RE: PPTP VPN connection problems
- From: v-terliu@xxxxxxxxxxxxxxxxxxxx (Terence Liu [MSFT])
- Date: Mon, 11 Jun 2007 09:43:10 GMT
Hello Iulian,
Thank you for kind update.
We have a tool called PPTPping, it may help you to narrow down the GRE 47
connection issue:
Basically, we will use PPTP Ping utility to determine whether any hardware
router or firewall is blocking GRE Protocol 47. The router must be able to
pass Generic Route Encapsulation (GRE) protocol 47 for PPTP traffic to
connect correctly to use VPN. When a cable/DSL router cannot map GRE
protocol 47 to the Routing and Remote Access server, you cannot connect to
the server from the Internet.
To check if the VPN is blocked by the hardware router, we always use the
PPTP Ping to test if 1723 port and GRE protocol are allowed to pass
through. To do so:
a. Please run Pptpsrv.exe on the server side.
b. Run Pptpclnt.exe [ServerNameorIPaddress] on remote client.
c. When prompted by Pptpclnt.exe, type some text to send to Pptpsrv.exe,
and then click Enter.
d. You will see the text received at the host running Pptpsrv.exe. Then you
will see five GRE packets sent from Pptpclnt.exe and received at
Pptpsrv.exe.
Then you can check the output.
NOTE: PPTP Ping tools (Pptpclnt and Pptpsrv) exist in Windows XP support
tools.
Windows XP Service Pack 2 Support Tools
http://www.microsoft.com/downloads/details.aspx?amp;displaylang=en&familyid=
49ae8576-9bb9-4126-9761-ba8011fabf38&displaylang=en
NOTE: You should stop the Routing and Remote Access service on the RRAS
(VPN) server so that PPTPSRV can bind to port 1723
Hope these steps will give you some help.
Thanks and have a nice day!
Best regards,
Terence Liu(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: PPTP VPN connection problems
| thread-index: AceqGQ7hqpi1n57FRyuZT3npCbez9A==
| X-WBNR-Posting-Host: 207.46.193.207
| From: =?Utf-8?B?aXVsaWFu?= <iulian@xxxxxxxxxxxxxxxxxxxxxxxxx>
| References: <CB93746B-51C4-482E-8734-1E136BB0375B@xxxxxxxxxxxxx>
<cfAZH8mpHHA.5168@xxxxxxxxxxxxxxxxxxxxxx>
<A5ADA30B-19E4-4A70-9862-364DE7BE9AAC@xxxxxxxxxxxxx>
<iJL6QtCqHHA.3736@xxxxxxxxxxxxxxxxxxxxxx>
| Subject: RE: PPTP VPN connection problems
| Date: Fri, 8 Jun 2007 15:05:00 -0700
| Lines: 327
| Message-ID: <E9875CE0-82AE-47F1-9D59-79B1F95FB193@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 8bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2826
| Newsgroups: microsoft.public.windows.server.sbs
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:42791
| NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Hello Joe and Liu,
|
| Many thanks for your feedback.
| Indeed I also suspect the protocol 47 not being properly routed.
|
| But I do not think it is in the ADSL router itself. The SpeedTouch 608 I
am
| using is a router for business market and I verified with the support
| engineers that it properly implements the GRE 47.
|
| What I think is happening is that the ISP itself has a problem with GRE
47
| on their routers. They do not say it but maybe they prohibit VPN
connections
| for certain types of subscriptions.
| I am using and ADSL Plus + Business Option (their DHCP always allocates a
| fix IP for my connection â?? PPPoE/PPPoA) subscription at belgacom in
Belgium
| for my office connection.
|
| What I want is to prove them they have a problem. So far the ISP support
| engineers rejected any problem on their network. I will take this problem
| with local support from MS and try to prove to the ISP that they have a
| problem.
|
| Best regards,
| Iulian
|
|
| "Terence Liu [MSFT]" wrote:
|
| > Hello Iulian,
| >
| > Thank you for kind update.
