This article was previously published under Q299684
When you set up Internet Authentication Service (IAS) for Routing and Remote Access service (for either virtual private network [VPN] or dial-up traffic), the client computers may receive the following error message:
Error 930: The authentication server did not respond to authentication requests in a timely fashion.
On the Routing and Remote Access server, the following error message may be reported:
Description: A request was received from the invalid client IP Address IP_Address.
This behavior can be caused by either of the following conditions:
The default path to the Remote Access log file has been changed or is not valid.
The Routing and Remote Access server has not been set up as a Remote Authentication Dial-In User Service (RADIUS) client in the IAS Microsoft Management Console (MMC).
To resolve this behavior, use the appropriate method.
Change or verify the path of the Routing and Remote Access log folder
The local System account must have write permission to the new folder. The default path is %systemroot%\System32\LogFiles.
Start the Routing and Remote Access console.
Right-click Route Access Logging, and then click Properties.
Click the Local File tab.
Change or verify the path of the Routing and Remote Access log folder.
Add the RADIUS clients
Click Start, click Control Panel, double-click Administrative Tools, and then click Internet Authentication Service.
Right-click Clients, and then click New Client.
In the Friendly Name field, enter a descriptive name.
In Protocol, click RADIUS, and then click Next.
In the Client Address (IP or Domain Name System [DNS]) field, enter the DNS or IP address for the client. If you use a DNS name, click Verify. In the Resolve DNS Name dialog box, click Resolve, and then select the IP address that you want to associate with that name from "Search Results."
If the client is a network access server (NAS) and you plan to use NAS-specific remote access policies for configuration purposes (for example, a remote access policy that contains vendor-specific attributes), click Client Vendor, and then click the name of the manufacturer. If you do not know the name of the manufacturer or the name is not on the list, click RADIUS Standard. If the RADIUS client is running either Microsoft Windows NT Server or Windows 2000 Server with Routing and Remote Access service, click Microsoft.
In the Shared Secret field, enter the shared secret for the client, and then enter it again in the Confirm Shared Secret field.
If your NAS supports using the signature attribute for verification (with Password Authentication Protocol [PAP], Challenge-Handshake Authentication Protocol [CHAP], or Microsoft Challenge-Handshake Authentication Protocol [MS-CHAP]), click to select the Client must always send the signature attribute in the request check box.
NOTE If the NAS does not support the signature attribute for PAP, CHAP, or MS-CHAP, do not click the previous option.