RE: VPN and SBS2003...
- From: v-crinal@xxxxxxxxxxxxxxxxxxxx ("Crina Li")
- Date: Thu, 03 Aug 2006 04:54:59 GMT
Hi Jerzy,
Thank you for posting in SBS newsgroup.
To narrow down the problem, would you please help me collect the following
information?
1. How many NICs your SBS has.
2. Why you configure DHCP on router but not SBS?
As I know, you may need to follow the steps below to configure VPN access
on an SBS environment:
1. Run CEICW, follow the wizard and select Enable firewall and then make
sure Virtual Private Networking (VPN) is selected in the Services
Configuration page. And make sure you have typed the public FQDN of the SBS
server on the Web Server Certificate page.
2. Run Remote Access Wizard in Server Management\Internet and
E-mail\Configure Remote Access, and select VPN access in the Remote Access
Method page. After finishing this wizard, RRAS is configured to allow
inbound VPN access, and it can assign IP addresses to the VPN clients by
using DHCP.
Note: When we run the remote access wizard to set up the VPN service, we
need to input the public IP address or the public FQDN of the SBS server.
We need to make sure that the address can be accessed from the internet.
3. On the VPN client, go to https://publicFQDN/remote, clear I'm using a
public or shared computer, log in and download Connection Manager.
4. Install Connection Manager on the VPN client.
5. Is there a hardware router installed in front of the SBS server? If so,
ensure that the port forwarding for TCP 1723 and GRE port (protocol number
47) are opened. PPTP VPN is negotiating a connection on TCP port 1723 and
send data to and from the PPTP server using the GRE protocol (IP Protocol
47, 0x2F if you are looking in Network Monitor). You should open port 1723
on the router and also make sure IP Protocol 47 is allowed.
From the RRAS log, I find the following errors:
=======
*** Running IExpress to build the package returned ERROR 80004005
*** ERROR: Cannot delete temp directory CMPA.tmp
Specifying error location (in CMAK) returned OK
*** CRRASCommit::CommitCMAK returned ERROR 80004005
*** CRRASCommit::CommitEx returned ERROR 80004005
======
It looks that the RRAS wizard failed to create the CMAK package:
sbspackage.exe in the clientapps directory. So I would like to know if you
have moved the Clientapps folder to other location.
Based on my experience, this issue may occur if:
1. The Clientapps directory is moved to other location.
2. You applied Windows Server 2003 SP1 but SBS SP1.
Regarding the ClientApps Directory
===========================
This issue will occur if the clientapps directory is pointing to an invalid
location. So, I would like to know if you have moved the Clientapps
directory to other location.
While we can moving Clietnapps directory to other location, we need at last
change the following key to set the new path:
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SmallBusinessServer\clientsetup"
Please refer to:
830254 How to move the client programs folder to another location in Windows
http://support.microsoft.com/?id=830254
So, if you have moved the ClientApps, please double check the registry key
followed by the article Q830254 to make sure that ClientAppsRoot value has
the correct data.
Regarding the Windows Server 2003 SP1
================================
This issue will also occur if you applied Windows Server 2003 SP1 but the
SBS SP1 or if the SBS SP1 did not finish the installation. If that is the
case, please make sure that you downloaded and installed the SBS SP1.
Details:
======
We have identified known problems with RRAS when applying only Windows
Server 2003 SP1 on SBS 2003. To resolve the issue, we must apply SBS 2003
SP1.
So, if only Windows Server 2003 SP1 is installed, I suggest that you
uninstall the SP1, install the full SBS SP1 and run the RRAS wizard again.
To uninstall Windows Server 2003 SP1
1. Click Start, point to Control Panel, and then click Add or Remove
Programs.
2. In the Add or Remove Programs dialog box, select Windows Server 2003
Service Pack 1, and then click Remove.
3. In the Windows Server 2003 Service Pack 1 Removal Wizard, click Next to
uninstall the service pack.