| >
| > Since you want to contact your local MS support for help, I would be
| > appreciate and think it is a more effective ways. To obtain the phone
| > numbers for specific technology request please take a look at the web
site
| > listed below.
| >
| > http://support.microsoft.com/default.aspx?scid=fh;EN-US;PHONENUMBERS
| >
| > If you are outside the US please see http://support.microsoft.com for
| > regional support phone numbers.
| >
| > Additional, you can establish the VPN connection from internal client,
that
| > means the configuration on SBS is mostly correct. I think the cause of
this
| > issue may relate to the ADSL router. As the Joe's input, we have to
enable
| > TPC 1723 and GRE 47 on the router. I suggestion you replace the ADSL
router
| > with another one, and test this issue.
| >
| > Hope these steps will give you some help.
| >
| > Thanks and have a nice day!
| >
| > Best regards,
| >
| > Terence Liu(MSFT)
| >
| > Microsoft CSS Online Newsgroup Support
| >
| > Get Secure! - www.microsoft.com/security
| >
| > =====================================================
| > This newsgroup only focuses on SBS technical issues. If you have issues
| > regarding other Microsoft products, you'd better post in the
corresponding
| > newsgroups so that they can be resolved in an efficient and timely
manner.
| > You can locate the newsgroup here:
| > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| >
| > When opening a new thread via the web interface, we recommend you check
the
| > "Notify me of replies" box to receive e-mail notifications when there
are
| > any updates in your thread. When responding to posts via your
newsreader,
| > please "Reply to Group" so that others may learn and benefit from your
| > issue.
| >
| > Microsoft engineers can only focus on one issue per thread. Although we
| > provide other information for your reference, we recommend you post
| > different incidents in different threads to keep the thread clean. In
doing
| > so, it will ensure your issues are resolved in a timely manner.
| >
| > For urgent issues, you may want to contact Microsoft CSS directly.
Please
| > check http://support.microsoft.com for regional support phone numbers.
| >
| > Any input or comments in this thread are highly appreciated.
| > =====================================================
| >
| > This posting is provided "AS IS" with no warranties, and confers no
rights.
| >
| > --------------------
| > | Thread-Topic: PPTP VPN connection problems
| > | thread-index: AcenmLAvtFznjjS+Td2Dg1z7W8W13w==
| > | X-WBNR-Posting-Host: 207.46.193.207
| > | From: =?Utf-8?B?aXVsaWFu?= <iulian@xxxxxxxxxxxxxxxxxxxxxxxxx>
| > | References: <CB93746B-51C4-482E-8734-1E136BB0375B@xxxxxxxxxxxxx>
| > <cfAZH8mpHHA.5168@xxxxxxxxxxxxxxxxxxxxxx>
| > | Subject: RE: PPTP VPN connection problems
| > | Date: Tue, 5 Jun 2007 10:41:03 -0700
| > | Lines: 244
| > | Message-ID: <A5ADA30B-19E4-4A70-9862-364DE7BE9AAC@xxxxxxxxxxxxx>
| > | MIME-Version: 1.0
| > | Content-Type: text/plain;
| > | charset="Utf-8"
| > | Content-Transfer-Encoding: 8bit
| > | X-Newsreader: Microsoft CDO for Windows 2000
| > | Content-Class: urn:content-classes:message
| > | Importance: normal
| > | Priority: normal
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2826
| > | Newsgroups: microsoft.public.windows.server.sbs
| > | Path: TK2MSFTNGHUB02.phx.gbl
| > | Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:41893
| > | NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
| > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > |
| > | Hello Liu,
| > |
| > | The problem is that the VPN does not disconnect. Both ends (client
and
| > | server) show the connection active.
| > | However after some idle period I can not send packets across the
| > connection.
| > | A ping to the server would result in "Request timed out".
| > |
| > | Suggestion 1: I checked and the idle time is set to "never"
| > |
| > | Suggestion 2: Both internet connections are ADSL subscriptions for
| > | residential, but the one for the server has a fix IP.
| > | I've contacted the ISP and they see no stability issues on the ADSL
| > | connection.
