RE: another VPN problem, arror 721/800
- From: v-natliu@xxxxxxxxxxxxxxxxxxxx (Nathan Liu [MSFT])
- Date: Thu, 16 Jun 2005 11:24:38 GMT
Hello Raymond,
Thank you for your update.
As you mentioned, " When I create another VPN connection where I won't
state my public IP address but just the internal name of the SBS server,
then it's no problem. The VPN connection is running.", since the VPN only
cannot work on external, it could most likely be related to the
configuration of the router or ADSL Modem.
Here are the explanations of the response form the PPTP test:
WSAEADDRINUSE (10048)
---------------------
- Translation: Address already in use.
- Description: Typically, only one usage of each socket address
(protocol/IP address/port) is permitted. This error occurs if a program
tries to bind (Wsapiref_6vzm.asp) a socket to an IP address or port that
has already been used for an existing socket, a socket that was not closed
correctly, or a socket that is still in the process of closing. For server
programs that have to bind multiple sockets to the same port number,
consider using setsockopt (Wsapiref_94aa.asp)(SO_REUSEADDR). Client
programs typically do not have to call bind at all, connect
(Wsapiref_8m7m.asp) chooses an unused port automatically. When a bind is
called with a wildcard address (involving ADDR_ANY), a WSAEADDRINUSE error
may be delayed until the specific address is committed. This may occur
with a call to another function that occurs later, including connect,
listen, WSAConnect, or WSAJoinLeaf.
To narrow down this issue, please perform the below steps:
1. On the VPN Client, go to command prompt, type following command: ping
[IP address] -f -l 1400.
NOTE: The IP address in the command line is the Public IP address of the
Router on which 1723 is redirected.
2. On the VPN Client, open the VPN connection application, look under the
networking tab. If it is set to Automatic-Change it to PPTP and try
connecting again.
3. Contact the Router Vendor to make sure that the Router device supports
multiple PPTP VPN connections simultaneously.
4. I understand that you are running SBS standard but I would like to
double check if there is ISA installed on the SBS 2003. Generally, this
issue occurs because the Configure E-mail and Internet Connection Wizard
(sometimes known as CEICW) do not enable PPTP connections through the
Microsoft Internet Security and Acceleration (ISA) firewall. At the same
time, I suggest you refer to the steps in following article to see if it
helps:
886621 You receive an "Unable to establish the VPN connection" error
message
http://support.microsoft.com/?id=886621
Note: Use Method 1 in article 886621 if you want to enable remote access
when your client computers connect to your server over the Internet. Use
Method 2 if your internal LAN clients must access a remote PPTP VPN Server.
5. To disable the Windows XP2 firewall, please refer to the following
steps:
a. Click Start, point to Settings -> Control Panel, double-click Windows
Firewall.
b. On the dialog box, select Off. Then click OK.
Alternatively, since this issue is rather complicated, to resolve it, we
may need more deeper troubleshooting and collect more log, it is
recommended that you contact CSS support, since there could have more
interactive troubleshoot process with Microsoft Support professional and
even have remote assistance. Due to support nature of public newsgroup, it
is not convenient to be done here.
To obtain the phone numbers for specific technology request please take a
look at the web site listed below.
http://support.microsoft.com/default.aspx?scid=fh;EN-US;PHONENUMBERS
If you are outside the US please see http://support.microsoft.com for
regional support phone numbers.
To get additional information, you may refer to the following KB article:
283628 How to Enable PPTP Clients to Connect Through an ISA Firewall
http://support.microsoft.com/?id=283628
323441 How To Install and Configure a Virtual Private Network Server in
Windows
http://support.microsoft.com/?id=323441
837453 How to use the Windows Server 2003 Routing and Remote Access Service
or
http://support.microsoft.com/?id=837453
I'm looking forward to your update. If you have any questions or concerns,
please do not hesitate to let me know. I am always happy to be of further
assistance.
