Re: VPN Connection Failure

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Jim (Jim_at_discussions.microsoft.com)
Date: 02/18/05 

Date: Fri, 18 Feb 2005 13:37:05 -0800

"Joe" wrote:

> In message <70EFA3DA-E7F8-410A-A6E2-D92189A97A60@microsoft.com>, Jim
> <Jim@discussions.microsoft.com> writes
> >I am having difficulty resolving a VPN connection error. When attempting to
> >establish a VPN connection, the client shows that it has contacted the server
> >and is attempting to authenticate the user ID and password (PPP).
> >
> >It eventually times out and fails/retrys in a continuous loop.
> >
> >From the server, I can watch the connections as see that the VPN connector
> >in question is active. It starts with a state of "listening" and then
> >changes, showing an attempted connection.
> >
> >I have tried to enable logging (errors) but don't see anything. The user
> >profiles have dial-in access enabled and are members of the "mobile" group.
> >
> >When the client is in my local domain, it connects without any problem.
> >This issue only occurs outside the firewall. I know what you are thinking -
> >the firewall is the issue, but this still occurs when I turn the firewall
> >off. I have the ports indicated in the documentation turned on and forwarded
> >to the server's IP and, to ensure this, I have also enabled PnP
> >configureation of the firewall by the SBS internet connection wizard. It's
> >not the firewall (unless there is something way down in the weeds that I
> >missed).
> >
> Quick shot in the dark: does the client have a network interface set to
> use the same IP subnet as the SBS LAN? If so, routing won't work so
> nothing gets sent up the link. Call up the connection status display as
> soon as possible after the link comes up and look at the IP addresses.
> Compare with 'ipconfig /all' on the client.

the subnet mask is 255.255.255.0 for all computers involved. Additionally,
the configuration wizard for remote access in SBS defaults to using a server
assigned, dynamic IP address for the client using RAS. Would this type of an
error be a minconfiguration in how the dynamic address is assigned?

>
> The other classic cause of 'connection made, no authentication' is that
> the TCP/IP connection over port 1723 is working, but not the GRE
> protocol 47 connection. PPTP only needs the first to make a connection,
> but needs the second to actually pass data, including authentication
> negotiations.
>
Both ports are enabled and forwarded through the firewall to the IP address
of my SBS.

> >This issue only occurs outside the firewall. I know what you are thinking -
> >the firewall is the issue,
>
> Apart from IP routing issues, this *is* a rational conclusion. Apart
> from the firewall's behaviour, you're on a different IP subnet than when
> connected locally. It seems very likely that one of the two factors is
> to blame. When you say 'turn the firewall off' are you sure it's passing
> everything?
>
It is a linksys firewall/router and I have tried setting the firewall to
"off" and I receive the same result. Also, the firewall settings on the LAN
and WAN adapters within the SBS server are off.

> >Any ideas or recomended approaches to resolve this issue?
> >
> The firewall is usually the best line of attack, even if it isn't likely
> to be the cause of the problem. Does it keep a log of connections, and
> can you deduce anything from that? A firewall or router which can be
> configured to log particular port traffic or protocols while passing
> them is extremely useful in this situation.

I will try logging at the firewall, thanks for the idea. BTW, the error I
receive at the client is a "721" error: the remote computer did not respond
to the connection request.

> --
> Joe
>

Relevant Pages

  • Re: .Net Scalability problem
    ... LoadRunner will peak out a server with a few virtual users. ... To get an idea of load, ... Fire off the test client and watch the number of ... > So I think that the MTC generate concurrent connection and per ...
    (microsoft.public.dotnet.framework.adonet)
  • Re: Connection lost at same time every hour (sometimes)
    ... After making the two following alterations on the server the problem seems ... After analyze your ipconfig on SBS and client, ... Then, other connection is good, ...
    (microsoft.public.windows.server.sbs)
  • Re: server disconnection - very often
    ... Reason of permanent popups is VMware server aplication on clients. ... Run CEICW to configure the network of SBS: ... Two network adapters - manual router connection to broadband ... Uninstall VMware on client. ...
    (microsoft.public.windows.server.sbs)
  • Re: Lan setup 2 nic
    ... The external nic only has TCP/IP enabled. ... Ipconfig of the server is looking good, but the client is still missing the ... > connection so we have a 2 nic with router setup now. ...
    (microsoft.public.windows.server.sbs)
  • Re: Regular disconnections from remote web workplace
    ... I can connect to office server and all office clients from home at all times ... be physically working right up until the connection is lost. ... If I enter http://companyip from a client I receive the login screen for the ... Click Services tab and select Hide All Microsoft Services and Disable ...
    (microsoft.public.windows.server.sbs)