PPTP Clients Cannot Connect to Windows 2000 PPTP Server

Article translations Article translations
Article ID: 266460 - View products that this article applies to.
This article was previously published under Q266460
Expand all | Collapse all


When a Microsoft Windows 2000 Server is configured as a Point-to-Point Tunneling Protocol (PPTP) server and PPTP clients from either Microsoft Windows NT, Windows 2000, or Windows 95 or 98 try to establish a PPTP session, they receive the following error message:
Error 649
Login failed: username, password, or domain was incorrect.
The Windows 2000 PPTP Server logs the following error message:
Event ID 20078
The account for user \username connected on port VPN3-127 does not have Remote Access privilege. The line has been disconnected.

Event ID 20189
The user Administrator connected from x.x.x.x but failed an authentication attempt due to the following reason: The user tried to connect using an unauthorized dial-in media.


To resolve this behavior, follow these steps:
  1. Start the Routing and Remote Access administrative tool.
  2. Expand the options under your Remote Access Service (RAS) server's name.
  3. Click Remote Access Policies, and then right-click and go to Properties on the default policy called Allow access if dial-in permission is enabled.
  4. Click Edit Profile.
  5. On the Dial-in Constraints tab, do one of the following:

    • Clear the Restrict Dial-in Media option.

    • Select Restrict Dial-in Media, and then select Ethernet and VPN from the list of options available.
  6. Click Apply, and then click OK.


Article ID: 266460 - Last Review: February 28, 2007 - Revision: 2.3
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
kbinfo KB266460

Give Feedback


Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com