. DEVICE.LOG (Modem commands)

  4. PPP.LOG (PPP negotiation) ```

  5. Event Log Entries Monitor System Log for:

  6. Service start/stop
  7. Authentication failures
  8. Connection errors

RAS Client Configuration

Windows NT/95/98 Clients

  1. Create Phonebook Entry Dial-Up Networking → New Name: Corporate RAS Phone Number: 555-1234 Device: Standard Modem

  2. Configure Protocols Server Type → Dial-Up Server Type Type: PPP Protocols: [X] NetBEUI [X] IPX/SPX Compatible [X] TCP/IP

  3. TCP/IP Settings TCP/IP Settings: [X] Server assigned IP address [X] Server assigned name server addresses [ ] Use IP header compression [ ] Use default gateway on remote network

Security Settings

  1. Authentication Security → Authentication [X] Accept any authentication including clear text [ ] Accept only encrypted authentication [ ] Accept only Microsoft encrypted authentication

  2. Data Encryption [ ] Require data encryption

Advanced Configuration

For combining multiple lines:

  1. Enable Multilink RAS Properties → Enable Multilink

  2. Configure Channels

  3. Add multiple modems
  4. Configure for same phone number
  5. Set bandwidth allocation

RADIUS Authentication

For centralized authentication:

  1. Install RADIUS Client
  2. Third-party solution required
  3. Configure RADIUS server IP

  4. Set shared secret

  5. Benefits

  6. Centralized user management
  7. Detailed accounting
  8. Multiple RAS server support

Virtual Private Networking (PPTP)

Basic VPN with PPTP:

  1. Install PPTP Network → Protocols → Add Point to Point Tunneling Protocol Number of Virtual Private Networks: 5

  2. Configure RAS for PPTP Remote Access Setup Add → VPN1-RASPPTPM Configure for incoming only

  3. Security Considerations

  4. Use MS-CHAP authentication
  5. Enable encryption
  6. Limit network access

Performance Optimization

Hardware Considerations

  1. Modem Pool Design
  2. Use identical modems
  3. External modems for easier management
  4. Consider multiport serial cards

  5. Digital lines (ISDN/T1) for high volume

  6. Server Specifications

  7. Pentium processor minimum
  8. 64 MB RAM + 1 MB per connection
  9. Separate disk for logs
  10. Quality serial ports

Network Optimization

  1. Protocol Selection
  2. Use single protocol when possible
  3. TCP/IP most efficient

  4. Disable unnecessary protocols

  5. Compression Settings

  6. Enable software compression
  7. Hardware compression in modems
  8. Balance CPU vs. bandwidth

Connection Pooling

For ISPs and large deployments:

Create modem pools:
- Hunt groups from telco
- Rotary configuration
- Load balancing

Security Best Practices

Access Control

  1. Limit RAS Access
  2. Only grant to required users
  3. Use RAS-specific groups

  4. Regular access reviews

  5. Strong Authentication

  6. Require MS-CHAP minimum
  7. Consider two-factor (callback)

  8. Complex password requirements

  9. Network Restrictions ``` Options:

  10. This computer only
  11. Specific network segments
  12. No NetBIOS browsing ```

Monitoring

  1. Regular Auditing
  2. Review connection logs
  3. Check for unusual patterns

  4. Monitor failed authentications

  5. Alerts

  6. Configure Performance Monitor alerts
  7. Script to check active connections
  8. Email notifications for events

Security Checklist

  • [ ] Disable PAP authentication
  • [ ] Enable encryption requirements
  • [ ] Configure callback where appropriate
  • [ ] Limit simultaneous connections
  • [ ] Regular password changes
  • [ ] Monitor logs daily
  • [ ] Test incident response

Troubleshooting RAS

Common Connection Issues

Error 629: Connection Dropped

Causes: - Line quality issues - Incorrect modem settings - Authentication problems

Solutions: 1. Check phone line quality 2. Reduce modem speed 3. Update modem drivers 4. Verify authentication settings

Error 691: Authentication Failed

Causes: - Incorrect credentials - No dial-in permission - Account restrictions

Solutions: 1. Verify username/password 2. Check dial-in permissions 3. Review account status 4. Check authentication protocols

Error 678: No Answer

Causes: - Wrong phone number - RAS service not running - Modems not answering

Solutions: 1. Verify phone number 2. Check RAS service status 3. Test modems manually 4. Review port configuration

Diagnostic Tools

  1. Device.log Analysis Enable: Set Logging=1 in Registry Location: %SystemRoot%\System32\RAS\DEVICE.LOG Shows all AT commands and responses

  2. PPP.log for Protocol Issues Enable: Set Logging=1 in Registry Shows PPP negotiation details Useful for protocol mismatches

  3. Network Monitor

  4. Capture RAS traffic
  5. Analyze authentication
  6. Check protocol negotiation

Performance Issues

Slow Connections

  1. Check line quality
  2. Verify modem settings
  3. Review compression settings
  4. Monitor server resources

Frequent Disconnections

  1. Set idle timeout appropriately
  2. Check for line noise
  3. Update modem firmware
  4. Review error correction settings

Best Practices Summary

  1. Planning
  2. Size appropriately for users
  3. Plan for growth
  4. Consider backup connections

  5. Document configurations

  6. Security

  7. Use strongest authentication available
  8. Implement callback where possible
  9. Regular security audits

  10. Monitor all connections

  11. Maintenance

  12. Regular log reviews
  13. Test failover procedures
  14. Update modem firmware

  15. Monitor performance metrics

  16. User Support

  17. Create setup documentation
  18. Provide client configuration files
  19. Establish help desk procedures
  20. Train support staff

Conclusion

RAS provides essential remote connectivity for Windows NT 4.0 networks. Proper configuration ensures secure, reliable access for remote users while maintaining network security. Regular monitoring and maintenance keep the service running smoothly. As technology evolves, consider migration paths to VPN solutions for enhanced security and functionality.