Server 2003 VPN EAP problem

my config:

server1 - dns on it, ca stand alone, no ad

server2 - rras, vpn server running

client - xp

 

scenario:

on server2 installed ca chain server1 in trusted root certification authorities. certificate machine in personal storage eku "server authentication"

on client, situation similarly, ca chain , certificate machine eku "client authentication"

 

problem:

client won't connect server2 vpn eap (md5 , certificate). error 691:access denied because username and/or password invalid on domain

 

by vpn pptp , l2tp , ms-chapv2  client connecting succesfully. so, i'am doing wrong?

there no ad. user 'test' in local sam on server2, dial-in option enabled. on rras options server2 eap enabled

 

 

 

 

 

 

 

 

 

 

 

 

 

 

do use username or computername\username when hit issue? can try computername\username?

---

clarification: microsoft doesn't own liability & responsibility of posting.

Windows Server  >  Network Infrastructure Servers