RE: VPN issue on SBS2003
- From: v-chayan@xxxxxxxxxxxxxxxxxxxx ("Charles Yang [MSFT]")
- Date: Tue, 27 Dec 2005 01:51:06 GMT
HI Danno,
Welcome to SBS newsgroup.
Issue description:
============
I understand that you encountered VPN connection issue when you use VPN to
connect to SBS.
Analyzing and suggestion:
=============
Before we go any further, please do not forget to open the GRE protocol on
the hardware router.
According to your post, I understand that the VPN failed with error 800
error message. If I am off-base on that, please let me know.
First of all, I would like to know the following info:
1. If there is ISA Server installed.
2. Did you run the CEICW wizard?
3. Did you run the "Remote Access" Wizard?
4. Where did you get the error message? Are you VPN to the SBS Server from
Internet clients or VPN to external VPN Server from SBS Client computers?
If there is ISA Server installed, this issue may occur because the
Configure E-mail and Internet Connection Wizard (sometimes known as CEICW)
does not enable PPTP connections through the Microsoft Internet Security
and Acceleration (ISA) firewall.
So, no matter if you have ISA Server installed, I suggest that you refer to
the following to see if it helps.
Note Use Method 1 if you want to enable remote access when your client
computers connect to your server over the Internet. Use Method 2 if your
internal LAN clients must access a remote PPTP VPN Server.
Method 1
--------
1. On the Small Business Server 2003-based server, click "To Do List" in
the left pane of the "Server Management" console.
2. Under "Network Tasks", click "Configure Remote Access".
3. Click "Next", click "Enable Remote Access", click to select the "VPN
Access" check box, and then click "Next".
4. Type the fully qualified public domain name (FQDN) of your server, click
"Next", and then click "Finish".
5. When the wizard is completed, click "Close".
Method 2
--------
1. Start the ISA Management program, and then click "Access Policy".
2. Right-click "IP Packet Filters", and then click "Properties".
3. On the "General" tab, click to select the "Enable IP Routing" check box.
4. On the "PPTP" tab, click to select the "PPTP through ISA firewall" check
box.
For more info, please refer to:
886621 You receive an "Unable to establish the VPN connection" error
message
http://support.microsoft.com/?id=886621
If there is External router setup between the SBS Server and the Internet,
this may be related to the outdated firmware. You need to contact the
Vendor to update the firmware. See:
319108 Error Message: VPN Connection Error 800: Unable to Establish
Connection
http://support.microsoft.com/?id=319108
4. PPTP test:
===========
a. On SBS Server 2003, open Routing and Remote Access console, right click
the RAS Server, select "All Tasks" -> Stop. (You can start it after the
test), copy the Pptpsrv.exe from Windows XP client computer to C:\
partition on SBS Server. Then run the Pptpsrv.exe from command prompt.
Note: If there is ISA Server installed on the SBS Server, you do not need
to stop the Routing and Remote Access Server.
b. Run Pptpclnt.exe [ServerNameorIPaddress] on remote Internet Windows XP
client computer.
c. When prompted by Pptpclnt.exe, type some text to send to Pptpsrv.exe,
and then click Enter.
You see the text received at the host running Pptpsrv.exe. You then see
five GRE packets sent from Pptpclnt.exe and received at Pptpsrv.exe.
Provide me with the output for reference.
NOTE: PPTP Ping tool (Pptpclnt and Pptpsrv) exist in Windows XP support
tools.
NOTE: You should stop the Routing and Remote Access service on the RRAS
(VPN) server so that PPTPSRV can bind to port 1723
Basically, we will use PPTPPing utility to determine whether any hardware
router or firewall (not only the one in front of the SBS server) is
blocking GRE Protocol 47.
The following is the example output on my test machine which did
successfully. Please compare it with the result on the Internet XP client
computer to see if GRE protocol is enabled.
>From PPTPClnt client computer:
===========
D:\Program Files\Support Tools>pptpclnt 192.168.0.1
Initializing WinSock...
Obtaining host information...
Successfully resolved server's host information
======================================
Enter data to send to server (between 1 and 255 chrs.), then hit enter:
-->test
Successfully connected to server using TCP port 1723 (PPTP)
Sending data to server
Waiting for a reply to the data which was just sent...
Received a reply. Reply contains the following text:
--->
=================================
Connectivity test to TCP Port 1723 was successful!!!
Closing down socket...
=================================
Creating a socket to test GRE protocol traffic...
Total GRE packets sent = 1
Total GRE packets sent = 2
Total GRE packets sent = 3
Total GRE packets sent = 4
Total GRE packets sent = 5
=====================================
Check server to see if the GRE packets were received successfully
=====================================
Closing down socket
Goodbye!
=========
>From PPTPSrv:
========
C:\>pptpsrv
Now you must run pptpclnt.exe on remote machine
Waiting for inbound connection on TCP port 1723...
Inbound connection from client has completed successfully!
Data received from client:
---> test
Sending the message 'Reply from server' to the client
=====================================================
Connectivity test to TCP Port 1723 was successful!!!
Closing down socket...
=====================================================
Created socket for GRE protocol test
Listening on PROTOCOL 47 for incoming GRE packets...
Total GRE packets received = 1
Total GRE packets received = 2
Total GRE packets received = 3
Total GRE packets received = 4
Total GRE packets received = 5
======================================
GRE protocol test was successful!
======================================
Closing socket
Goodbye!
========
Please let me know the result on your side. I am glad to be of assistance.
Thanks for your effort here.
Best regards,
Charles Yang (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: VPN issue on SBS2003
| thread-index: AcYKYmlOlwAfKo4EQ4Sony31a9l3Pg==
| X-WBNR-Posting-Host: 66.147.14.150
| From: "=?Utf-8?B?RGFubm8=?=" <Danno@xxxxxxxxxxxxxxxxxxxxxxxxx>
| Subject: VPN issue on SBS2003
| Date: Mon, 26 Dec 2005 13:22:01 -0800
| Lines: 4
| Message-ID: <49E6D970-BB33-4D08-836E-B244D4C691D9@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:232488
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| I have just installed a new server and everything is working great except
VPN
| from outside the office. OWA and RDP is working fine. I have the ports
1723
| PPTP port forwarded in my netgear rp614v3 router. i get a connect error
800
| when trying to connect. any ideas?
|
.
- Prev by Date: Re: Terminal Server with SBS 2K3
- Next by Date: Re: Terminal Server with SBS 2K3
- Previous by thread: Weirdness in unicode in html email
- Next by thread: RE: VPN issue on SBS2003
- Index(es):
Relevant Pages
|
