Mysterious VPN Errors

From: Boris Nikolaevich (boris_at_nikolaevich.mailshell.com)
Date: 03/10/04

• Next message: Sharad Naik: "Re: New Router"
• Previous message: David P: "Win2k3 server MAC bridge does not forward packets"
• Next in thread: Jens-Peter Vraa Jensen: "Re: Mysterious VPN Errors"
• Reply: Jens-Peter Vraa Jensen: "Re: Mysterious VPN Errors"
• Reply: Phillip Windell: "Re: Mysterious VPN Errors"
• Messages sorted by: [ date ] [ thread ]

---

Date: Tue, 9 Mar 2004 22:03:56 -0800

Hi all,

I'm having a real headache of a time with VPN on Windows Server 2003. I
don't even know where to begin troubleshooting, but I'll give as much
relevant information as I can and hopefully you'll know what questions to
ask me so that I can add any additional information you need. Thanks for
taking the time to read and help!

The VPN Server (ZARYA) is Windows 2003.
The Domain Controller (VOSKHOD) is Windows 2003.
There is a workstation (SPUTNIK1) running Windows XP Professional.
The remote client (SPUTNIK2) is notebook Windows XP Professional.
All are members of the domain SOYUZ.

I added "VPN Server" as one of the server roles through the Manage Your
Server wizard on ZARYA.

I tested the VPN connection internally from SPUTNIK1 and had no problem
connecting, authenticating, and having the computer registered on the
network.

When I try to connect remotely with SPUTNIK2 (usually from home) I get one
of the following situations:
a) The connection is made successfully and authentication completes normally
b) The connection is made, but times out with the progress indicating
"Verifying username and password..."
c) The connection is made, and after several minutes at "Verifying username
and password..." I get a message that my credentials couldn't be verified.
After re-entering my username and password, connection and authentication
complete normally.
d) The connection is not made, with an error that the VPN server could not
be contacted.

Unfortunately, situation "a" happens infrequently and inconsistently. On
the server side, situations "b" and "c" produce one of the following entries
in the System log:

==============
Event Type: Warning
Event Source: RemoteAccess
Event Category: None
Event ID: 20049
Date: 3/9/2004
Time: 8:53:30 PM
User: N/A
Computer: ZARYA
Description:
The user connected to port VPN1-1 has been disconnected because the
authentication process did not complete within the required amount of time.
==============
Event Type: Warning
Event Source: RemoteAccess
Event Category: None
Event ID: 20189
Date: 3/9/2004
Time: 8:53:58 PM
User: N/A
Computer: ZARYA
Description:
The user SOYUZ\boris connected from 555.555.555.555 but failed an
authentication attempt due to the following reason: Authentication was not
successful because an unknown user name or incorrect password was used.
==============

Note that in every situation, I am entering the same (correct) username and
password.

One of the things I came across in trying to figure this out was the
suggesstion that error 20049 is often caused by firewall settings--i.e.
ports required for VPN are blocked by my firewall. While I've been pretty
aggressive about restricting unnecessary ports, I'm fairly certian that I've
got everything that needs to be open is open on my end, and my ISP (since
I'm connecting from home) swears that they're not blocking anything.
[Maybe, just as a favor, someone could verify the ports that I need to have
open on my office firewall, in case that's part of the problem.]

I've put a lot of effort into figuring this out, and I'm getting pretty
frustrated about the whole affair. Part of the problem is that I'm not a
network admin of any sort--I'm a developer, a programmer, an MCSD, a DBA...
you get the idea. This network is supposed to be my development and testing
environment. But administering the network is not just taking my time, it's
over my head!

Thanks for any assistance you can give.

--Boris Nikolaevich

---

• Next message: Sharad Naik: "Re: New Router"
• Previous message: David P: "Win2k3 server MAC bridge does not forward packets"
• Next in thread: Jens-Peter Vraa Jensen: "Re: Mysterious VPN Errors"
• Reply: Jens-Peter Vraa Jensen: "Re: Mysterious VPN Errors"
• Reply: Phillip Windell: "Re: Mysterious VPN Errors"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages RE: VPN issue on SBS2003 ... I understand that you encountered VPN connection issue when you use VPN to ... Internet clients or VPN to external VPN Server from SBS Client computers? ... Configure E-mail and Internet Connection Wizard ... Total GRE packets sent = 1 ... (microsoft.public.windows.server.sbs) Re: Cannot connect to the Internet ... My Windows 2000 pro PC is connected to the internet (Local Area ... Connection 2 Status icon shows "Connected" with a speed of 10.0 ... The master browser has received a server announcement from ... The DNS Client service could not contact any DNS servers ... (microsoft.public.mac.virtualpc) RE: PPTP VPN connection problems ... The problem is that the VPN does not disconnect. ... However after some idle period I can not send packets across the connection. ... A ping to the server would result in "Request timed out". ... If I connect with the VPN client locally to the internet ... (microsoft.public.windows.server.sbs) Re: VPN Ports to Open ... the VPN connection after you change the firewall before SBS. ... On the server, please stop the Routing and Remote Access service. ... Total GRE packets sent = 1 ... (microsoft.public.windows.server.sbs) Re: Windows 2003 VPN Default Gateway Issues ... Ethernet adapter Local Area Connection: ... If the VPN server is configured to use a static IP address ... the default gateway on the client is not the problem. ... (microsoft.public.windows.server.networking)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(17)