RE: VPN error with sbs2003 and isa 2000 installed
- From: v-edtian@xxxxxxxxxxxxxxxxxxxx (Edward Tian)
- Date: Tue, 25 Oct 2005 02:37:29 GMT
Hi:
Thank you for posting here.
>From your description, I understand that when you try to establish a VPN
connection from a remote client, the connection terminated in the process
of verifying the password and you received an error 721. If I am off base,
please feel free to let me know.
Based on my knowledge, such kind of problem is usually caused by GRE packet
not properly being allowed on a router.
You receive an "Error 721" error message when you try to establish a VPN
connection through your Windows Server-based remote access server
http://support.microsoft.com/default.aspx?scid=KB;EN-US;888201
Before we go any further, can I assume that you have already run the CEICW
(configure e-mail and internet connection wizard) to configure the SBS
internet settings? Open Server Management console and navigate to 'To Do
List'. Click 'Connect to the Internet' and you will see the wizard. More
info:
825763 How to configure Internet access in Windows Small Business Server
2003
http://support.microsoft.com/?id=825763
Open Routing and Remote Access console. Right-click the Server Name and
choose 'Disable Routing and Remote Access' option. This option will remove
all current RRAS configurations and stop the service. After doing this,
open Server Management console and navigate to 'Internet and E-mail'
snap-in. Click 'Configure Remote Access' to enable the VPN service. Will
the problem be resolved?
To verify whether the hardware router is the root cause, please do the
following steps:
a. Please temporarily place a client directly connected to the external NIC
of the SBS Server. You can connect the external network adapter of the SBS
Server to a simple hub and connect the client to the same hub.
b. Manually configure the TCP/IP settings on the client computer to be on
the same subnet as the external network adapter of the SBS Server. (Point
the default gateway to the external NIC of the SBS box)
c. Turn off the Firewall Client on the client computer.
d. Configure the VPN connection on the client and do a VPN test.
If the above test works fine, it reveals that the traffic is blocked by the
hardware router.
We can also use the PPTP Ping utility to test if 1723 port and GRE protocol
are allowed to pass through. To do so:
a. Please run Pptpsrv.exe on the server side.
b. Run Pptpclnt.exe [ServerName or IPaddress] on remote client.
c. When prompted by Pptpclnt.exe, type some text to send to Pptpsrv.exe,
and then click Enter.
d. You will see the text received at the host running Pptpsrv.exe. Then you
will see five GRE packets sent from Pptpclnt.exe and received at
Pptpsrv.exe.
Provide me with the output for reference.
NOTE: PPTP Ping tools (Pptpclnt and Pptpsrv) exist in Windows XP support
tools. For your convenience, I have attached the file within this reply.
NOTE: You should stop the Routing and Remote Access service on the RRAS
(VPN) server so that PPTPSRV can bind to port 1723.
Basically, we will use PPTP Ping utility to determine whether any hardware
router or firewall is blocking GRE Protocol 47. The router must be able to
pass Generic Route Encapsulation (GRE) protocol 47 for PPTP traffic to
connect correctly to use VPN. When a cable/DSL router cannot map GRE
protocol 47 to the Routing and Remote Access server, you cannot connect to
the server from the Internet.
More information about GRE 47:
GRE Protocol 47 Packet Description and Use
http://support.microsoft.com/default.aspx?scid=KB;[LN];241251
If problem doesn't reside in the router side, we may need a further
investigation. Please help me collect the following information:
1. How many external Nics does your server have? If you have multiple
external adapters on your server, you should refer to this article:
PPTP clients cannot connect to a PPTP server that has multiple IP addresses
http://support.microsoft.com/default.aspx?scid=KB;EN-US;271731
2. What changes have been made to the SBS Server when the error occurred?
Did the VPN connection ever work?
3. Please type ipconfig/all from the command prompt from both the SBS
Server and remote client, and post the output back in the reply.
I appreciate you taking time to perform the test. Please feel free to let
me know if you have any questions or concerns.
Have a nice day! :)
Best Regards
Edward Tian(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: VPN error with sbs2003 and isa 2000 installed
| thread-index: AcXYnKmbEn9A7WakRBesZA24OEAP+A==
| X-WBNR-Posting-Host: 220.234.174.46
| From: =?Utf-8?B?bm9zcGFt?= <nospam@xxxxxxxxxxxxxxxxxxxxxxxxx>
| Subject: VPN error with sbs2003 and isa 2000 installed
| Date: Mon, 24 Oct 2005 06:13:02 -0700
| Lines: 6
| Message-ID: <DDA0FF07-828B-4BA1-9017-F736FE5AD3D2@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:164002
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| I cannot VPN to my SBS Server. It failed at verifying the
username/password.
| I received error 721. The Server is functioning well with SBS/ISA 2000
| installed. I have opened port 1723 and 47 on the router. I am new to SBS
and
| hoping some one else can help me.
|
| Thanks!
|
.
- Prev by Date: Re: Whats missing on DDNS?
- Next by Date: RE: SBS2003 Standard - managing the SQL installation?
- Previous by thread: Re: Userenv 1054 error on sbs2003 server
- Next by thread: RE: SBS2003 Standard - managing the SQL installation?
- Index(es):
Relevant Pages
|
Loading
