RE: VPN Disconnection
- From: v-terliu@xxxxxxxxxxxxxxxxxxxx (Terence Liu [MSFT])
- Date: Thu, 29 Nov 2007 09:19:21 GMT
Hello Tom,
Thank you for posting here.
According to your description, I understand that the VPN to SBS will
disconnect sometime and you get event warning 20209 on SBS. If I have
misunderstood the problem, please don't hesitate to let me know.
Based on my research, the warning description is clearly. This is a GRE 47
blocked issue.
This issue may occur if the network firewall does not permit Generic
Routing Encapsulation (GRE) protocol traffic. GRE is IP Protocol 47. PPTP
uses GRE for tunneled data. To resolve this issue, configure the network
firewall to permit GRE protocol 47. Also, make sure that the network
firewall permits TCP traffic on port 1723. Both of these conditions must be
met to establish VPN connectivity by using PPTP.
I suggest we try the following steps to see if we can resolve this issue:
1. On the VPN server (SBS) side, check the router which places before SBS,
ensure the router allow GRE 47 traffic to SBS. You can contact your router
vendor to confirm it.
2. On the VPN client side, check the router settings, ensure the router
allow GRE 47 outbound. You also can try to connect the VPN from another
client.
3. Please contact your ISP, and confirm with them that they do not block
GRE 47. Any firewall between SBS and the VPN client will probably block the
GRE 47.
Basically, we will use PPTP Ping utility to determine whether any hardware
router or firewall is blocking GRE Protocol 47. The router must be able to
pass Generic Route Encapsulation (GRE) protocol 47 for PPTP traffic to
connect correctly to use VPN. When a cable/DSL router cannot map GRE
protocol 47 to the Routing and Remote Access server, you cannot connect to
the server from the Internet.
To check if the VPN is blocked by the hardware router, we always use the
PPTP Ping to test if 1723 port and GRE protocol are allowed to pass
through. To do so:
a. Please run Pptpsrv.exe on the server side.
b. Run Pptpclnt.exe [ServerNameorIPaddress] on remote client.
c. When prompted by Pptpclnt.exe, type some text to send to Pptpsrv.exe,
and then click Enter.
d. You will see the text received at the host running Pptpsrv.exe. Then you
will see five GRE packets sent from Pptpclnt.exe and received at
Pptpsrv.exe.
Then you can check the output.
NOTE: PPTP Ping tools (Pptpclnt and Pptpsrv) exist in Windows XP support
tools.
Windows XP Service Pack 2 Support Tools
http://www.microsoft.com/downloads/details.aspx?amp;displaylang=en&familyid=
49ae8576-9bb9-4126-9761-ba8011fabf38&displaylang=en
NOTE: You should stop the Routing and Remote Access service on the RRAS
(VPN) server so that PPTPSRV can bind to port 1723
If we cannot resolve the issue after we perform the above steps, please
help me collect some information for further investigation:
1. Do you install ISA server 2004 on SBS?
2. Do you install Windows Server 2003 sp2 on SBS?
3. Once the VPN connection is established, run command "ipconfig /all >
c:\ipconfig_sbs.txt" and "route print > c:\route_sbs.txt" on SBS, send the
files c:\ipconfig_sbs.txt and c:\route_sbs.txt to me at
v-terliu@xxxxxxxxxxxxx
4. Once the VPN connection is established, run command "ipconfig /all >
c:\ipconfig_client.txt" and "route print > c:\route_client.txt" on remote
client, send the files c:\ipconfig_client.txt and c:\route_client.txt to me
at v-terliu@xxxxxxxxxxxxx
5. Gather MPS network report on SBS:
a. Download MPSrepot_network from
http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0bd9
15706/MPSRPT_NETWORK.EXE
b. Run MPSRPT_NETWORK.exe on the server box.
c. The tool will automatically collect the information. This procedure will
take 10~15 minutes.
d. Open Windows Explorer, navigate to the folder:
%SystemRoot%\MPSReports\Network\Reports\Cab\
e. Send the .cab file directly to me at v-terliu@xxxxxxxxxxxxx
I hope these steps will give you some help.
Thanks and have a nice day!
Best regards,
Terence Liu(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "ZielonySBS" <ttrochanowski@xxxxxxxxxxxxxx>
| Subject: VPN Disconnection
| Date: Wed, 28 Nov 2007 11:22:54 -0000
| Lines: 43
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.3138
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
| X-RFC2646: Format=Flowed; Original
| Message-ID: <uzniVDbMIHA.6060@xxxxxxxxxxxxxxxxxxxx>
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: host81-149-92-141.in-addr.btopenworld.com 81.149.92.141
| Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP05.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:78514
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| I have got a problem with VPN. I rapidly disconnect when I try to get
access
| company LAN.
|
| When it is connected longer I can see server and whole network. Company
web,
| I can remotely log in any
| PC in company LAN.
|
| The problem is when I go to e.g. Users Folders I get disconnected or I
can
| see only folders on my local machine.
|
| I haven't done any changes on the server. It worked fine a few weeks ago.
|
|
| Here is information from Event log after successful connection:
|
| Event Type: Warning
| Event Source: Rasman
| Event Category: None
| Event ID: 20209
| Date: 11/23/2007
| Time: 10:43:36 AM
| User: N/A
| Computer: SBS
| Description:
| A connection between the VPN server and the VPN client 81.xxx.xxx.xxx has
| been established, but the VPN connection cannot be completed. The most
| common cause for this is that a firewall or router between the VPN server
| and the VPN client is not configured to allow Generic Routing
Encapsulation
| (GRE) packets (protocol 47). Verify that the firewalls and routers between
| your VPN server and the Internet allow GRE packets. Make sure the
firewalls
| and routers on the user's network are also configured to allow GRE
packets.
| If the problem persists, have the user contact the Internet service
provider
| (ISP) to determine whether the ISP might be blocking GRE packets.
|
|
|
| Thanx for any answer,
|
| Tom
|
|
|
|
|
.
- References:
- VPN Disconnection
- From: ZielonySBS
- VPN Disconnection
- Prev by Date: RE: Mail archive
- Next by Date: Re: FSMO roles mistakenly moved
- Previous by thread: VPN Disconnection
- Next by thread: VSS, SBS Backup Sizes and Exchange
- Index(es):
Relevant Pages
|
