RE: VPN error 800
- From: "Tony" <Tony@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 18 Aug 2005 04:43:02 -0700
Hi and thanks Edward for the fast reply.
The problem is solved!
I had already done all the testing from the inside of the firewall you
described and had still connection problem from outside the firewall.
I narrowed down the problem to the hardware router the client location, it
has some sort of hardware error. Disconnected the client side router and
tried to connect to the server with VPN and it succeded!
I upgraded the firmware on the router at the company location to be on the
safe side.
All works now!
Thanks again for the fast and helpfull answer
Best regards Tony
"Edward Tian" wrote:
> Dear Tony:
> Thank you for posting here.
>
> Generally speaking, we need to enable TCP port 1723, as well as an
> additional IP port 47 (GRE protocol) on all routers and firewalls between a
> PPTP client and a PPTP server. The router must be able to pass Generic
> Route Encapsulation (GRE) protocol 47 for PPTP traffic to connect correctly
> to use VPN. When a cable/DSL router cannot map GRE protocol 47 to the
> Routing and Remote Access server, you cannot connect to the server from the
> Internet. To verify whether the router is the root cause, please do the
> following steps:
>
> a. Please temporarily place a client directly connected to the external NIC
> of the SBS Server. You can connect the external network adapter of the SBS
> Server to a simple hub and connect the client to the same hub.
>
> b. Manually configure the TCP/IP settings on the client computer to be on
> the same subnet as the external network adapter of the SBS Server.
>
> c. Turn off the Firewall Client on the client computer.
>
> d. Configure the VPN connection on the client and do a VPN test. (Please
> manually create a new VPN connection)
>
> Does this problem persist?
>
> If the issue persts, we may need to check the SBS server to see whether it
> has been configured to allow inbound VPN traffic.
>
> Please help me confirm the following information:
> 1. Do you have ISA installed? If so, ISA2k or ISA2k4?
>
> 2. Have you run the Configure Remote Access Wizard? This will help you
> automatically configure the SBS box to be the VPN server.
>
> 3. Does this problem occur on all the remote clients?
>
> In addition: You can use PPTP Ping to test if 1723 port and GRE protocol
> are allowed to pass through. To do so:
> a. Please run Pptpsrv.exe on the server side.
> b. Run Pptpclnt.exe [ServerName or IPaddress] on remote client.
> c. When prompted by Pptpclnt.exe, type some text to send to Pptpsrv.exe,
> and then click Enter.
> d. You will see the text received at the host running Pptpsrv.exe. Then you
> will see five GRE packets sent from Pptpclnt.exe and received at
> Pptpsrv.exe.
> Provide me with the output for reference.
> NOTE: PPTP Ping tools (Pptpclnt and Pptpsrv) exist in Windows XP support
> tools. For your convenience, I have attached the file within this reply.
> NOTE: You should stop the Routing and Remote Access service on the RRAS
> (VPN) server so that PPTPSRV can bind to port 1723
> Basically, we will use PPTP Ping utility to determine whether any hardware
> router or firewall is blocking GRE Protocol 47. The router must be able to
> pass Generic Route Encapsulation (GRE) protocol 47 for PPTP traffic to
> connect correctly to use VPN. When a cable/DSL router cannot map GRE
> protocol 47 to the Routing and Remote Access server, you cannot connect to
> the server from the Internet.
>
> Hope it helps. I appreciate you taking time to perform the test.
> If you have any questions and concerns, please feel free to let me know.
>
> Have a nice day! :)
>
> Best Regards
> Edward Tian(MSFT)
> Microsoft CSS Online Newsgroup Support
>
> Get Secure! - www.microsoft.com/security
> ======================================================
> This newsgroup only focuses on SBS technical issues. If you have issues
> regarding other Microsoft products, you'd better post in the corresponding
> newsgroups so that they can be resolved in an efficient and timely manner.
> You can locate the newsgroup here:
> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>
> When opening a new thread via the web interface, we recommend you check the
> "Notify me of replies" box to receive e-mail notifications when there are
> any updates in your thread. When responding to posts via your newsreader,
> please "Reply to Group" so that others may learn and benefit from your
> issue.
>
> Microsoft engineers can only focus on one issue per thread. Although we
> provide other information for your reference, we recommend you post
> different incidents in different threads to keep the thread clean. In doing
> so, it will ensure your issues are resolved in a timely manner.
>
> For urgent issues, you may want to contact Microsoft CSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
> Any input or comments in this thread are highly appreciated.
> ======================================================
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
> --------------------
> | Thread-Topic: VPN error 800
> | thread-index: AcWifhkA7ZuSEpiwQeG5rdi1kr/Rkg==
> | X-WBNR-Posting-Host: 213.114.159.10
> | From: "=?Utf-8?B?VG9ueQ==?=" <Tony@xxxxxxxxxxxxxxxxxxxxxxxxx>
> | Subject: VPN error 800
> | Date: Tue, 16 Aug 2005 09:18:11 -0700
> | Lines: 16
> | Message-ID: <DF06FF7F-1166-4945-996C-BC14AD86CC36@xxxxxxxxxxxxx>
> | MIME-Version: 1.0
> | Content-Type: text/plain;
> | charset="Utf-8"
> | Content-Transfer-Encoding: 7bit
> | X-Newsreader: Microsoft CDO for Windows 2000
> | Content-Class: urn:content-classes:message
> | Importance: normal
> | Priority: normal
> | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> | Newsgroups: microsoft.public.windows.server.sbs
> | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
> | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGXA03.phx.gbl
> | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:144920
> | X-Tomcat-NG: microsoft.public.windows.server.sbs
> |
> | Hello
> | I have a problem with a companys VPN connection.
> | Currently running SBS2003
> | Client's are XP SP2
> |
> | The server has worked before and suddenly they can't connect with PPTP
> from
> | windows XP client to the SBS server outside the firewall, they get error
> 800.
> | But they can connect with PPTP to the SBS server from the inside the
> firewall.
> |
> | I checked the hardware router and the port 1723 are open and pointing to
> the
> | servers internal IP address.
> |
> | One thing that maybe are the root of the problem:The SBS server are
> checking
> | windows update and installs the necessary updates per automatic.
> | Can some of the updates changed something on the SBS server?
> |
> |
.
- Follow-Ups:
- RE: VPN error 800
- From: Edward Tian
- RE: VPN error 800
- References:
- VPN error 800
- From: Tony
- RE: VPN error 800
- From: Edward Tian
- VPN error 800
- Prev by Date: Re: Problems when offer remote assistance
- Next by Date: http://companyweb /remote /backup /Monitoring HELP
- Previous by thread: RE: VPN error 800
- Next by thread: RE: VPN error 800
- Index(es):
Relevant Pages
|
Loading
