RE: Remote Access and ISA Server in SBS 2003?

---

• From: v-edtian@xxxxxxxxxxxxxxxxxxxx (Edward Tian)
• Date: Wed, 12 Oct 2005 03:59:18 GMT

---

Dear Tom:
Thank you for posting here.

>From the description, I understand that after you upgraded the SBS Server
to SBS 2003, the remote clients can no longer establish the VPN connection
to the SBS Server and you received an error 800 message. If I have
misunderstood your concern, please do let me know.

Based on my experience, error 800 is caused by a router that has outdated
firmware in some cases. Please check this KB article to see if your
hardware router has applied the latest firmware. You may contact the vendor
of the hardware router for more detailed information.

Error Message: VPN Connection Error 800: Unable to Establish Connection
http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q319108

If the problem appears not to be caused by the hardware device, we may need
to narrow down the issue:

First please re-run the CEICW Wizard, the wizard will help us automatically
configure the internet access. Make sure the "Virtual Private Networking
(VPN)" option is enabled on the Services Configuration page in the process
of the wizard. You can refer to this step-by-step KB article to complete
the wizard:

825763 How to configure Internet access in Windows Small Business Server
2003
http://support.microsoft.com/?id=825763

Then we need to run the "Remote Access Wizard" to enable the VPN Server
feature:
1. On the SBS server, click To Do List in the left pane of the Server
Management console.
2. Under Network Tasks, click Configure Remote Access.
3. Click Next, click Enable Remote Access, click to select the VPN Access
check box, and then click Next.
4. Type the fully qualified public domain name (FQDN) of your server, click
Next, and then click Finish.
5. When the wizard is completed, click Close.

Note: The steps are also listed in this KB article (Method 1 section):

You receive an "Unable to establish the VPN connection" error message when
your Windows Small Business Server 2003-based client computer try to make
an outgoing PPTP connection
http://support.microsoft.com/?id=886621

After doing that, the SBS Server is successfully configured as a VPN
Server. The next step is to configure the VPN connection on the remote XP
client. Please follow the instructions in this KB article:

How to configure a VPN connection to your corporate network in Windows XP
Professional
http://support.microsoft.com/default.aspx?scid=KB;EN-US;305550

Then will you be able to establish the VPN connection?

If the problem persists, we may need to perform a deep investigation:
Please use PPTP Ping to test if 1723 port and GRE protocol are allowed to
pass through. To do so:
a. Please run Pptpsrv.exe on the server side.
b. Run Pptpclnt.exe [ServerNameorIPaddress] on remote client.
c. When prompted by Pptpclnt.exe, type some text to send to Pptpsrv.exe,
and then click Enter.
d. You will see the text received at the host running Pptpsrv.exe. Then you
will see five GRE packets sent from Pptpclnt.exe and received at
Pptpsrv.exe.
Provide me with the output for reference.
NOTE: PPTP Ping tools (Pptpclnt and Pptpsrv) exist in Windows XP support
tools. For your convenience, I have attached the file within this reply.
NOTE: You should stop the Routing and Remote Access service on the RRAS
(VPN) server so that PPTPSRV can bind to port 1723

Basically, we will use PPTP Ping utility to determine whether any hardware
router or firewall is blocking GRE Protocol 47. The router must be able to
pass Generic Route Encapsulation (GRE) protocol 47 for PPTP traffic to
connect correctly to use VPN. When a cable/DSL router cannot map GRE
protocol 47 to the Routing and Remote Access server, you cannot connect to
the server from the Internet.

In addition, I would like to ask some additional questions:
1. Can you establish the VPN connection from the internal client?

2. I notice that you have installed ISA Server on the SBS box. Which
version is the ISA Server?

3. When did the problem occur? Did the VPN connection ever work before? If
so, what changes have been made to the SBS Server?

Note: The KB Article 245476 you mentioned is for L2TP/IPSec VPN connection,
since you are using the PPTP connection, please safely ignore it.

I appreciate your time and cooperation.
Hope the above information helps, please feel free to let me know if there
is anything I can do for you.

