RE: VPN connection
- From: v-edtian@xxxxxxxxxxxxxxxxxxxx (Edward Tian)
- Date: Mon, 26 Sep 2005 03:39:46 GMT
Hi:
Thank you for posting here.
>From your description, I understand that when you try to establish a VPN
connection from a remote client, the connection terminated in the process
of verifying the password and you received an error 721. If you plug the
computer into the router and establish the VPN connection, you received an
error 781. If I am off base, please feel free to let me know.
Based on my research, such kind of problem is usually caused by GRE packet
not properly being allowed on a router.
You receive an "Error 721" error message when you try to establish a VPN
connection through your Windows Server-based remote access server
http://support.microsoft.com/default.aspx?scid=KB;EN-US;888201
Regarding error 781, hardware router may also cause the problem:
Remote VPN Clients Cannot Log On to Network
http://support.microsoft.com/default.aspx?scid=KB;EN-US;329858
To verify whether the router is the root cause, please do the following
steps:
a. Please temporarily place a client directly connected to the external NIC
of the SBS Server. You can connect the external network adapter of the SBS
Server to a simple hub and connect the client to the same hub.
b. Manually configure the TCP/IP settings on the client computer to be on
the same subnet as the external network adapter of the SBS Server. (Point
the default gateway to the external NIC of the SBS box)
c. Turn off the Firewall Client on the client computer if ISA is installed.
d. Configure the VPN connection on the client and do a VPN test.
If the above test works fine, it reveals that the traffic is blocked by the
hardware router.
We can use the PPTP Ping utility to test if 1723 port and GRE protocol are
allowed to pass through. To do so:
a. Please run Pptpsrv.exe on the server side.
b. Run Pptpclnt.exe [ServerName or IPaddress] on remote client.
c. When prompted by Pptpclnt.exe, type some text to send to Pptpsrv.exe,
and then click Enter.
d. You will see the text received at the host running Pptpsrv.exe. Then you
will see five GRE packets sent from Pptpclnt.exe and received at
Pptpsrv.exe.
Provide me with the output for reference.
NOTE: PPTP Ping tools (Pptpclnt and Pptpsrv) exist in Windows XP support
tools. For your convenience, I have attached the file within this reply.
NOTE: You should stop the Routing and Remote Access service on the RRAS
(VPN) server so that PPTPSRV can bind to port 1723.
Basically, we will use PPTP Ping utility to determine whether any hardware
router or firewall is blocking GRE Protocol 47. The router must be able to
pass Generic Route Encapsulation (GRE) protocol 47 for PPTP traffic to
connect correctly to use VPN. When a cable/DSL router cannot map GRE
protocol 47 to the Routing and Remote Access server, you cannot connect to
the server from the Internet.
More information about GRE 47:
GRE Protocol 47 Packet Description and Use
http://support.microsoft.com/default.aspx?scid=KB;[LN];241251
I appreciate you taking time to perform the test. Please feel free to let
me know if you have any questions or concerns.
Have a nice day! :)
Best Regards
Edward Tian(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: VPN connection
| thread-index: AcXBR7eArtjX3ax5R0SqiRecsQ+dZg==
| X-WBNR-Posting-Host: 4.159.5.252
| From: =?Utf-8?B?RGFu?= <Dan@xxxxxxxxxxxxxxxxxxxxxxxxx>
| Subject: VPN connection
| Date: Sat, 24 Sep 2005 13:37:01 -0700
| Lines: 17
| Message-ID: <2D91CCB2-0422-43C3-9B74-58B31B058EA3@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:156180
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| I am trying to establish a vpn connection and it doesn't seem to be
working.
| When I plug the computer into to router that the internet comes into and
then
| goes to the server I receive the error: "The encryption attempt failed
| because no valid certificate was found. (Error 781) For customized
| troubleshooting information for this connection, click Help".
|
| If I dial up to the internet and try to vpn to the server it does through
| the following steps:
| Establishing secure connection to ...
| Verifying the password for administrator (1 seconds).
| Verifying the password for administrator (2 seconds).
| Verifying the password for administrator (3 seconds).
| ...
| Verifying the password for administrator (30 seconds).
| The remote computer is not responding. (Error 721) For customized
| troubleshooting information for this connection, click Help.
| Pausing before reconnecting (2 seconds)..
|
.
- Prev by Date: RE: Can't execute visual basic script on a GPO
- Next by Date: RE: Can't execute visual basic script on a GPO
- Previous by thread: Re: vpn connection
- Next by thread: Re: vpn connection
- Index(es):
Relevant Pages
|
