RE: VPN Connection Problem
- From: Bryon Vassen <BryonVassen@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 26 Aug 2005 15:17:02 -0700
Hi Nathan,
Thanks for taking the time to try and help me with my problem, its much
appreciated.
OK now I'm really confused. The setup I have doesn't have a hardware router
on my LAN, the SBS 2003 is doing all of the routing within the LAN so my
router between my modem and SBS box shouldn't come into play. To further
verify this I was able to test the VPN connection from a computer that wasn't
joined to my Domain from an outside high speed connection and was able to get
the VPN to connect and everything worked great. When I hook my laptop, which
is on my domain, up to this same external connection with the same
configuration for the VPN connection I get the 721 error. So with that being
said it should rule out the hardware router as the source of the problem. I
think it almost has to be in the settings on my laptop. This is a brand new
laptop with Windows XP Pro SP2 on it and the only configuration changes that
have been made to it was whatever the server did when it passed the security
policies to it when being joined to the domain. The same holds true for all
of my computer's that have been joined to the domain, I get the 721 error
when trying to connect from and external connection, or internal for that
fact.
Hopefully this information will help narrow down the problem some. And
again thanks for taking the time to try and help me with this problem.
Bryon
""Nathan Liu [MSFT]"" wrote:
> Hi Bryon,
>
> Thank you for your reply.
>
> To narrow down this issue, please perform the below steps:
>
> 1. As you mentioned, since you cannot make a VPN connection over your
> local network now, please re-run the CEICW and Remote Access Wizard to
> re-check the settings. Since your received an error when you are running
> the CEICW to configure the Firewall section, please also re-check if the
> Firewall support UPnP, the CEICW can automatically configure the supported
> UPnP firewall. Additionally, please do a screen capture of this error, and
> then attach it in your reply. If it does not support UPnP, you must
> manually configure it. You may need to contact your hardware vendor to
> require help.
>
> 825763 How to configure Internet access in Windows Small Business Server
> 2003
> http://support.microsoft.com/?id=825763
>
> 2. I have checked the testing result, the TCP Port 1723 correctly open,
> but the GRE Protocol 47 does not pass the PPTP testing. Actually, this
> issue is caused by your hardware router does not permit Generic Routing
> Encapsulation (GRE) protocol traffic. PPTP uses GRE for tunneled data. To
> resolve this issue, simply edit your router to allow GRE 47 protocol. You
> may also need to contact your hardware vendor to ensure the port for GRE 47
> is opened.
>
> For more information:
>
> 888201 You receive an "Error 721" error message when you try to establish a
> VPN
> http://support.microsoft.com/?id=888201
>
> I am appreciated your time and cooperation. If anything is unclear, please
> feel free to let me know. I am looking forward to hearing from you.
>
> Best regards,
>
> Nathan Liu (MSFT)
> Microsoft CSS Online Newsgroup Support
>
> Get Secure! - www.microsoft.com/security
> ======================================================
> This newsgroup only focuses on SBS technical issues. If you have issues
> regarding other Microsoft products, you'd better post in the corresponding
> newsgroups so that they can be resolved in an efficient and timely manner.
> You can locate the newsgroup here:
> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>
> When opening a new thread via the web interface, we recommend you check the
> "Notify me of replies" box to receive e-mail notifications when there are
> any updates in your thread. When responding to posts via your newsreader,
> please "Reply to Group" so that others may learn and benefit from your
> issue.
>
> Microsoft engineers can only focus on one issue per thread. Although we
> provide other information for your reference, we recommend you post
> different incidents in different threads to keep the thread clean. In doing
> so, it will ensure your issues are resolved in a timely manner.
>
> For urgent issues, you may want to contact Microsoft CSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
> Any input or comments in this thread are highly appreciated.
