RE: VPN issue

---

• From: v-crinal@xxxxxxxxxxxxxxxxxxxx ("Crina Li")
• Date: Thu, 01 Dec 2005 03:21:49 GMT

---

Hi Connor,

Thank you for posting in SBS newsgroup.

>From your description, my understanding on this issue is: you cannot
establish the VPN connection to the SBS server by using the 'Connection
manager' from external clients. If I have misunderstood your concern,
please do not hesitate to let me know.

The error code indicated "Unable to establish the VPN connection. The VPN
server may be unreachable, or security parameters may not be configured
properly for this connection". In most cases, the problem could be caused
because the server address information was not properly configured in the
remote access wizard or the relevant ports are not opened on firewall.

To narrow down the problem, would you please help me confirm the following
information?

1. Do you have ISA installed on the SBS server? If so, is it ISA 2000 or
ISA 2004?
2. Have you run the CEICW and selected Virtual Private Networking (VPN) in
the Services Configuration page?
3. What's the VPN server name you entered when you ran the Remote Access
Wizard? Can you ping that name from the external client? The VPN server
name should be the public FQDN or the public IP address of the SBS server.
If not, you may want to rerun the Remote Access Wizard with the correct
FQDN (or IP address) and then rerun the Create Remote Connection Disk,
download and reinstall Connection Manager on the VPN clients. To do so:

1) Click Start and then click Server Management.
2) Select Internet and E-mail, and then click Configure Remote Access in
the right pane.
3) On the VPN Server Name dialog, type the fully qualified host name used
to access your server from the Internet or the external IP address of the
router in the "Server name" box.
4) After you finished the wizard, run the Create Remote Connection Disk
wizard.
5) On the VPN clients, log on to the RWW, download Connection Manager and
reinstall it.

4. Is there a hardware router/firewall installed in front of the SBS
server? If so, ensure that the port forwarding for TCP 1723 and GRE port
(protocol number 47) are opened. PPTP VPN is negotiating a connection on
TCP port 1723 and send data to and from the PPTP server using the GRE
protocol (IP Protocol 47, 0x2F if you are looking in Network Monitor). You
should open port 1723 on the router/firewall and also make sure IP Protocol
47 is allowed.

If you still cannot establish the VPN connection from the laptop, please
help to collect the following information for troubleshooting the problem:

1. How many NICs on your SBS?
2. Can you create VPN to SBS through new connection wizard on My Network
Places on external client?
3. Get the IPCONFIG /ALL results when Creating VPN on client computer and
SBS.
4. Can you ping the server name and IP from the problematic client?
5. Would you please post a screen shot to newsgroup?
6. In addition, you may test as following: connect a workstation between
the external side of the SBS server and the router, then configure it with
the proper IP settings to match the subnet on that side of the server and
try to see if you can VPN by using the external IP of the SBS server on
this case (and not the public IP on the router), if this works, then the
problem would lie somewhere on the router or the Internet route, but if it
fails, then we have something to start working on from the server side.

Also, you may try connecting to SBS using VPN in another external location
to test if the problem exists.

More infroamtion:

886621 You receive an "Unable to establish the VPN connection" error message
http://support.microsoft.com/?id=886621

323441 How To Install and Configure a Virtual Private Network Server in
Windows
http://support.microsoft.com/?id=323441

323381 How to Allow Remote Users to Access Your Network in Windows Server
2003
http://support.microsoft.com/?id=323381

HOW TO: Turn On and Configure Inbound VPN Access in SBS 2000 -
http://support.microsoft.com/?id=320697.

I appreciate you taking the time to gather the information above; it is
very important for us to narrow down the cause of the problem.

Hope the information help and I look forward to your reply.

Best regards,

Crina Li (MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.

=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: VPN issue
From: =?Utf-8?B?Q29ubm9y?= <connor@xxxxxxxxx>
| Subject: VPN issue
| Date: Wed, 30 Nov 2005 16:07:02 -0800
| | Newsgroups: microsoft.public.windows.server.sbs
| |
| I want to connect to the SBS box using PPTP VPN. We can connect from LAN
| computers. When I connect to SBS from outside computers, I receive error
800
| and cannot establish the connection. I am using the Connection Manager
| downloaded from RWW site. Any help is much appreciated!
|
| Connor
|

.

---

• Prev by Date: RE: Second domain with recipient policy
• Next by Date: RE: Send mail as an user
• Previous by thread: Newbie! Can't Exchange / Remote Desktop?
• Next by thread: RE: Send mail as an user
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: VPN Newbie Question ... I am using Vista Home Premium, I do have an established connection and IP from the server. ... I understand that you unable to logon SBS ... As you establish the VPN from remote client to your hardware firewall, ... (microsoft.public.windows.server.sbs) RE: VPN ... Thank you for posting in SBS newsgroup. ... establish the VPN connection to the SBS server by using the 'Connection ... The error code indicated "Unable to establish the VPN connection. ... (microsoft.public.windows.server.sbs) Re: VPN Newbie Question ... edition on mobile clients to join to SBS domain at LAN. ... Meanwhile, I suggest you running your SBS with single NIC, since your VPN ... established connection and IP from the server. ... How to configure Internet access in Windows Small Business Server 2003 ... (microsoft.public.windows.server.sbs) Re: Some Questions ... you may need to follow the steps below to configure VPN access ... And make sure you have typed the public FQDN of the SBS ... server on the Web Server Certificate page. ... log in and download Connection Manager. ... (microsoft.public.windows.server.sbs) RE: OpenVPN + ISA/SBS ... I understand that you want to set up VPN ... Based on my research, SBS with ISA has its own VPN component, I suggest we ... try the following steps to set up VPN connection from remote client to SBS: ... You have to rerun the CEICW to make sure your SBS 2003 server have right ... (microsoft.public.windows.server.sbs)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.sbs  > 2005-12