RE: another VPN problem, arror 721/800

---

• From: v-natliu@xxxxxxxxxxxxxxxxxxxx (Nathan Liu [MSFT])
• Date: Tue, 14 Jun 2005 10:05:00 GMT

---

Hello Raymond,

Thank you for posting in the SBS newsgroup.

According to your description, I understand that you received the error
message 721/800 when you try to access the SBS Server via VPN. If I have
misunderstood your concern, please don't hesitate to let me know.

To narrow down this issue, please answer and perform the following
questions and steps below:

1. As you mentioned, you got it running a long time ago with an XP SP1
machine, but now you cannot correctly use VPN on an other Windows XP SP2.
Please try to disable the Windows Firewall on the Windows XP SP2 computer
and any other third-party firewall softwares, then try again. Please check
if the issue can be re-produced.

2. Please use more computers to test if it correctly work at internal or
external.

3. Since you received the error message 721, the error 721 means that your
router or ADSL Modem is not passing through the GRE-protocol (47) to your
server. Please double-check this configuration. In addition, I suggest you
need to upgrade the ADSL Modem firmware, and then try again. Please check
if the issue can be re-produced.

4. There are two NIC installed on the SBS server. If you directly connect
a workstation to the external NIC, manually configure the IP address of
workstation (make sure that the workstation IP and the server external IP
are in the same subnet) and then manually create a VPN dial entry. Can you
establish the VPN session?

5. Please refer to the following information to check the ADSL Modem
configuration:

Generally speaking, the following ports should be opened:

TCP 25 This port is used for incoming SMTP traffic. If you are using POP3
connector, it's not necessary to open this port.
TCP 110 This port is used for POP3 mail clients. If there is no external
POP3 mail user, it's not necessary to open this port.
TCP 443 SSL for OWA, RWW sites
TCP 444 SSL for Companyweb
TCP 4125 Remote Web Workplace
TCP 3389 Terminal services
TCP 1723 PPTP VPN connection
GRE port (protocol number 47) This port is used for incoming PPTP VPN
connection.

6. We also can use the PPTP Ping tool included in Windows XP Support tools
to check whether the ports are opened to allow VPN connection. You can find
Windows XP support tool from the "Support\Tools" folder in the Windows XP
CD.

a) Get two utilities pptpsrv.exe and pptpclnt.exe from the Windows XP
support tools.

b) Run the pptpsrv.exe utility on the SBS server.

c) Run the pptpclnt.exe utility on the problem Windows XP
Professional-based computer. I assume that the IP address of the VPN server
is 202.123.123.1, you need to run the command "pptpclnt 202.123.123.1".

d) Input a string to perform a test.

Both utilities can check if the TCP 1723 is opened on all devices from
computer A and computer B. They can also check if IP Protocol 47 can be
transferred from the computer A and computer B.

In addition, I suggest that you refer to the following KB articles to check
this issue:

319108 Error Message: VPN Connection Error 800: Unable to Establish
Connection
http://support.microsoft.com/?id=319108

888201 You receive an "Error 721" error message when you try to establish a
VPN
http://support.microsoft.com/?id=888201

241251 VPN Tunnels - GRE Protocol 47 Packet Description and Use
http://support.microsoft.com/?id=241251

How to configure a connection to a virtual private network (VPN) in Windows
XP
http://support.microsoft.com/default.aspx?kbid=314076

825763 How to configure Internet access in Windows Small Business Server
2003
http://support.microsoft.com/?id=825763


If the issue still persists, please help me collect the following
information for further troubleshooting:

1. Please help me describe the network topology in detail.

2. Please locate the Icwdetails.htm file from
%sbsprogramdir%\Networking\ICW folder, copy all contexts in the file and
paste it in your reply.


I'm looking forward to your update. If you have any questions or concerns,
please do not hesitate to let me know. I am always happy to be of further
assistance.

Best regards,

Nathan Liu (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
>Thread-Topic: another VPN problem, arror 721/800
>thread-index: AcVwVcqCzdwe9Nq4TOuZ4o/p8ebeqA==
>X-WBNR-Posting-Host: 80.127.28.146
>From: "=?Utf-8?B?UmF5bW9uZA==?=" <Raymond@xxxxxxxxxxxxxxxxxxxxxxxxx>
>Subject: another VPN problem, arror 721/800
>Date: Mon, 13 Jun 2005 13:23:42 -0700
>Lines: 15
>Message-ID: <49E17FEA-CBB3-4926-85E7-8140743CA3DD@xxxxxxxxxxxxx>
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="Utf-8"
>Content-Transfer-Encoding: 7bit
>X-Newsreader: Microsoft CDO for Windows 2000
>Content-Class: urn:content-classes:message
>Importance: normal
>Priority: normal
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>Newsgroups: microsoft.public.windows.server.sbs
>NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:126979
>X-Tomcat-NG: microsoft.public.windows.server.sbs
>
>Hi all,
>
>Again someone with that 721/800 vpn problem :(
>
>I have a speedtouch 510i adsl modem. Port 1723 is forwarded to my ext NIC.
>Via telnet, nat create, i added protocol GRE to the modem. I ran the CEICW
>again, selected VPN, and also the RRAS wizard. I tried to run VPN inside
the
>LAN and it didnt work. I didnt work remotely as well. Anyone with another
>pointer what to do? Laptop is Windows XP SP2. SBS is standard edition. I
got
>it running a long time ago with an XP SP1 machine.
>
>Thanks,
>Raymond
>
>
>

.

---

• Follow-Ups:
  • RE: another VPN problem, arror 721/800
    • From: Raymond

• References:
  • another VPN problem, arror 721/800
    • From: Raymond

• Prev by Date: RE: RWW Issue
• Next by Date: Re: Schedual NtBackup not working after I used UPHClean
• Previous by thread: another VPN problem, arror 721/800
• Next by thread: RE: another VPN problem, arror 721/800
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Some Questions ... you may need to follow the steps below to configure VPN access ... And make sure you have typed the public FQDN of the SBS ... server on the Web Server Certificate page. ... log in and download Connection Manager. ... (microsoft.public.windows.server.sbs) RE: Service Pack 1 on SBS 2003 Premium ... reinstalled the SP1 from CD again, ... Restart Windows Management Instrumentation service. ... Close the registry editor and restart the server at a non-business time ... Have you applied the whole SBS SP1 successfully? ... (microsoft.public.windows.server.sbs) RE: Service Pack 1 on SBS 2003 Premium ... reinstalled the SP1 from CD again, ... Restart Windows Management Instrumentation service. ... Close the registry editor and restart the server at a non-business time ... Have you applied the whole SBS SP1 successfully? ... (microsoft.public.windows.server.sbs) Re: The list of servers for this workgroup is not currently availi ... Select Windows Small Business Server 2003 and then click Change/Remove. ... You may prompt to inset SBS installation CD. ... Our only problem w/ connecting to the branch office is mapping ... (microsoft.public.windows.server.sbs) RE: SBS 2003 Standard - Update to SP 1 fails ... order to prepare SBS server to deploy Windows XP SP2 to client computers ... that are running Windows XP Professional. ... The SBS SP1 launcher need copy ... please install it and then ... (microsoft.public.windows.server.sbs)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.sbs  > 2005-06