Re: SBS2003 SP1 outgoing pptp error 628
- From: "Wes" <theXYZtenor@xxxxxxxxxxxxx>
- Date: Wed, 31 Aug 2005 21:53:09 -0500
I just captured and looked at the packets in successful and unsuccessful
PPTP connections and it appears that the initiating system thinks it gets a
TCP Reset request.
Server: PPP CH Challenge
Client: PPP LC Identification
Client: PPP LC Identification
Then on the successful connection I see:
Server: PPP CH Response
On the Unsuccessful connection I see:
Client: TCP Reset Ack
I don't actually see a TCP Reset being sent from the server...
"Wes" <theXYZtenor@xxxxxxxxxxxxx> wrote in message
news:OAMBKqkrFHA.332@xxxxxxxxxxxxxxxxxxxxxxx
> I've been looking for a solution for a couple of weeks here and on other
> forums.
> I can pptp from outside into the server network just fine. But I can't
> pptp out. There is no hardware router in this network.
>
> I can successfully pptp into the destination networks just fine from other
> networks so I'm sure it is not the destination end issue.
>
> I get an error 628 immediately when trying to connect. I have access to 2
> sbs 2003/isa 2004 networks and have the same thing happen from both.
> Again, it doesn't appear to have anything to do with the external
> destination networks - and I've tried several.
>
> ISA 2004 has the going pptp rule set up and it looks ok.
>
> I did some additional investigation in the security event log on the
> destination server and this is what I found:
>
> The log entry has SYSTEM as the user whereas a successfull attempt has the
> actual user name entered in the PPTP connection. Also, the authentication
> package is different. I used default settings in both cases where I set up
> the outgoing pptp connectoid.
>
> The text of the login entry for the UNSUCCESSFUL attempt (SBS2003/ISA2004
> origination) is as follows:
>
> Successful Network Logon:
> User Name: DESTSERVER$
> Domain: DESTDOMAIN
> Logon ID: (0x0,0x9C13C46)
> Logon Type: 3
> Logon Process: Kerberos
> Authentication Package: Kerberos
> Workstation Name:
> Logon GUID: {stuff here}
> Caller User Name: -
> Caller Domain: -
> Caller Logon ID: -
> Caller Process ID: -
> Transited Services: -
> Source Network Address: 192.168.5.2
> Source Port: 29222
>
>
> The text of the login entry for the SUCCESSFUL attempt (from a mpm
> SBS2003/ISA2004 origination) is as follows:
>
> Successful Network Logon:
> User Name: username
> Domain: DOMAIN
> Logon ID: (0x0,0x9C1803B)
> Logon Type: 3
> Logon Process: IAS
> Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
> Workstation Name:
> Logon GUID: -
> Caller User Name: DOMAINSRV$
> Caller Domain: DOMAIN
> Caller Logon ID: (0x0,0x3E7)
> Caller Process ID: 1500
> Transited Services: -
> Source Network Address: -
> Source Port: -
>
> Wes
>
.
- References:
- SBS2003 SP1 outgoing pptp error 628
- From: Wes
- SBS2003 SP1 outgoing pptp error 628
- Prev by Date: Windows backup through ISA 2004
- Next by Date: RE: Windows backup through ISA 2004
- Previous by thread: SBS2003 SP1 outgoing pptp error 628
- Next by thread: Re: Simple VPN IPSec Windows Home to Windows XP Pro connection through NAT
- Index(es):
Relevant Pages
|