Best regards,
Nathan Liu (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
>Thread-Topic: another VPN problem, arror 721/800
>thread-index: AcVxHMk+weHmG/gWRDydSUJvCLWTIw==
>X-WBNR-Posting-Host: 80.127.28.146
>From: "=?Utf-8?B?UmF5bW9uZA==?=" <Raymond@xxxxxxxxxxxxxxxxxxxxxxxxx>
>References: <49E17FEA-CBB3-4926-85E7-8140743CA3DD@xxxxxxxxxxxxx>
<n2XsIiMcFHA.3336@xxxxxxxxxxxxxxxxxxxxx>
>Subject: RE: another VPN problem, arror 721/800
>Date: Tue, 14 Jun 2005 13:08:09 -0700
>Lines: 186
>Message-ID: <C1C400A8-A7E4-4699-978E-11B63A96B1EE@xxxxxxxxxxxxx>
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="Utf-8"
>Content-Transfer-Encoding: 7bit
>X-Newsreader: Microsoft CDO for Windows 2000
>Content-Class: urn:content-classes:message
>Importance: normal
>Priority: normal
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>Newsgroups: microsoft.public.windows.server.sbs
>NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGXA03.phx.gbl
>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:127303
>X-Tomcat-NG: microsoft.public.windows.server.sbs
>
>Hi Nathan,
>
>Thanks for responding. See my comments on your questions please. Hopefully
>that will give you an idea. I'm stuck here.
>
>"Nathan Liu [MSFT]" wrote:
>
>> Hello Raymond,
>>
>> Thank you for posting in the SBS newsgroup.
>>
>> According to your description, I understand that you received the error
>> message 721/800 when you try to access the SBS Server via VPN. If I have
>> misunderstood your concern, please don't hesitate to let me know.
>>
>> To narrow down this issue, please answer and perform the following
>> questions and steps below:
>>
>> 1. As you mentioned, you got it running a long time ago with an XP SP1
>> machine, but now you cannot correctly use VPN on an other Windows XP
SP2.
>> Please try to disable the Windows Firewall on the Windows XP SP2
computer
>> and any other third-party firewall softwares, then try again. Please
check
>> if the issue can be re-produced.
>
>I don't know how to disable the XP2 firewall. I have installed XP Pro SP1
on
>another laptop. I'm testing it within my LAN. When i use the VPN
connection,
>where in the config my public IP address is stated(the 1 you would use
when
>your remote) both won't work. When i create another VPN connection where i
>won't state my public IP address but just the internal name of the SBS
>server, then it's no problem. The VPN connection is running.
>>
>> 2. Please use more computers to test if it correctly work at internal
or
>> external.
>>
>> 3. Since you received the error message 721, the error 721 means that
your
>> router or ADSL Modem is not passing through the GRE-protocol (47) to
your
>> server. Please double-check this configuration. In addition, I suggest
you
>> need to upgrade the ADSL Modem firmware, and then try again. Please
check
>> if the issue can be re-produced.
>
>I update the firmware a while ago. Latest firmware.
>>
>> 4. There are two NIC installed on the SBS server. If you directly
connect
>> a workstation to the external NIC, manually configure the IP address of
>> workstation (make sure that the workstation IP and the server external
IP
>> are in the same subnet) and then manually create a VPN dial entry. Can
you
>> establish the VPN session?
>
>I have done this with the config with the public IP address and after 1
sec
>it said error 800.
>>
>> 5. Please refer to the following information to check the ADSL Modem
>> configuration:
>>
>> Generally speaking, the following ports should be opened:
>>
>> TCP 25 This port is used for incoming SMTP traffic. If you are using
POP3
>> connector, it's not necessary to open this port.
>> TCP 110 This port is used for POP3 mail clients. If there is no external
>> POP3 mail user, it's not necessary to open this port.
>> TCP 443 SSL for OWA, RWW sites
>> TCP 444 SSL for Companyweb
>> TCP 4125 Remote Web Workplace
>> TCP 3389 Terminal services
>> TCP 1723 PPTP VPN connection
>> GRE port (protocol number 47) This port is used for incoming PPTP VPN
>> connection.
>
>All those ports are open, except port 110.
>>
>> 6. We also can use the PPTP Ping tool included in Windows XP Support
tools
>> to check whether the ports are opened to allow VPN connection. You can
find
>> Windows XP support tool from the "Support\Tools" folder in the Windows
XP
>> CD.
>
>I found them and i ran the pptpsrv on the server but i got an error,
10048,
>address already in use.
>
>>
>> a) Get two utilities pptpsrv.exe and pptpclnt.exe from the Windows XP
>> support tools.
>>
>> b) Run the pptpsrv.exe utility on the SBS server.
>>
>> c) Run the pptpclnt.exe utility on the problem Windows XP
>> Professional-based computer. I assume that the IP address of the VPN
server
>> is 202.123.123.1, you need to run the command "pptpclnt 202.123.123.1".
>>
>> d) Input a string to perform a test.
>>
>> Both utilities can check if the TCP 1723 is opened on all devices from
>> computer A and computer B. They can also check if IP Protocol 47 can be
>> transferred from the computer A and computer B.
