Re: VPN PPTP problem

On 22 nov, 12:53, v-ter...@xxxxxxxxxxxxxxxxxxxx (Terence Liu [MSFT])
wrote:
Hello David,

Thank you for your email.

From the ipconfig result on remote VPN client and SBS, I get that the SBS
external NIC IP is in the same subnet with the remote client. They are all
in the 192.168.1.0/24. This setting is incorrect. You need to make them
working in different IP schemes. You can change one of them to different
subnet, like 192.168.3.0/24.

For example, both LAN's are using 192.168.1.0 as the internal subnet
address. The computer sends the IP packages according to the path defined
in the routing table. If the local and the remote network are using the
same IP subnet, the client computer would not send the packages through the
VPN interface. Instead, the traffic will go through the local NIC to the
local internal network. If that's the case, you will need to change either
your local network IP schema or the branch office side IP schema.

After you change the IP subnet and then perform the steps in my previous
reply to reconfigure the VPN on SBS. Then, test the issue.

If we cannot resolve the issue after we perform the above steps, please
help me collect some information for further investigation:

1. Send me the ipconfig /all and router print results to me again.

2. Please try to establish the VPN connection from the internal clients.
Does it success?

I hope these steps will give you some help.

Thanks and have a nice day!

Best regards,

Terence Liu(MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! -www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
checkhttp://support.microsoft.comfor regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights..

--------------------
| From: david.montice...@xxxxxxxxx
| Newsgroups: microsoft.public.windows.server.sbs
| Subject: Re: VPN PPTP problem
| Date: Wed, 21 Nov 2007 04:37:04 -0800 (PST)
| Organization:http://groups.google.com
| Lines: 350
| Message-ID:
<4398d502-9027-40ce-b189-9df218ba8...@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
| References: <1194961210.555733.130...@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
| <15d9ee78-1316-4393-b1ca-81c3e2fdd...@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
| <dnGobXDLIHA.4...@xxxxxxxxxxxxxxxxxxxxxx>
| NNTP-Posting-Host: 81.83.0.31
| Mime-Version: 1.0
| Content-Type: text/plain; charset=ISO-8859-1
| Content-Transfer-Encoding: quoted-printable
| X-Trace: posting.google.com 1195648624 20443 127.0.0.1 (21 Nov 2007
12:37:04 GMT)
| X-Complaints-To: groups-ab...@xxxxxxxxxx
| NNTP-Posting-Date: Wed, 21 Nov 2007 12:37:04 +0000 (UTC)
| Complaints-To: groups-ab...@xxxxxxxxxx
| Injection-Info: e4g2000hsg.googlegroups.com; posting-host=81.83.0.31;
| posting-account=2Q43wAoAAABaRldeisn2qGTOfTD7t6VD
| User-Agent: G2/1.0
| X-HTTP-UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr;
rv:1.8.1.9)
| Gecko/20071025 Firefox/2.0.0.9,gzip(gfe),gzip(gfe)
| Content-Disposition: inline
| Bytes: 13924
| Path:
TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTFEEDS01.phx.gbl!TK2MSFTFE
EDS02.phx.gbl!newsfeed00.sul.t-online.de!t-online.de!border2.nntp.dca.gigane
ws.com!nntp.giganews.com!out01b.usenetserver.com!news.usenetserver.com!in02.
usenetserver.com!news.usenetserver.com!postnews.google.com!e4g2000hsg.google
groups.com!not-for-mail
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:77308
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| On 21 nov, 12:58, v-ter...@xxxxxxxxxxxxxxxxxxxx (Terence Liu [MSFT])| wrote:

