Re: VPN error 678

To resolve this issue, make sure that the PPTP clients establish the
connection to the first IP address that is bound to the PPTP server's public
network interface. Also make sure that you configure the default gateway on
the server to the interface that receives the connection attempt. Typically,
the public network interface receives the connection attempt in this
scenario.

If your PPTP server runs later version of Windows 2000 Service Pack 4 (SP4)
or Windows Server 2003, and multiple IP addresses are bound to the public
network interface, the server replies by using the same IP address that the
client computer sent the request for connection to. For more information
about change in IP address, click the following article number to view the
article in the Microsoft Knowledge Base:
810839 (http://support.microsoft.com/kb/810839/) VPN client cannot establish
a connection after you install a service pack
If your PPTP server is running Windows 2000 SP4, and a PPTP client tries to
connect to the second IP address that is bound to the public network
interface, the PPTP server replies by using the first IP address that is
bound to the public network interface.

This issue may occur, depending on the configuration of your PPTP server
that uses Windows NT Load Balancing Service (WLBS) or Network Load
Balancing. The PPTP server that uses Windows 2000 SP4-or-later may work as
expected, regardless of the configuration. For more information, click the
following article number to view the article in the Microsoft Knowledge
Base:
810839 (http://support.microsoft.com/kb/810839/) VPN client cannot establish
a connection after you install a service pack
This issue may also occur if you publish the PPTP server behind a firewall
or a router. If you configure the firewall or the router incorrectly, the
source IP address for PPTP reply packets may differ from the address that is
received. To resolve this issue, configure the firewall or the router so
that the source of the PPTP reply packets is the same IP address that the
PPTP clients use. PPTP communication is made up of TCP port 1723 and of the
Generic Routing Encapsulation (GRE) protocol (IP protocol 47).

MORE INFORMATION
Windows 95, Windows 98, Windows Me, and Windows NT 4.0 do not permit a PPTP
connection to be completed if the PPTP server replies by using a different
IP address.

Windows 2000 and Windows XP-based PPTP client computers permit connections
if either Internet Connection Sharing or Internet Connection Firewall (ICF)
is in use on the client. When you install Windows 2000 SP4 or Windows XP SP1
on your PPTP client, the client cannot connect to the PPTP server that
replies by using a different IP address.

If you want your PPTP client that is running either Windows XP SP1 or
Windows 2000 SP4-or-later to permit a connection to a PPTP server that
replies with a different IP address, you must turn off PPTP address
validation. To do so, follow these steps. Warning Serious problems might
occur if you modify the registry incorrectly by using Registry Editor or by
using another method. These problems might require that you reinstall your
operating system. Microsoft cannot guarantee that these problems can be
solved. Modify the registry at your own risk.
1. Click Start, and then click Run.
2. In the Open box, type regedit, and then click OK.
3. Locate the following subkey, where <000x> is the network adapter
for the WAN Miniport (PPTP) driver:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\\{4D36E972-E325-11CE-BFC1-08002bE10318}\<000x>
4. On the Edit menu, point to New, and then click DWORD Value.
5. Type ValidateAddress, and then press ENTER.

Note By default, the Data value is 0 (Off).
6. Quit Registry Editor.
7. Restart your computer.


Friendly
Anna


.

Relevant Pages

  • Re: Defeating Firewalls: Sneaking Into Office Computers From Home
    ... > about security and network policies. ... desktop with a PPTP Connection icon and a Remote Desktop Icon. ... connection, they click the PPTP Icon, enter a user/password that is NOT ... If they authenticate with the firewall properly they double click the RD ...
    (comp.security.firewalls)
  • Re: How can I tell if a PPTP connection is initiated?
    ... re-installing the VPN or dial in connection, you still get the same problem. ... Also make sure that the router has the PPTP ... > Trying to get a VPN connection to work from outside our network. ...
    (microsoft.public.win2000.ras_routing)
  • PPTP Connection sharing behind NAT
    ... I would like to set up a Linux machine to route connections over a PPTP connection to a secondary ISP inside a pre-existing network, so that internal machines generally use the "standard" ISP connection, and others can be configured to use the Linux machine's PPTP connection as a gateway/tunnel for their internet access. ...
    (Security-Basics)
  • RE: Cannot create a VPN connection using PPTP from 2003 Server
    ... Run this command to install the WAN Miniport: ... If I pass a bad username or password the connection asks for the correct ... another server on the Internet by creating a VPN connection. ... connection uses PPTP and has been running fine until recently. ...
    (microsoft.public.windows.server.networking)
  • RE: PPTP VPN connection problems
    ... We have a tool called PPTPping, it may help you to narrow down the GRE 47 ... we will use PPTP Ping utility to determine whether any hardware ... | Thread-Topic: PPTP VPN connection problems ...
    (microsoft.public.windows.server.sbs)