| > |
| > | Suggestion 3: Yes I used the CEICW on the SBS and I checked the KB
and
| > | confirm that the VPN is configured properly.
| > |
| > | Suggestion 4: If I connect with the VPN client locally to the
internet
| > | gateway (the SpeedTouch 608W) and setup a local VPN connection (the
IP of
| > the
| > | external connection of the server) as you suggested I see no
problems.
| > The
| > | VPN is stable for hours (I did not check more).
| > |
| > | Conclusion:
| > | - 1 - I am using SBS2003 standard (no ISA server).
| > | - 2 - I have an fix IP address for the office internet connection.
| > | - 3 - I use the OWA from multiple locations (PCs) and looks more
stable.
| > | However I saw that I need to logon again after a greater idle period
| > (15-30
| > | min); and I do not know if this is an internal timeout of OWA for
| > security
| > | reason (public PC access).
| > | - 4 - I have this issue on multiple PC (all of them XP SP2).
| > | - 5 - As I said the VPN does not disconnect. It is just that the
| > | communication with the server blocks after some idle period. If I do
a
| > | continuous ping to the server (ping -t sbs001) the problem disappears.
| > |
| > |
| > | I would like to contact the local MS support (Belgium) if posible.
| > | I have this SBS2003 server (Dell PowerEdge 380) since last November;
it
| > | should be under support from MS.
| > |
| > | Best regards,
| > | Iulian
| > |
| > |
| > | "Terence Liu [MSFT]" wrote:
| > |
| > | > Hello Iulian,
| > | >
| > | > Thank you for posting here.
| > | >
| > | > According to your description, I understand that your VPN
connection to
| > | > your SBS 2003 will disconnect after a while of idle. If I have
| > | > misunderstood the problem, please don't hesitate to let me know.
| > | >
| > | > Based on my research, I suggest we try the following steps to see
if we
| > can
| > | > resolve this issue:
| > | >
| > | > Suggestion 1: Check the VPN client settings
| > | >
| > | > 1. On the XP client computer, open Network Connections
| > | >
| > | > 2. Right click the VPN connection, select properties,
| > | >
| > | > 3. Select Options tab, in the Idle time before hanging up box,
select
| > | > never, and tick the option Redial if line is dropped (if you have
this
| > | > option)
| > | >
| > | > 4. Click Ok to finish.
| > | >
| > | > Suggestion 2: Check the Internet network connection stability
| > | >
| > | > The instability Internet connection will relate to this issue.
Please
| > | > contact your ISP of your office and home, to check the Internet
| > connection
| > | > stability. You can also try to connect your SBS VPN from another
| > client,
| > | > does it work fine?
| > | >
| > | > Suggestion 3: I'd like to confirm how to setup the VPN settings on
SBS
| > and
| > | > client with you
| > | >
| > | > 1. Run CEICW on SBS
| > | >
| > | > You have to rerun the CEICW to make sure your SBS 2003 server have
| > right
| > | > network configuration. Go through the follow KB and Rerun CEICW
again
| > | > carefully.
| > | >
| > | > How to configure Internet access in Windows Small Business Server
2003
| > | > http://support.microsoft.com/kb/825763/en-us
| > | >
| > | > 2. Run Remote Access wizard
| > | >
| > | > a) On the Small Business Server 2003-based server, click To Do List
in
| > the
| > | > left pane of the Server Management console.
| > | >
| > | > b) Under Network Tasks, click Configure Remote Access.
| > | >
| > | > c) Click Next, click Enable Remote Access, click to select the VPN
| > Access
| > | > check box, and then click Next.
| > | >
| > | > d) Type the fully qualified public domain name (your public DNS
name)
| > of
| > | > your server, click Next, and then click Finish.
| > | >
| > | > e) When the wizard is completed, click Close.
| > | >
| > | > 3. Then you can access RWW to download Connection Manager or copy
the
| > file
| > | > from SBS server c:\ ClientApps\Connection Manager\SBSPackage.exe.
| > Please
| > | > save the sbspackage.exe file in VPN client computer. Then
double-click
| > | > SBSPackage.exe to run it. After this file run the "connect to small
| > | > business server" will be created and you can use it to connect VPN
to
| > your
| > | > SBS server.
