RE: VPN
- From: v-crinal@xxxxxxxxxxxxxxxxxxxx ("Crina Li")
- Date: Mon, 19 Dec 2005 03:35:04 GMT
Hi Glenn,
Thank you for posting in SBS newsgroup.
I am sorry for the delayed response due to weekend. Please understand that
the newsgroups are staffed weekdays by Microsoft Support professionals to
answer your systems and applications questions. Your understanding is
greatly appreciated!
>From your description, my understanding on this issue is: you cannot
establish the VPN connection to the SBS server by using the 'Connection
manager' from external clients. If I have misunderstood your concern,
please do not hesitate to let me know.
The error code indicated "Unable to establish the VPN connection. The VPN
server may be unreachable, or security parameters may not be configured
properly for this connection". In most cases, the problem could be caused
because the server address information was not properly configured in the
remote access wizard or the relevant ports are not opened on router.
Would you please double confirm if you have followed the steps below to
configure VPN access on an SBS environment?
1. Run CEICW, follow the wizard and select Enable firewall and then make
sure Virtual Private Networking (VPN) is selected in the Services
Configuration page. And make sure you have typed the public FQDN of the SBS
server on the Web Server Certificate page.
2. Run Remote Access Wizard in Server Management\Internet and
E-mail\Configure Remote Access, and select VPN access in the Remote Access
Method page. After finishing this wizard, RRAS is configured to allow
inbound VPN access, and it can assign IP addresses to the VPN clients by
using DHCP.
Note: When we run the remote access wizard to set up the VPN service, we
need to input the public IP address or the public FQDN of the SBS server.
We need to make sure that the address can be accessed from the internet.
3. On the VPN client, go to https://publicFQDN/remote, clear I'm using a
public or shared computer, log in and download Connection Manager.
4. Install Connection Manager on the VPN client.
5. If there is ISA Server installed, this issue may occur because the
Configure E-mail and Internet Connection Wizard (sometimes known as CEICW)
does not enable PPTP connections through the Microsoft Internet Security
and Acceleration (ISA) firewall. For more info, please refer to:
886621 You receive an "Unable to establish the VPN connection" error
message
http://support.microsoft.com/?id=886621
6. Is there a hardware router installed in front of the SBS server? If so,
ensure that the port forwarding for TCP 1723 and GRE port (protocol number
47) are opened. PPTP VPN is negotiating a connection on TCP port 1723 and
send data to and from the PPTP server using the GRE protocol (IP Protocol
47, 0x2F if you are looking in Network Monitor). You should open port 1723
on the router and also make sure IP Protocol 47 is allowed.
If you still cannot establish the VPN connection, please help to collect
the following information for troubleshooting the problem:
1. What's the VPN server name you entered when you ran the Remote Access
Wizard? Can you ping that name from the external client? The VPN server
name should be the public FQDN or the public IP address of the SBS server.
2. Can you create VPN to SBS through new connection wizard on My Network
Places on external client?
3. Get the IPCONFIG /ALL results when Creating VPN on client computer and
SBS.
4. Can you ping the server name and IP from the problematic client?
5. Would you please post a screen shot to newsgroup?
6. In addition, you may test as following: connect a workstation between
the external side of the SBS server and the router, then configure it with
the proper IP settings to match the subnet on that side of the server and
try to see if you can VPN by using the external IP of the SBS server on
this case (and not the public IP on the router), if this works, then the
problem would lie somewhere on the router or the Internet route, but if it
fails, then we have something to start working on from the server side.
Also, you may try connecting to SBS using VPN in another external location
to test if the problem exists.
More information:
319108 Error Message: VPN Connection Error 800: Unable to Establish
Connection
http://support.microsoft.com/?id=319108
323441 How To Install and Configure a Virtual Private Network Server in
Windows
http://support.microsoft.com/?id=323441
305550 How to configure a VPN connection to your corporate network in
Windows
http://support.microsoft.com/?id=305550
I appreciate you taking the time to gather the information above; it is
very important for us to narrow down the cause of the problem.
Hope the information help and I look forward to your reply.
Best regards,
Crina Li (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: VPN
| | From: "=?Utf-8?B?Z2xlbm5ncm9zc21hbg==?="
<glenngrossman@xxxxxxxxxxxxxxxxxxxxxxxxx>
| Subject: VPN
| Date: Fri, 16 Dec 2005 04:23:02 -0800
| | Newsgroups: microsoft.public.windows.server.sbs
| |
| Just setup a SBS 2003 box. Using 2 nics. Ran the wizard to connect to the
| internet and also configure remote access. I can use RWW and OWA with no
| problem. The VPN side just doesn't work. No hardware firewall is
installed. I
| ran the connection manager and it created an icon on the desktop, but
when I
| try to run it, it does not work. Messsge "unable to establish
connection".
| Error 800.
|
| Thanks in advance.
|
.
- Prev by Date: Re: Error Installing WSUS::: Cannot create Performance Category
- Next by Date: RE: SBS 2003 OWA
- Previous by thread: RE: VPN
- Next by thread: Removing SBS monitoring
- Index(es):
Relevant Pages
|