| > Hello David,
| >
| > Thank you for update.
| >
| > The error code changed. I think we have improve in this issue.
| >
| > After we install the above updates, I suggest you perform the following
| > steps to reconfigure the VPN on SBS:
| >
| > 1) Disable RRAS
| >
| > a. Schedule a network down time.
| >
| > b. Please open Routing and Remote Access console on SBS thru run command
| > "rrasmgmt.msc"
| >
| > c. Right click the SBSname (local), select Disable Routing and Remote
| > Access console
| >
| > 2) Run CEICW on SBS
| >
| > You have to rerun the CEICW to make sure your SBS 2003 server have right
| > network configuration. Go through the follow KB and Rerun CEICW again
| > carefully.
| >
| > How to configure Internet access in Windows Small Business Server
2003http://support.microsoft.com/kb/825763/en-us
| >
| > 3) Run Remote Access wizard
| >
| > a. On the Small Business Server 2003-based server, click To Do List in
the> left pane of the Server Management console.
| >
| > b. Under Network Tasks, click Configure Remote Access.
| >
| > c. Click Next, click Enable Remote Access, click to select the VPN
Access
| > check box, and then click Next.
| >
| > d. Type the fully qualified public domain name (your public DNS name) of
| > your server, click Next, and then click Finish.
| >
| > e. When the wizard is completed, click Close.
| >
| > 4) Then you can access RWW to download Connection Manager or copy the
file> from SBS server c:\ ClientApps\Connection Manager\SBSPackage.exe.
Please
| > save the sbspackage.exe file in VPN client computer. Then double-click
| > SBSPackage.exe to run it. After this file run the "connect to small
| > business server" will be created and you can use it to connect VPN to
your> SBS server.
| >
| > If the clients still cannot establish VPN connection, I suggest you try
the
| > following steps:
| >
| > For the VPN 721 error, this issue may occur if the network firewall does
| > not permit Generic Routing Encapsulation (GRE) protocol traffic. GRE is
IP> Protocol 47. PPTP uses GRE for tunneled data. To resolve this issue,
| > configure the network firewall to permit GRE protocol 47. Also, make
sure
| > that the network firewall permits TCP traffic on port 1723. Both of
these
| > conditions must be met to establish VPN connectivity by using PPTP.
| >
| > You receive an "Error 721" error message when you try to establish a VPN
| > connection through your Windows Server-based remote access
serverhttp://support.microsoft.com/?id=888201
| >
| > The SBS will not block the GRE 47. Since there is no router before the
SBS> 2003 R2, the GRE 47 must by blocked by your ISP or your VPN client side
| > router. I suggest we try the following steps to see if we can resolve
this> issue:
| >
| > 1. On the VPN client side, check the router settings, ensure the router
| > allow GRE 47 outbound. You also can try to connect the VPN from another
| > client.
| >
| > 2. Please contact your ISP, and confirm with them that they do not block
| > GRE 47. Any firewall between SBS and the VPN client will probably block
the
| > GRE 47.
| >
| > We have a tool called PPTP ping, you can use it to test the PPTP network
| > connection. If you cannot pass the test, there must be firewall or
router
| > block the GRE 47.
| >
| > Please use the PPTP Ping tool included in Windows XP Support tools to
| > confirm whether the ports are opened to allow VPN connection. You can
find> Windows XP support tool from the "Support\Tools" folder in the
Windows XP
| > CD.
| >
| > a) Get two utilities pptpsrv.exe and pptpclnt.exe from the Windows XP
| > support tools.
| >
| > b) Run the pptpsrv.exe utility on the SBS server.
| >
| > c) Run the pptpclnt.exe utility on the problem Windows XP
| > Professional-based computer.
| >
| > Detailed steps are:
| >
| > Step 1. On the server, please stop the Routing and Remote Access
service.
| > Then, please bring up a command prompt and go to the folder containing
| > PPTPsrv.exe. Then type PPTPsrv to run it instead of double clicking to
run> the application. This method will let the final result displayed on
screen> constantly.
| >
| > Then, you will see the following on screen
| > ----------------------------------------------------------------
| > C:\Documents and Settings\Administrator>cd desktop
| >
| > C:\Documents and Settings\Administrator\Desktop>pptpsrv
| >
| > Now you must run pptpclnt.exe on remote machine
| >
| > Waiting for inbound connection on TCP port 1723...
| > ------------------------------------------------------------------
| >
| > Step 2. On the client computer, please bring up a command prompt and run
| > the command "pptpclnt SBSserver". The expected result should be as
following
| >
| > -----------------------------------------------------------------------
| > C:\Documents and Settings\user\Desktop>pptpclnt server.domain.com
| >
| > Initializing WinSock...
| > Obtaining host information...
| > Successfully resolved server's host information
| >
| > ======================================
| > Enter data to send to server (between 1 and 255 chrs.), then hit enter:
| > -->This is a test
| >
| > Successfully connected to server using TCP port 1723 (PPTP)
| > Sending data to server
| >
| > Waiting for a reply to the data which was just sent...
| > Received a reply. Reply contains the following text:
| > ---> Hello, there! This is a reply from the server.
| >
| > ...

plus de détails >>

Hello Terrence,

Thanks for you suggestion!

I will change the subnet, i will make new tests as soon as possible.

But there is something that i don't understand...
If like you told me, because client subnet is the same than external
nic subnet of our server, client's packets cannot be sent through the
tunnel,
so why as you can see in my first post, the server packets capture
shows client vpn connection attemps packets ?


Regards,

David
.

Relevant Pages

  • Re: VPN clients unable to connect to other resources.
    ... gateway matches the IP of the remote client, and DNS and WINS point to the ... remote (although it takes close to a minute to connect, ... This is just regular Windows VPN, ... VPN server, remote routing and access running on the SBS 2003 server ...
    (microsoft.public.windows.server.sbs)
  • RE: Remote connectivity problems
    ... do you mean you have added a remote client to SBS ... If you have hardware VPN tunnel setup using Linksys or others, ... In this scenario you have to configure the SBS Server computer to enable ...
    (microsoft.public.windows.server.sbs)
  • Re: Win2k VPN Client doees work. Winxp Client does?
    ... I have put both the client and the server on the same network as the ... I can not logon to your server and troubleshoot the issue. ... This newsgroup only focuses on SBS technical issues. ... | Subject: Re: Win2k VPN Client doees work. ...
    (microsoft.public.windows.server.sbs)
  • RE: No Client or Server Desktop Access Through RWW SBS 2003 SP2
    ... internal client Remote Desktop via RWW. ... Please perform the steps on the SBS and internal client computers: ... Click Remote tab, tick Enable Remote Desktop on this computer ... On the SBS server, click Start, click Run, type "regedit" (without the ...
    (microsoft.public.windows.server.sbs)
  • RE: Remote connectivity problems
    ... SBS can not add a client computer to domain using CEICW. ... Do you mean the laptop client can not access internet web sites after it is ... | Thread-Topic: Remote connectivity problems ...
    (microsoft.public.windows.server.sbs)