RE: VPN Connection Problems
- From: Michael Rudnick <news@xxxxxxxxxxxxxxxxx>
- Date: Tue, 17 Jan 2006 14:25:41 -0800
We are going to the client's office tomorrow and will use these suggestions
to see if we can get it working properly.
Thanks for your help.
--
Michael Rudnick
news@xxxxxxxxxxxxxxxxx
v-crinal@xxxxxxxxxxxxxxxxxxxx ("Crina Li") wrote in
news:HCdA0hPFGHA.3944@xxxxxxxxxxxxxxxxxxxxx:
> Hi Michael,
>
> Thank you for posting in SBS newsgroup.
>
> I am sorry for the delayed response due to weekend. Please understand
> that the newsgroups are staffed weekdays by Microsoft Support
> professionals to answer your systems and applications questions. Your
> understanding is greatly appreciated!
>
> From the description, I understand the issue to be: you have set up
> the VPN from WAN to LAN, and you have a router on WAN network,
> however, you can not ping anything on the SBS network from WAN. If I
> have misunderstood your concerns, please do not hesitate to let me
> know.
>
> Generally, you may follow the steps below to configure VPN access on
> an SBS environment:
>
> 1. Run CEICW, follow the wizard and select Enable firewall and
> then make sure Virtual Private Networking (VPN) is selected in the
> Services Configuration page. And make sure you have typed the public
> FQDN of the SBS server on the Web Server Certificate page.
> 2. Run Remote Access Wizard in Server Management\Internet and
> E-mail\Configure Remote Access, and select VPN access in the Remote
> Access Method page. After finishing this wizard, RRAS is configured to
> allow inbound VPN access, and it can assign IP addresses to the VPN
> clients by using DHCP.
>
> Note: When we run the remote access wizard to set up the VPN
> service, we
> need to input the public IP address or the public FQDN of the SBS
> server. We need to make sure that the address can be accessed from the
> internet.
>
> 3. On the VPN client, go to https://publicFQDN/remote, clear I'm
> using a public or shared computer, log in and download Connection
> Manager. 4. Install Connection Manager on the VPN client.
>
> If there is a hardware router/firewall installed in front of the SBS
> server please make sure that the port forwarding for TCP 1723 and GRE
> port (protocol number 47) are opened. PPTP VPN is negotiating a
> connection on TCP port 1723 and send data to and from the PPTP server
> using the GRE protocol (IP Protocol 47, 0x2F if you are looking in
> Network Monitor). You should open port 1723 on the router/firewall and
> also make sure IP Protocol 47 is allowed.
>
> If you have followed the above steps, please try the following to see
> if it helps:
>
> As I know, there is a known issue when you are using the ISA Server
> 2000 on the SBS Server. If that is the case, please call PSS to obtain
> and apply the hotfix to see if the problem can be resolved:
>
> 897651 VPN clients can no longer access internal resources after you
> install Windows Server 2003 Service Pack 1 on a computer that is
> running ISA Server 2000
> http://support.microsoft.com/default.aspx?scid=kb;EN-US;897651
>
> If it does not help, please check the following settings:
>
> 1. Make sure that you have selected Enable NetBIOS over TCP/IP and
> the Computer Browser service on remote computer and SBS as following:
>
> 1) Right click My Network Places and select Properties.
> 2) Right click Local Area Connection (client computer)/Network
> Connection (server) and select Properties.
> 3) Click Internet Protocol (TCP/IP) and high light it. Click
> Properties. 4) On the General tab, click Advanced. Go to WINS tab.
> 5) Make sure that you select Enable NetBIOS over TCP/IP.
> 6) Click OK twice and close all the windows.
>
> For detailed information, please refer to the following KB
> article:
>
> 827603 Remote users cannot see a Windows Small Business Server
> 2003
> computer in
> http://support.microsoft.com/?id=827603
>
> 318030 You cannot access shared files and folders or browse
> computers in
> the
> http://support.microsoft.com/?id=318030
>
> 2. Make sure the TCP/IP NetBIOS Helper service and the Server
> service and Workstation service are running on SBS, LAN and remote
> computer. You may check them through running Services.msc.
> 3. Check WINS:
>
> 1) Open WINS console in the SBS Administrative Tools.
> 2) Make sure that the service is started.
>
> 4. Check Computer Browser on SBS and remote network:
>
> 1) Open Services console in the SBS Administrative Tools.
> 2) In the right pane, make sure that the "Computer Browser"
> service is started and the startup type is "Automatic".
> 3) Check the same settings on all client computers and make sure
> that the "Computer Browser" service is stopped and the startup type is
> "Disabled".
>
> 5. Please disable ICF in your remote computer. To do so:
>
> 1) Click Start, and then click My Network Places.
> 2) Under Network Tasks, click View Network Connections.