| > | >
| > | > Suggestion 4: If the issue persists, please do the following test
to
| > narrow
| > | > down this issue.
| > | >
| > | > 1. Test the VPN connection from inside of the SBS network, will the
| > problem
| > | > be reproduced?
| > | >
| > | > Manually create a VPN connection on the internal client through the
| > | > following KB article:
| > | > How to configure a VPN connection to your corporate network in
Windows
| > XP
| > | > Professional
| > | > http://support.microsoft.com/?id=305550
| > | >
| > | > Note: The VPN server IP is the internal IP address of the SBS Server
| > | >
| > | > 2. If the disconnection issue doesn't occur internally, please plug
a
| > | > simple hub to the external interface and plug a laptop to the hub,
| > perform
| > | > the same test which bypasses the router. Will the problem be
reproduced?
| > | >
| > | > Note: The VPN server IP is the external IP address of the SBS Server
| > | >
| > | > If we can not resolve the issue after we perform the above steps,
| > please
| > | > kindly help me collect some information for further investigation:
| > | >
| > | > 1. Do you install ISA server 2004 on SBS? Please apply the hotfix
| > KB904825
| > | > (http://support.microsoft.com/?id=904825), and then test this issue.
| > | >
| > | > 2. Do you have static IP on your office Internet connection?
| > | >
| > | > 3. Does the OWA connection from your home have the same instability
| > issue?
| > | >
| > | > 4. Does the VPN connection issue happen on all VPN clients?
| > | >
| > | > 5. Do you get any error when the VPN connection disconnect? Please
| > capture
| > | > screenshots on the error messages and send the pictures to me at
| > | > v-terliu@xxxxxxxxxxxxx
| > | >
| > | > Hope these steps will give you some help.
| > | >
| > | > Thanks and have a nice day!
| > | >
| > | > Best regards,
| > | >
| > | > Terence Liu(MSFT)
| > | >
| > | > Microsoft CSS Online Newsgroup Support
| > | >
| > | > Get Secure! - www.microsoft.com/security
| > | >
| > | > =====================================================
| > | > This newsgroup only focuses on SBS technical issues. If you have
issues
| > | > regarding other Microsoft products, you'd better post in the
| > corresponding
| > | > newsgroups so that they can be resolved in an efficient and timely
| > manner.
| > | > You can locate the newsgroup here:
| > | > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| > | >
| > | > When opening a new thread via the web interface, we recommend you
check
| > the
| > | > "Notify me of replies" box to receive e-mail notifications when
there
| > are
| > | > any updates in your thread. When responding to posts via your
| > newsreader,
| > | > please "Reply to Group" so that others may learn and benefit from
your
| > | > issue.
| > | >
| > | > Microsoft engineers can only focus on one issue per thread.
Although we
| > | > provide other information for your reference, we recommend you post
| > | > different incidents in different threads to keep the thread clean.
In
| > doing
| > | > so, it will ensure your issues are resolved in a timely manner.
| > | >
| > | > For urgent issues, you may want to contact Microsoft CSS directly.
| > Please
| > | > check http://support.microsoft.com for regional support phone
numbers.
| > | >
| > | > Any input or comments in this thread are highly appreciated.
| > | > =====================================================
| > | >
| > | > This posting is provided "AS IS" with no warranties, and confers no
| > rights.
| > | >
| > | > --------------------
|
.
- References:
- RE: PPTP VPN connection problems
- From: Terence Liu [MSFT]
- RE: PPTP VPN connection problems
- From: iulian
- RE: PPTP VPN connection problems
- From: Terence Liu [MSFT]
- RE: PPTP VPN connection problems
- From: iulian
- RE: PPTP VPN connection problems
- Prev by Date: Re: Uninstalling service pack
- Next by Date: Re: Uninstalling service pack
- Previous by thread: RE: PPTP VPN connection problems
- Next by thread: VPN IP
- Index(es):
Relevant Pages
|
Loading
