RE: VPN on SBS2003 SP1 via Router - Microsoft Replication Manager
- From: v-terliu@xxxxxxxxxxxxxxxxxxxx (Terence Liu [MSFT])
- Date: Fri, 16 Mar 2007 06:00:48 GMT
Hello Customer,
Thank you for posting here.
According to your description, I understand that your replication cannot
works through VPN connection. If I have misunderstood the problem, please
don't hesitate to let me know.
Based on my research, I suggest we try the following steps to see if we can
resolve this issue:
Step 1: I'd like to confirm the VPN set up steps with you
1. Run CEICW
You have to rerun the CEICW to make sure your SBS 2003 server have right
network configuration. Go through the follow KB and Rerun CEICW again
carefully.
How to configure Internet access in Windows Small Business Server 2003
http://support.microsoft.com/kb/825763/en-us
2. Run Remote Access wizard
a) On the Small Business Server 2003-based server, click To Do List in the
left pane of the Server Management console.
b) Under Network Tasks, click Configure Remote Access.
c) Click Next, click Enable Remote Access, click to select the VPN Access
check box, and then click Next.
d) Type the fully qualified public domain name (FQDN) of your server, click
Next, and then click Finish.
e) When the wizard is completed, click Close.
3. Go to the client and establish the VPN connection to the SBS Server, you
can refer to this KB article for more information:
How to configure a VPN connection to your corporate network in Windows XP
Professional
http://support.microsoft.com/default.aspx?scid=KB;EN-US;305550
Step 2: Check the settings on your router
Basically, we will use PPTP Ping utility to determine whether any hardware
router or firewall is blocking GRE Protocol 47. The router must be able to
pass Generic Route Encapsulation (GRE) protocol 47 for PPTP traffic to
connect correctly to use VPN. When a cable/DSL router cannot map GRE
protocol 47 to the Routing and Remote Access server, you cannot connect to
the server from the Internet.
To check if the VPN is blocked by the hardware router, we always use the
PPTP Ping to test if 1723 port and GRE protocol are allowed to pass
through. To do so:
a. Please run Pptpsrv.exe on the server side.
b. Run Pptpclnt.exe [ServerNameorIPaddress] on remote client.
c. When prompted by Pptpclnt.exe, type some text to send to Pptpsrv.exe,
and then click Enter.
d. You will see the text received at the host running Pptpsrv.exe. Then you
will see five GRE packets sent from Pptpclnt.exe and received at
Pptpsrv.exe.
Provide me with the output for reference.
NOTE: PPTP Ping tools (Pptpclnt and Pptpsrv) exist in Windows XP support
tools. For your convenience, I have attached the file within this reply.
NOTE: You should stop the Routing and Remote Access service on the RRAS
(VPN) server so that PPTPSRV can bind to port 1723
Step 3: For your replication error message
1. Open the urlscan.ini file in a text editor such as Notepad. By default,
the urlscan.ini file is installed in the following folder:
a. On Microsoft Windows NT and Microsoft Windows 2000:
c:\WINNT\system32\inetsrv\urlscan\urlscan.ini
b. On Microsoft Windows XP:
c:\windows\system32\inetsrv\urlscan\urlscan.ini
2. Change the following sections of the urlscan.ini file as indicated:
a. If the UseAllowVerbs section is equal to 1, add the following entries to
the [AllowVerbs] section if they are not already listed:
DELETE
PUT
b. If the UseAllowVerbs section is equal to 0, remove the following entries
from the [DenyVerbs] section or comment them out by putting a semicolon in
front of each entry (for example, ;DELETE):
DELETE
PUT
c. If the UseAllowExtensions section is equal to 1, add the following entry
to the [AllowExtensions] section if it is not already listed:
exe
d. If the UseAllowExtensions section is equal to 0, remove the following
entry from the [DenyExtensions] section or comment it out by putting a
semicolon in front of the entry (for example, ;.exe):
exe
3. Save the urlscan.ini file.
4. Restart IIS.
If the issue persists, please kindly help me collect some information for
further investigation:
1. Do you install ISA on your SBS?
2. Is the replication happen between VPN client and SBS server or between
VPN client and internal client?