To run the Remote Access Wizard
1. If necessary, open Server Management by clicking Start, and then
clicking Server Management.
2. In the console tree, click Internet and E-mail.
3. In the details pane, click Configure Remote Access.
4. Follow the instructions on the screen to complete the wizard.
Additional Info:
=============
You can download SP1 from
http://www.microsoft.com/windowsserver2003/sbs/downloads/sp1/default.mspx
I would suggest you browse to the following web pages and refer to its
instructions to get SBS 2003 SP1 installed:
http://download.microsoft.com/download/e/0/f/e0fee8ce-768d-41c0-8871-9bc48e0
b3fc3/ToDownLoadFilesandReadInstructions.htm
Useful Articles about installing SP1:
What's New for Windows SBS 2003 with Service Pack 1
http://www.microsoft.com/downloads/details.aspx?familyid=B5846A14-F306-41F0-
9D1F-97F615E62ADF&displaylang=en
Windows Small Business Server 2003 with Service Pack 1 Getting Started Guide
http://www.microsoft.com/downloads/details.aspx?displaylang=en&familyid=483b
6e22-8ed2-420b-915e-96d469347fb2
Installation Instructions for Service Pack 1 for Windows Small Business
Server 2003
http://www.microsoft.com/downloads/details.aspx?FamilyID=D56A7675-27C1-445B-
A61F-007A30852AC6&displaylang=en
After SBS 2003 SP1 is installed, re-run CEICW and then run the Configure
Remote Access wizard.
At the meanwhile, I suggest that you refer to following article to manually
configure RRAS Service:
323441 How To Install and Configure a Virtual Private Network Server in
Windows
http://support.microsoft.com/?id=323441
320697 HOW TO: Turn On and Configure Inbound VPN Access in Small Business
http://support.microsoft.com/?id=320697
(The steps also apply to SBS 2003.)
Hope the above information help.
I appreciate your time and look forward to hearing from you.
Best regards,
Crina Li (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Date: Wed, 02 Aug 2006 15:39:37 +0200
| From: Jerzy <jksoft@xxxxx>
| | Subject: VPN and SBS2003...
| | Newsgroups: microsoft.public.windows.server.sbs
||
| Hello all SBS2003 users and profs,
|
| I have a problem with defining a remote access via VPN to SBS2003
| server. I use the standard Wizard from the "List to do" and set the
| following values:
| 1. Turn on a remote access / Access via VPN
| 2. Use DHCP protocol... Address IP of DHCP server: 192.168.0.1 (I use a
| router to access Internet and this is an IP address of the router, DHCP
| server is on the router)
| 3. A name of VPN server: JK-SERVER.JK.PL (the server name is JK-SERVER,
| the domain name is JK.LOCAL and JK.PL is a registered domain of a
company).
|
| Finishing the wizard after a few minutes i get the error message: "An
| error occurs when creating a configuration packet of Manager of
| connection" (Thi is an english translation of the message).
|
| The last few lines in a file rraslog.txt are as follows:
|
| Updating CMP template returned OK
| Updating CMS template returned OK
| Updating SED template returned OK
| Creating proxy configuration file returned OK
| *** Running IExpress to build the package returned ERROR 80004005
| *** ERROR: Cannot delete temp directory CMP64.tmp
| Specifying error location (in CMAK) returned OK
| *** CRRASCommit::CommitCMAK returned ERROR 80004005
| *** CRRASCommit::CommitEx returned ERROR 80004005
|
| What is the problem in? Thanks in advance for any help.
| Jerzy
|
.
- References:
- VPN and SBS2003...
- From: Jerzy
- VPN and SBS2003...
- Prev by Date: Re: SBS 2003 secondary dc/server
- Next by Date: SATA RAID recommendations
- Previous by thread: VPN and SBS2003...
- Next by thread: RE: VPN and SBS2003...
- Index(es):
Relevant Pages
|
