Re: VPN not available until a reboot

From: Joe <joe@xxxxxxxxxxxxxx>
Date: Sat, 20 May 2006 22:52:24 +0100

mhollmann wrote:

Hi Bob,

no, there are no errors displayed. Any hint which service i have to restart for the vpn service?

Almost certainly, Routing and Remote Access is the one you want. This
is almost entirely responsible for VPN.

What you might want to try is to enable maximum logging. In Server
Management, Advanced, Computer, Services, right click on RRAS and
open properties. In Logging, enable everything and also tick the
'Log additional..' box. As stated, the results will appear in
Windows\tracing.

There are a lot of files produced, and a lot of information logged,
and I have not yet found a good resource on interpreting them. You
might try studying times of attempted accesses, and one of the files
might inadvertently let slip a clue or two.

Also have a look through your router's configuration to see if there
are any logging options. Any information you can get may help. I
assume you are using the simpler VPN option, PPTP. This uses two
separate data channels. Initially, a connection is opened using TCP
port 1723, and various negotiations occur about encryption and
authentication. After this, a Generic Routing Encapsulation channel,
which is IP *protocol* 47, is set up to carry the actual data. If
the TCP connection works, then the client will report a successful
connection. If authentication then fails, almost certainly GRE is
not getting through.

I've seen SBS refuse VPN connections for no reason that I could find,
even in the RRAS tracing logs. But it has happened quite rarely,
whereas it sounds as if you're seeing it fairly often.
.

References:
- Re: VPN not available until a reboot
  - From: Robert L [MS-MVP]

Prev by Date: Re: Premium SQL Sharepoint to Standard MSDE Sharepoint?
Next by Date: Re: Windows Server Product key
Previous by thread: Re: VPN not available until a reboot
Next by thread: Re: VPN not available until a reboot
Index(es):
- Date
- Thread

Relevant Pages

Re: Cannot authenticate when using VPN
... I created my own VPN icon and am able to successfully connect, but when "verifying ID and password" it times out after about 15 seconds with the error: error 721; the remote computer did not respond. ... I checked the server error log and I have the following error: the user connected to port VPN5-4 has been disconnected because the authentication process did not complete within the required amount of time. ... I am able to create a VPN connection on the server and connect successfully using the external FQDN so I know I can connect, ... This requires both TCP port 1723 and the GRE protocol to be forwarded from the SBS network router to the SBS NIC. ...
(microsoft.public.windows.server.sbs)
Re: IAS VPN authentication only grants access to domain if user has certificate
... authenticate a certificate against AD? ... So my question is at what point does the VPN connection use ...
(microsoft.public.internet.radius)
RE: PPTP VPN connection problems
... Since you want to contact your local MS support for help, ... Additional, you can establish the VPN connection from internal client, that ... | A ping to the server would result in "Request timed out". ...
(microsoft.public.windows.server.sbs)
RE: PPTP VPN connection problems
... But I do not think it is in the ADSL router itself. ... They do not say it but maybe they prohibit VPN connections ... fix IP for my connection – PPPoE/PPPoA) subscription at belgacom in Belgium ... | A ping to the server would result in "Request timed out". ...
(microsoft.public.windows.server.sbs)
Re: VPN Client
... Thanks for the help on losing the remote connection when you connect to VPN. ... Regarding the router port forward issue, you should point the port 1723 to ...
(microsoft.public.windows.server.sbs)