RE: Enabling VPN Remote Access using SBS 2003 standard with ISA 2004

Dear Cary:
Thanks for posting here.

>From the description, I understand that after you installed ISA 2004 on the
SBS Server, the inbound VPN connection no longer worked. And you received
error 80070490 when running the Remote Access Wizard. If I have
misunderstood your concern, please do let me know.

Before we go any further, I would like to confirm if you are using SBS 2003
Standard Server SP1 with ISA 2004? Is ISA server installed from the Premium
SP1 CD, or purchased separately? Generally speaking, it is recommended that
ISA 2004 be installed on the SBS 2003 Premium with SP1 applied. Installing
ISA 2004 on SBS Standard Server will cause unexpected problems. If that is
the case, I strongly recommend you upgrade to the Premium SP1.

Here, I would still like to provide some suggestions. Since there are
several issues in this case, I suggest that we handle them one by one.

Regarding the Remote Access Wizard failure:
Based on my research, the error 80070490 you met in the process of Wizard
can be caused by invalid value of the registry key.

If the registry keys are set to the incorrect adapters, you can use the
following steps to modify the registry values to present the correct
adapters:

Note: The steps are listed in 'Method 3' in KB '875422 "The wizard cannot
set the DHCP scope options" error message when you -
http://support.microsoft.com/?id=875422

1. Click "Start", click "Run", type "regedit", and then click "OK".

2. Locate the following registry subkey, where <{GUID}> is the ID of the
LAN network card:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interf
aces\{GUID}

NOTE: We can review the "DhcpIPAddress" or "IPAddress" registry entries to
determine the correct GUID for the LAN adapter, and then note the GUID.
Make a note of the external network adapter GUID also.

3. Locate the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SmallBusinessServer

4. In the "SmallBusinessServer" subkey, make sure that the value of the
"LANNIC" entry is the GUID of the LAN adapter that you noted in step 2.

5. Locate the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SmallBusinessServer\Connectivity\ICW

6. In the "ICW" subkey, set the value of the "Last_1st_Nic_Guid" entry to
the LAN adapter GUID that you noted in step 2, and then set the value of
the "Last_2nd_Nic_Guid" entry to the external network adapter GUID that you
noted in step 2.

7. Quit Registry, re-run the CEICW and then run Remote Access Wizard again,
see if the issue persists.

To run CEICW Wizard, you can refer to this step-by-step article:

825763 How to configure Internet access in Windows Small Business Server
2003
http://support.microsoft.com/?id=825763

Regarding the VPN issue:
If the VPN problem is urgent, we need to perform the following test to
narrow down the issue:
a. Please temporarily place a client directly connected to the external NIC
of the SBS Server. You can connect the external network adapter of the SBS
Server to a simple hub and connect the client to the same hub.

b. Manually configure the TCP/IP settings on the client computer to be on
the same subnet as the external network adapter of the SBS Server.

c. Turn off the Firewall Client on the client computer.

d. Configure the VPN connection on the client and do a VPN test.

Result 1:
If the VPN connection is successfully established, the root cause may be
related to the hardware router or the remote client.

I suggest you refer to this article to manually configure the VPN settings
on the remote client other than using the sbspackage.exe:

How to configure a VPN connection to your corporate network in Windows XP
Professional
http://support.microsoft.com/default.aspx?scid=KB;EN-US;305550

Then establish the VPN connection again from the remote client, does the
problem persist? If it still doesn't work, then the hardware routers either
at the ISA end or at the remote side should be the root cause. Please
contact the vendor of the hardware router for more information.
(Technically speaking, error 800 is always caused by hardware router)

Error Message: VPN Connection Error 800: Unable to Establish Connection
http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q319108

Result 2:
If the test is also unsuccessful, it appears that the RRAS component was
not properly configured. We may need to fix the original problem about
"Remote Access WIzard" first.

Meanwhile, please help to gather the following information:
1. Type "ipconfig" on the server side and post the output in the reply.

2. From an internal client, can you VPN to the SBS Server?


Hope the above information helps. Please feel free to let me know if you
have any questions or concerns.

Thank you for your time and patience.

Have a nice day! :)

Best Regards
Edward Tian(MSFT)
Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| Thread-Topic: Enabling VPN Remote Access using SBS 2003 standard with ISA
2004
| thread-index: AcXDkH964Aiv28rCRmSKvuZaoH+UJA==
| X-WBNR-Posting-Host: 208.52.129.54
| From: "=?Utf-8?B?Q2FyeSBEYXJkZW4=?=" <Cary
Darden@xxxxxxxxxxxxxxxxxxxxxxxxx>
| Subject: Enabling VPN Remote Access using SBS 2003 standard with ISA 2004
| Date: Tue, 27 Sep 2005 11:23:03 -0700
| Lines: 24
| Message-ID: <51F8D537-F630-443A-B2ED-627F5B53556D@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:156879
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Hi,
|
| I recently installed ISA 2004 on my SBS 2003 server. Since then I have
not
| been able to get VPN access through the connection manager in the remote
web
| workplace. Therefore none of my remote salespersons can get access to
the
| server, or their email.
|
| I would be grateful for any info that you can offer. I was wondering if
it
| would be possible to let SBS 2003 somehow handle it at least on a
temporary
| basis. I've tried the remote access wizard but it keeps giving me an
error
| and this is where I run into problems using that. The error is:
|
| *** Getting the GUID of the private NIC returned ERROR 80070490
| Private NIC Guid is
| Specifying error location returned OK
| *** CRRASCommit::CommitRRAS returned ERROR 80070490
| *** CRRASCommit::CommitEx returned ERROR 80070490
|
| Also, on the client side when they try to use the connection manager they
| get an error 800. I assume that is just an authorization error, but I'm
not
| sure. Any help would be greatly appreciated.
|
| Thanks in advance for any help!!
|
|

.

Relevant Pages

  • Re: Some Questions
    ... you may need to follow the steps below to configure VPN access ... And make sure you have typed the public FQDN of the SBS ... server on the Web Server Certificate page. ... log in and download Connection Manager. ...
    (microsoft.public.windows.server.sbs)
  • RE: VPN Connection Problems
    ... Note that we are able to successfully VPN into the office. ... to browse the network, RDP to the server or even ping the server. ... > This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • RE: VPN Connection Problem
    ... Thank you for posting in the SBS newsgroup. ... with VPN connection in the SBS 2003 Server network environment. ...
    (microsoft.public.windows.server.sbs)
  • RE: Enabling VPN Remote Access using SBS 2003 standard with ISA 20
    ... I am glad to hear the VPN issue has been resolved! ... on the SBS Server. ... Enabling VPN Remote Access using SBS 2003 standard with ISA ...
    (microsoft.public.windows.server.sbs)
  • RE: SBS 2003 and WAN connections useing Cisco Routers
    ... Thank you for posting in SBS newsgroup. ... do you mean you have created VPN using router to router or router ... server on the Web Server Certificate page. ... 0x2F if you are looking in Network Monitor). ...
    (microsoft.public.windows.server.sbs)