> ======================================================
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
> --------------------
> >Thread-Topic: VPN Connection Problem
> >thread-index: AcWpANZCtffl6ciMQZGPX2qg+l9Bag==
> >X-WBNR-Posting-Host: 209.181.6.73
> >From: =?Utf-8?B?QnJ5b24gVmFzc2Vu?= <BryonVassen@xxxxxxxxxxxxxxxxxxxxxxxxx>
> >References: <1B30173E-B546-475D-BA2B-837F772E0D27@xxxxxxxxxxxxx>
> <pT69OHIqFHA.472@xxxxxxxxxxxxxxxxxxxxx>
> >Subject: RE: VPN Connection Problem
> >Date: Wed, 24 Aug 2005 16:09:10 -0700
> >Lines: 234
> >Message-ID: <88D7BFA0-6FDB-4EDF-BA23-F85C2B0A7B25@xxxxxxxxxxxxx>
> >MIME-Version: 1.0
> >Content-Type: text/plain;
> > charset="Utf-8"
> >Content-Transfer-Encoding: 7bit
> >X-Newsreader: Microsoft CDO for Windows 2000
> >Content-Class: urn:content-classes:message
> >Importance: normal
> >Priority: normal
> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> >Newsgroups: microsoft.public.windows.server.sbs
> >NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
> >Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA03.phx.gbl
> >Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:147530
> >X-Tomcat-NG: microsoft.public.windows.server.sbs
> >
> >Thanks for getting back with me Nathan and here is what I have found.
> >
> >1. I cannot make a VPN connection over my local network now. I was able
> to
> >make VPN connections over my LAN in the past couple of days but something
> >obviously has changed. When I have been trying to figure this out, I make
> a
> >change to test and if it doesn't work I reverse the change to what is was
> >before.
> >
> >2. Here is what happened on each end:
> >
> >Server
> >C:\>pptpsrv.exe
> >
> >Error 10048 binding Socket:
> >WSAEADDRINUSE: Address already in use
> >
> >Created socket for GRE protocol test
> >
> >Listening on PROTOCOL 47 for incoming GRE packets...
> >
> >Windows XP SP2 Client
> >C:\Program Files\Support Tools>pptpclnt.exe billings1
> >
> >Initializing WinSock...
> >Obtaining host information...
> >Successfully resolved server's host information
> >
> >======================================
> >Enter data to send to server (between 1 and 255 chrs.), then hit enter:
> >-->help me
> >
> >Successfully connected to server using TCP port 1723 (PPTP)
> >Sending data to server
> >
> >Waiting for a reply to the data which was just sent...
> >Received a reply. Reply contains the following text:
> >--->
> >
> >=================================
> >Connectivity test to TCP Port 1723 was successful!!!
> >Closing down socket...
> >=================================
> >
> >Creating a socket to test GRE protocol traffic...
> >
> >Total GRE packets sent = 1
> >Total GRE packets sent = 2
> >Total GRE packets sent = 3
> >Total GRE packets sent = 4
> >Total GRE packets sent = 5
> >
> >=====================================
> >Check server to see if the GRE packets were received successfully
> >=====================================
> >
> >Closing down socket
> >
> >Goodbye!
> >
> >Nothing is received on the server end.
> >
> >3. I was unable to create a connection. It gets to username and password
> >but then I get error 721 after 30 seconds.
> >
> >4. I reran CEICW and made sure the VPN connection was checked in the
> >Firewall section but everytime it goes to configure I get an error on the
> >firewall. Everything else takes just fine.
> >
> >5. I didn't bother to update my firmware as of yet because I figured the
> >issues above were the problem since I was able to create a VPN connection
> >before with the same router and settings.
> >
> >Thanks again for your help, I hope we can figure this out as I'm going
> nuts.
> >
> >Bryon
> >
> >""Nathan Liu [MSFT]"" wrote:
> >
> >> Hello Bryon,
> >>
> >> Thank you for posting in the SBS newsgroup.
> >>
> >> According to your description, I understand that you have some problems
> >> with VPN connection in the SBS 2003 Server network environment. If I
> have
> >> misunderstood your concern, please don't hesitate to let me know.
> >>
> >> Let's first focus on the first problem, after it is resolved, we will
> >> continue to work on the second problem. Thanks for your understanding.
> >>
> >> 1. To determine if this is the router issue or the SBS issue, I suggest
> >> you create a VPN connection on one of your internal client and check if
> it
> >> can connects to the SBS server. If it connects to the server through a
> VPN
> >> connection fine, this should be the router networking issue. I would
> >> suggest you check if TCP port 1723 and Generic Route Encapsulation (GRE)
> >> (Protocol 47) are opened.
> >>
> >> 2. Error 721 is usually caused by firewalls'' not passing through GRE
> >> packets. We can verify if the GRE packets is blocked by using the PPTP
> Ping
> >> utilities. Stop the Routing and Remote Access service on the SBS server
> and
> >> run PPTPSRV. On the VPN client, run PPTPCLNT. We can use the PPTP Ping
> tool
> >> included in Windows XP Support tools to check whether the ports are
> opened
> >> to allow VPN connection. You can find Windows XP support tool from the
> >> "Support\Tools" folder in the Windows XP CD.