> 3) Right-click the connection that you use for the Internet, and
> then click Properties.
> 4) Click the Advanced tab.
> 5) Click to clear the "Protect my computer and network by limiting
> or preventing access to this computer from the Internet" check
> box.
>
> For detailed information, please refer to the following KB
> article:
>
> 298804 Internet firewalls can prevent browsing and file sharing
> http://support.microsoft.com/?id=298804
>
> If the problem still occurs, please help me collect the following
> information:
>
> 1. Can you ping the SBS server by its NetBIOS name (ping
> servername)? 2. Can you ping the SBS server's internal IP address?
> 3. What happens if you run the following command on the remote
> client:
>
> net use Z: \\SBS_Server_Name\Shared_Folder_Name
>
> 4. Can you ping a LAN workstation using its NetBIOS name and IP
> address?
>
> ping workstation_name
> ping workstation_IP
>
> 5. How many network adapters did you install on the SBS server?
> 6. Can you describe the detailed network diagram for me and the
> detailed article you have followed in smallbizserver.net?
> 7. Please post an ipconfig/all result form SBS and remote computer
> when the VPN is created.
> 8. Is everything OK if you manually create a VPN connection to the
> SBS server? To do so, see:
>
> 314076 How to configure a connection to a virtual private network
> (VPN) in http://support.microsoft.com/?id=314076
>
> 305550 How to configure a VPN connection to your corporate
> network in
> Windows XP Professional
> http://support.microsoft.com/default.aspx?scid=kb;EN-US;305550
>
> More information:
>
> 323381 How to Allow Remote Users to Access Your Network in Windows
> Server 2003
> http://support.microsoft.com/?id=323381
>
> 323441 How To Install and Configure a Virtual Private Network Server
> in Windows
> http://support.microsoft.com/?id=323441
>
> I am appreciated your time and look forward to hearing from you.
>
> Best regards,
>
> Crina Li (MSFT)
>
> Microsoft CSS Online Newsgroup Support
>
> Get Secure! - www.microsoft.com/security
>
> =====================================================
> This newsgroup only focuses on SBS technical issues. If you have
> issues regarding other Microsoft products, you'd better post in the
> corresponding newsgroups so that they can be resolved in an efficient
> and timely manner. You can locate the newsgroup here:
> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>
> When opening a new thread via the web interface, we recommend you
> check the "Notify me of replies" box to receive e-mail notifications
> when there are any updates in your thread. When responding to posts
> via your newsreader, please "Reply to Group" so that others may learn
> and benefit from your issue.
>
> Microsoft engineers can only focus on one issue per thread. Although
> we provide other information for your reference, we recommend you post
> different incidents in different threads to keep the thread clean. In
> doing so, it will ensure your issues are resolved in a timely manner.
>
> For urgent issues, you may want to contact Microsoft CSS directly.
> Please check http://support.microsoft.com for regional support phone
> numbers.
>
> Any input or comments in this thread are highly appreciated.
>
> =====================================================
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights. --------------------
>| Subject: VPN Connection Problems
>| From: Michael Rudnick <news@xxxxxxxxxxxxxxxxx>
>|| Newsgroups: microsoft.public.windows.server.sbs
>| Date: Fri, 06 Jan 2006 13:11:51 -0800
>| |
>| I'm having trouble with VPN on a SBS 2003 Premium server. ISA is
> installed
>| on the server.
>|
>| I have set up the network according the the notes in
>| smallbizserver.net.
> We
>| have a LAN (192.168.16.x) and WAN (192.168.0.x). There is a router on
>| the network as well. I have run the ICW and Remote Access wizards. I
>| am able
> to
>| obtain a connection but cannot ping anything on the network,
>| including
> the
>| server. I correctly obtain an IP address from the server.
>|
>| I compared this setup to another SBS server (at another location) and
> can't
>| find any differences. Yet at the other location I can ping the server
>| and establish a Remote Desktop Connection to the server.
>|
>| I've combed through the settings in ISA and RRAS to see if there is
>| anything obvious and can't find anything. Any suggestions on where to
> look?
>|
>| --
>| Michael Rudnick
>| news@xxxxxxxxxxxxxxxxx
>|
>
>
.
- Follow-Ups:
- RE: VPN Connection Problems
- From: "Crina Li"
- RE: VPN Connection Problems
- References:
- VPN Connection Problems
- From: Michael Rudnick
- RE: VPN Connection Problems
- From: "Crina Li"
- VPN Connection Problems
- Prev by Date: Re: NTDS SDPROP eventID: 2008
- Next by Date: Re: Upgrade from SBS 2000 Prem to SBS 2003 Prem leaves system unusable
- Previous by thread: RE: VPN Connection Problems
- Next by thread: RE: VPN Connection Problems
- Index(es):
Relevant Pages
|
Loading