3. Please gather outcome of command "ipconfig /all" on VPN client and SBS
when VPN connection established, send the result to me at
v-terliu@xxxxxxxxxxxxx
4. Please gather outcome of command "route print" on VPN client and SBS
when VPN connection established, send the result to me at
v-terliu@xxxxxxxxxxxxx
Hope these steps will give you some help.
Thanks and have a nice day!
Best regards,
Terence Liu(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: VPN on SBS2003 SP1 via Router - Microsoft Replication
Manager
| thread-index: Acdm8Bkn9gM6JkxkTEG1aA1uERg62Q==
| X-WBNR-Posting-Host: 196.2.124.251
| From: =?Utf-8?B?U3R1YXJ0IExvd2U=?= <StuartLowe@xxxxxxxxxxxxxxxxxxxxxxxxx>
| Subject: VPN on SBS2003 SP1 via Router - Microsoft Replication Manager
| Date: Thu, 15 Mar 2007 03:53:00 -0700
| Lines: 57
| Message-ID: <B9996683-11F2-45D6-A637-4421B0FC592F@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757
| Newsgroups: microsoft.public.windows.server.sbs
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:23044
| NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| I need some help in getting internet replication working across my VPN. I
| have it working 95% except for SENDING of data from the Client to the
Server
| across a VPN.
|
| This is the setup.
| The server is a Windows 2003 Small Business Server (win2003SBS) with only
| One NIC.
| The Client Workstation is a Windows XP SP2 (WinXP2) Desktop PC.
|
| When i connect with the WinXP2 workstation across the LAN the synch works
| perfectly. OK. :-)
|
| However when i disconnect this WinXP2 Pc from the lan, connect to the
| internet using my modem, then connect to the Win2003SBS server using the
VPN
| connection, this connects successfully. I am using the same username and
| password as setup under Active Directory Users.
|
| I test the Internet Replication and the following work:
| - Test communication Link - Works OK. :-)
| - Receiving Data - Works OK. :-)
| The Sending Data FAILS :-(
| Thus the Send and Receive data will also fail.
| The Rep...msg files appear on the server in the dropbox, but no Jet...tmp
| files.
|
| Eventually after about 2 mins the messages "Failure to write to an
internet
| handle" or "Internal Internat failure" appear.
| Is it that the file MSTRAI40.EXE is not being run? why does it work on the
| LAN then?
|
| I therefore deduce that the IIS permissions are setup correctly.
|
| I have also activated a dyndns account to map to the server. The ip
address
| therefore is dynamic.
|
| The VPN server is behind a Netgear RP614v$ Router acting as a DHCP server
| and Firewall.
| I have opened up Port Forwarding on the following ports, and mapped them
to
| the LAN IP address of the server (as i have only one NIC), but still have
the
| same problem.
|
| Ports forwarded:
| 80 (HTTP)
| 1723 (PPTP)
| 443 (HTTPS)
| 21 (FTP)
|
| Some of the above are not really necessary but have left them there for
| testing purposes. I am using a NETGEAR RP614v4 Router connecting to a
| wireless ADSL Modem.
|
| Do i have to specify a DMZ server?? When i do specify a DMZ Server
routing
| it to the Local IP of the server, it still doesn't Send.
|
| Would getting a Statis IP Address solve this problem or is it a Router
| problem.?
|
|
.
- Follow-Ups:
- Prev by Date: Re: server 2003 Max Users
- Next by Date: RE: Performance Logs and Alerts services don't start after SP2
- Previous by thread: Re: SBS 2003 Monitoring emails say Bad Request (Invalid Hostname)
- Next by thread: RE: VPN on SBS2003 SP1 via Router - Microsoft Replication Manager
- Index(es):
Relevant Pages
|