>>
>> In addition, I suggest that you refer to the following KB articles to
check
>> this issue:
>>
>> 319108 Error Message: VPN Connection Error 800: Unable to Establish
>> Connection
>> http://support.microsoft.com/?id=319108
>>
>> 888201 You receive an "Error 721" error message when you try to
establish a
>> VPN
>> http://support.microsoft.com/?id=888201
>>
>> 241251 VPN Tunnels - GRE Protocol 47 Packet Description and Use
>> http://support.microsoft.com/?id=241251
>>
>> How to configure a connection to a virtual private network (VPN) in
Windows
>> XP
>> http://support.microsoft.com/default.aspx?kbid=314076
>>
>> 825763 How to configure Internet access in Windows Small Business Server
>> 2003
>> http://support.microsoft.com/?id=825763
>>
>>
>> If the issue still persists, please help me collect the following
>> information for further troubleshooting:
>>
>> 1. Please help me describe the network topology in detail.
>>
>> 2. Please locate the Icwdetails.htm file from
>> %sbsprogramdir%\Networking\ICW folder, copy all contexts in the file and
>> paste it in your reply.
>>
>>
>> I'm looking forward to your update. If you have any questions or
concerns,
>> please do not hesitate to let me know. I am always happy to be of
further
>> assistance.
>>
>> Best regards,
>>
>> Nathan Liu (MSFT)
>> Microsoft CSS Online Newsgroup Support
>> Get Secure! - www.microsoft.com/security
>> =====================================================
>> When responding to posts, please "Reply to Group" via your newsreader so
>> that others may learn and benefit from your issue.
>> =====================================================
>> This posting is provided "AS IS" with no warranties, and confers no
rights.
>>
>> --------------------
>> >Thread-Topic: another VPN problem, arror 721/800
>> >thread-index: AcVwVcqCzdwe9Nq4TOuZ4o/p8ebeqA==
>> >X-WBNR-Posting-Host: 80.127.28.146
>> >From: "=?Utf-8?B?UmF5bW9uZA==?=" <Raymond@xxxxxxxxxxxxxxxxxxxxxxxxx>
>> >Subject: another VPN problem, arror 721/800
>> >Date: Mon, 13 Jun 2005 13:23:42 -0700
>> >Lines: 15
>> >Message-ID: <49E17FEA-CBB3-4926-85E7-8140743CA3DD@xxxxxxxxxxxxx>
>> >MIME-Version: 1.0
>> >Content-Type: text/plain;
>> > charset="Utf-8"
>> >Content-Transfer-Encoding: 7bit
>> >X-Newsreader: Microsoft CDO for Windows 2000
>> >Content-Class: urn:content-classes:message
>> >Importance: normal
>> >Priority: normal
>> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>> >Newsgroups: microsoft.public.windows.server.sbs
>> >NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
>> >Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
>> >Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:126979
>> >X-Tomcat-NG: microsoft.public.windows.server.sbs
>> >
>> >Hi all,
>> >
>> >Again someone with that 721/800 vpn problem :(
>> >
>> >I have a speedtouch 510i adsl modem. Port 1723 is forwarded to my ext
NIC.
>> >Via telnet, nat create, i added protocol GRE to the modem. I ran the
CEICW
>> >again, selected VPN, and also the RRAS wizard. I tried to run VPN
inside
>> the
>> >LAN and it didnt work. I didnt work remotely as well. Anyone with
another
>> >pointer what to do? Laptop is Windows XP SP2. SBS is standard edition.
I
>> got
>> >it running a long time ago with an XP SP1 machine.
>> >
>> >Thanks,
>> >Raymond
>> >
>> >
>> >
>>
>>
>
.
- Follow-Ups:
- RE: another VPN problem, arror 721/800
- From: Raymond
- RE: another VPN problem, arror 721/800
- References:
- another VPN problem, arror 721/800
- From: Raymond
- RE: another VPN problem, arror 721/800
- From: Nathan Liu [MSFT]
- RE: another VPN problem, arror 721/800
- From: Raymond
- another VPN problem, arror 721/800
- Prev by Date: RE: Post SP1, SBS 2003 Premium, SQL 2000 install, trying to migrate WS
- Next by Date: Re: 2 different ISA Client System Tray icons
- Previous by thread: RE: another VPN problem, arror 721/800
- Next by thread: RE: another VPN problem, arror 721/800
- Index(es):
Relevant Pages
|
Loading
