RE: VPN Error 800
- From: v-terliu@xxxxxxxxxxxxxxxxxxxx (Terence Liu [MSFT])
- Date: Fri, 05 Jan 2007 08:07:58 GMT
Hello Robin,
Thank you for posting here.
From the description, I understand that the remote clients can notestablish the VPN connection to the SBS Server and you received an error
800 message. If I have misunderstood your concern, please do let me know.
This issue occurs because the Configure E-mail and Internet Connection
Wizard (sometimes known as CEICW) does not enable PPTP connections through
the Microsoft Internet Security and Acceleration (ISA) firewall.
1. On the Small Business Server 2003-based server, click To Do List in the
left pane of the Server Management console.
2. Under Network Tasks, click Configure Remote Access.
3. Click Next, click Enable Remote Access, click to select the VPN Access
check box, and then click Next.
4. Type the fully qualified public domain name (FQDN) of your server, click
Next, and then click Finish.
5. When the wizard is completed, click Close.
After doing that, go to the client and establish the VPN connection to the
SBS Server, you can refer to this KB article for more information:
How to configure a VPN connection to your corporate network in Windows XP
Professional
http://support.microsoft.com/default.aspx?scid=KB;EN-US;305550
Will you be able to establish the VPN connection to the SBS Server
successfully? If the VPN is working fine, it appears that the problem
doesn't reside at the SBS side. We may need to perform a further
investigation.
Based on my experience, error 800 is caused by a router that has outdated
firmware in some cases. Please check this KB article to see if your
hardware router has applied the latest firmware. You may contact the vendor
of the hardware router for more detailed information.
Error Message: VPN Connection Error 800: Unable to Establish Connection
http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q319108
To check if the VPN is blocked by the hardware router, we always use the
PPTP Ping to test if 1723 port and GRE protocol are allowed to pass
through. To do so:
a. Please run Pptpsrv.exe on the server side.
b. Run Pptpclnt.exe [ServerNameorIPaddress] on remote client.
c. When prompted by Pptpclnt.exe, type some text to send to Pptpsrv.exe,
and then click Enter.
d. You will see the text received at the host running Pptpsrv.exe. Then you
will see five GRE packets sent from Pptpclnt.exe and received at
Pptpsrv.exe.
Provide me with the output for reference.
NOTE: PPTP Ping tools (Pptpclnt and Pptpsrv) exist in Windows XP support
tools. For your convenience, I have attached the file within this reply.
NOTE: You should stop the Routing and Remote Access service on the RRAS
(VPN) server so that PPTPSRV can bind to port 1723
Basically, we will use PPTP Ping utility to determine whether any hardware
router or firewall is blocking GRE Protocol 47. The router must be able to
pass Generic Route Encapsulation (GRE) protocol 47 for PPTP traffic to
connect correctly to use VPN. When a cable/DSL router cannot map GRE
protocol 47 to the Routing and Remote Access server, you cannot connect to
the server from the Internet.
If the problem persists, please help me gather the ISA info and ISA log:
1. Please help to gather the ISA Info:
1) Download the file from the following URL:
http://www.isatools.org/isainfo/ISAInfo.zip
2) Extract all files to a folder on ISA server.
3) Double click Isainfo.js. This will generate 2 files
ISAInfo2004-<computer-name>.log and ISAInfo2004-<computer-name>.xml in the
current folder.
4) Please send these files to me at v-terliu@xxxxxxxxxxxxx
2. Please also help to gather the ISA logs:
1) Schedule a down time.
2) Open ISA 2004 management console.
3) Expand the server node and highlight 'Monitoring'.
4) In the right pane, switch to the 'Logging' tab, make sure the 'Task
Pane' is showed there.
5) In the 'Task Pane', click 'Configure Firewall Logging' under 'Logging
Tasks', and then switch the 'log storage format' from 'MSDE database'
(default) to 'File'.
6) Switch to the 'Fields' tab, click 'Select All', and then click OK.
7) In the 'Task Pane', click 'Configure Web Proxy Logging' under 'Logging
Tasks', and then switch the 'log storage format' from 'MSDE database'
(default) to 'File'.
8) Switch to the 'Fields' tab, click 'Select All', and then click OK.
9) Click 'Apply' to save changes and update the configuration.
10) Temporarily disable the Firewall service. To do that, please click
Monitoring | Services tab, and then right click 'Microsoft Firewall' to
choose 'Stop'.
11) Clear the current existing W3C logs. To do that, go to the log saving
directory and clean any existing .W3C logs. By default, the logs will be
saved to 'C:\Program Files\Microsoft ISA Server\ISALogs'. (Some MDF may not
be able to deleted, that's normal.) You may backup them first and then
delete them.
12) Go back to the ISA 2004 management console, and then Start the stopped
'Microsoft Firewall' service.
13) Reproduce the problem, stop the service, and then gather the resulting
W3C files to me for analysis.
14) Please also let me know the IP address of the testing clients so that I
can filter the data.
Hope the above information helps. Please feel free to let me know if there
is anything I can do for you.
Have a nice day!
Best regards,
Terence Liu(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: VPN Error 800
| thread-index: AccwIwfP1m0DpfZUTP++gt0+ZfRY5g==
| X-WBNR-Posting-Host: 217.39.24.232
| From: =?Utf-8?B?TmV0d29ya0Z1c2lvbg==?=
<NetworkFusion@xxxxxxxxxxxxxxxxxxxxxxxxx>
| Subject: VPN Error 800
| Date: Thu, 4 Jan 2007 09:09:01 -0800
| Lines: 21
| Message-ID: <C4077D1A-4722-414F-A4CD-3A3C9B2E046E@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 8bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757
| Newsgroups: microsoft.public.windows.server.sbs
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:8133
| NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| I have a Dell PowerEdge 2900 dual NIC with SBS2003R2 Premium, HP
Procurve
| 2524 managed switches (1st VLAN is the DMZ, 2nd VLAN is the SBS local
| Network) and a 2Wire BT1800HG Router (VPN compatible)
|
| I am having problems connecting via VPN, I have tried this from the
internet
| and from the DMZ, in order to cancel out the router. Within ISA i have
| monitored port 1723, it says â??initialised connectionâ?? 4 times from
the same
| computer but with different source ports, then says â??closed
connectionâ?? with
| result code 0x80074e24 multiple times.
|
| One the Connection client, it has error 800
|
| I have rerun the Remote Access wizard to no avail
|
|
| Thanks in advance,
|
| Robin.
|
| --
| Delivered By Messenger Pigeon
|
.
- Prev by Date: Re: printer problem in Win SBS R2 2003
- Next by Date: Re: Setting up client access groups
- Previous by thread: Re: VPN Error 800
- Next by thread: RE: Upgrade issue from SBS 2003 sp1 prem. ed. to SBS R2 prem. ed.
- Index(es):
Relevant Pages
|