> >>
> >> a) Get two utilities pptpsrv.exe and pptpclnt.exe from the Windows XP
> >> support tools.
> >>
> >> b) Run the pptpsrv.exe utility on the SBS server.
> >>
> >> c) Run the pptpclnt.exe utility on the problem Windows XP
> >> Professional-based computer. I assume that the IP address of the VPN
> server
> >> is 202.123.123.1, you need to run the command "pptpclnt 202.123.123.1".
> >>
> >> d) Input a string to perform a test.
> >>
> >> Both utilities can check if the TCP 1723 is opened on all devices from
> >> computer A and computer B. They can also check if GRE Protocol 47 can be
> >> transferred from the computer A and computer B.
> >>
> >> More information:
> >>
> >> 888201 You receive an "Error 721" error message when you try to
> establish a
> >> VPN
> >> http://support.microsoft.com/?id=888201
> >>
> >> 3. If you directly connect a workstation to the external NIC, manually
> >> configure the IP address of workstation (make sure that the workstation
> IP
> >> and the server external IP are in the same subnet) and then manually
> create
> >> a VPN dial entry. Can you establish the VPN session?
> >>
> >> 4. If the issue persists, please re-run the CEICW to configure the
> >> internet connections and run the Remote Access wizard to enable the VPN
> >> server?
> >>
> >> More info:
> >> 825763 How to configure Internet access in Windows Small Business Server
> >> 2003
> >> http://support.microsoft.com/?id=825763
> >>
> >> 5. In addition, you may try to upgrade the firmware of the router to
> see
> >> if the problem will be resolved.
> >>
> >> I am appreciated your time and cooperation. If anything is unclear,
> please
> >> feel free to let me know. I am looking forward to hearing from you.
> >>
> >> Best regards,
> >>
> >> Nathan Liu (MSFT)
> >> Microsoft CSS Online Newsgroup Support
> >>
> >> Get Secure! - www.microsoft.com/security
> >> ======================================================
> >> This newsgroup only focuses on SBS technical issues. If you have issues
> >> regarding other Microsoft products, you'd better post in the
> corresponding
> >> newsgroups so that they can be resolved in an efficient and timely
> manner.
> >> You can locate the newsgroup here:
> >> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
> >>
> >> When opening a new thread via the web interface, we recommend you check
> the
> >> "Notify me of replies" box to receive e-mail notifications when there
> are
> >> any updates in your thread. When responding to posts via your
> newsreader,
> >> please "Reply to Group" so that others may learn and benefit from your
> >> issue.
> >>
> >> Microsoft engineers can only focus on one issue per thread. Although we
> >> provide other information for your reference, we recommend you post
> >> different incidents in different threads to keep the thread clean. In
> doing
> >> so, it will ensure your issues are resolved in a timely manner.
> >>
> >> For urgent issues, you may want to contact Microsoft CSS directly.
> Please
> >> check http://support.microsoft.com for regional support phone numbers.
> >>
> >> Any input or comments in this thread are highly appreciated.
> >> ======================================================
> >> This posting is provided "AS IS" with no warranties, and confers no
> rights.
> >>
> >> --------------------
> >> >Thread-Topic: VPN Connection Problem
> >> >thread-index: AcWng7kcxCnuae3ZQxCZxnfh8erLUw==
> >> >X-WBNR-Posting-Host: 209.181.6.73
> >> >From: =?Utf-8?B?QnJ5b24gVmFzc2Vu?=
> <BryonVassen@xxxxxxxxxxxxxxxxxxxxxxxxx>
.
- Follow-Ups:
- RE: VPN Connection Problem
- From: "Nathan Liu [MSFT]"
- RE: VPN Connection Problem
- References:
- VPN Connection Problem
- From: Bryon Vassen
- RE: VPN Connection Problem
- From: "Nathan Liu [MSFT]"
- RE: VPN Connection Problem
- From: Bryon Vassen
- RE: VPN Connection Problem
- From: "Nathan Liu [MSFT]"
- VPN Connection Problem
- Prev by Date: Re: Security Breached - New SBS Installation
- Next by Date: Re: Security Breached - New SBS Installation
- Previous by thread: RE: VPN Connection Problem
- Next by thread: RE: VPN Connection Problem
- Index(es):
Relevant Pages
|