Have a nice day! :)

Best Regards
Edward Tian(MSFT)
Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| NNTP-Posting-Date: Tue, 11 Oct 2005 11:34:12 -0500
| From: "Tom Walker" <twalker@xxxxxxxxxxxxxxxxxxxxxxxx>
| Newsgroups: microsoft.public.windows.server.sbs
| Subject: Remote Access and ISA Server in SBS 2003?
| Date: Tue, 11 Oct 2005 17:32:59 +0100
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
| X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
| X-RFC2646: Format=Flowed; Original
| Message-ID: <hfednexQD5gZdNbenZ2dnUVZ8qudnZ2d@xxxxxxxxx>
| Lines: 24
| NNTP-Posting-Host: 81.179.30.19
| X-Trace:
sv3-QbeoXMUIwHh1xi4MZBQykgCkzUUWfhghdfopcxObNWXtHHfHySrGuy06Uue+ayAKWevTIbNQ
C6QdU9d!4vwTUmD3wcE6DG7TsyjvC61E/ZWY0FAFOl9wF58STpLs28q4KScz/HLoUgQN4GepOxJg
RK3ylUK/!pGssg38B7ZiE0PKTIyPNlZ0F
| X-Complaints-To: abuse@xxxxxxxxxxxxx
| X-DMCA-Complaints-To: abuse@xxxxxxxxxxxxx
| X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers
| X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your
complaint properly
| X-Postfilter: 1.3.32
| Path:
TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA03.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.
sul.t-online.de!t-online.de!border2.nntp.dca.giganews.com!border1.nntp.dca.g
iganews.com!nntp.giganews.com!local01.nntp.dca.giganews.com!nntp.pipex.net!n
ews.pipex.net.POSTED!not-for-mail
| Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:212021
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| I'm in the last stages (i hope) of testing a new SBS 2003 server created
| using Jeff Middleton's SwingIT method (from SBS 4.5).
|
| One of the last tasks prior to scheduling the live switch-over is to get
the
| VPN working again with a small number of home-based clients using the
same
| Router/DSL modem that's working on the SBS 4.5 setup (unplug/replug).
|
| When I try to connect a VPN client to SBS 2003, the client gets an 800
| message - "unable to establish VPN...unable to contact server or
| security..." message. However, I also get a System event logged in the
SBS
| 2003 box - Remote/Access 20192 (I think I can clear this by applying MS
| Article 245476). Does that suggest I'm getting through?
|
| I've got the User and Computer set up to allow dial-in.
|
| Any guidance on how to establish wher it's getting stopped would be very
| much appreciated.
|
| Many thanks
|
| Tom Walker
|
|
|
|

.

---

• Prev by Date: Re: SQL Serer 2000 update keeps coming up
• Next by Date: Re: email to AOL
• Previous by thread: WSS SP2 install fails on SBS->Transition Pack machine
• Next by thread: RE: Remote Access and ISA Server in SBS 2003?
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: Remote Office Configuration Suggestions? ... The additional DC at the remote site, could not be the SBS server, as you ... Microsoft CSS Online Newsgroup Support ... (microsoft.public.windows.server.sbs) Re: Unable to Connect to Server/Client Desktop using RWW ... Please post the results of an ipconfig /all for the sbs server. ... I did another test after turning off the firewall on the remote. ... If port 4125 was not forwarded on the sbs machine, ... (microsoft.public.backoffice.smallbiz) Re: Remote Desktop Problem ... connectivity issues in SBS Server: ... This newsgroup only focuses on SBS technical issues. ... |> this computer on the Remote tab of properties of My Computer on SBS ... (microsoft.public.windows.server.sbs) RE: Cannot Connect via remote desktop ... please ensure the domain name vpn.XXX.co.uk resolve to the ... As you want to connect the SBS via VPN, I suggest you also perform the ... select Disable Routing and Remote ... You have to rerun the CEICW to make sure your SBS 2003 server have right ... (microsoft.public.windows.server.sbs) RE: Adding a Remote Office Domain Controller ... For licensing question, the SBS 2003 supports the branch office scenario. ... We need configure licensing on the Windows DC server in the remote site. ... (microsoft.public.windows.server.sbs)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)