Re: VPN connect error 691 help - new postings

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: John L <JohnL@xxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 20 Oct 2008 08:55:01 -0700

Robbin,

Sorry for the delay, my post did not take.

I manually created a VPN connection and tested it. I connected and
authenticated. The SBS connection connects but does not authenticate.

WHy does the SBS not authenticate? WHat do you want me to test?

Thx for your patience
--
John L

""Robbin Meng [MSFT]"" wrote:

Hi John,

Thanks for your feedback and the screenshot files.

I am glad to know the VPN session can be connected now. Regarding your
concern about why it shows "limited and unauthenticated", First, regarding
the "limited", since Windows Vista enables IPv6 by default and we are
actually using IPv4 for VPN, it is by design and normal to behavior to show
as limited. We can safely ignore it.

As for the "unauthenticated" showed on the Network and Sharing Center page,
I would like to confirm if it is the same when you manually create a VPN
connection using Windows "Setup a connection or network" connection? If
the issue both occurs when using the SBS shortcut to setup VPN and manually
create VPN connection, let's try the following steps to continue:

Seeing that we are logged into an Active Directory Domain we will use
Kerberos for authentication. If a Kerberos packet gets fragmented it can
definitely break the authentication process.

Let's try to make the following registry change the MTU Settings for VPN
Connections:

To change the MTU settings for VPN connections, add the ProtocolType DWORD
value, the PPPProtocolType DWORD value, and the TunnelMTU DWORD value to
the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Ndiswan\Parameters\Protocols\0

To do so, follow these steps.

1. Click Start, click Run, type regedit in the Open box, and then click OK.
2. Locate and then click the following subkey in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NdisWan\Parameters
3. Add a Protocols subkey (if it does not already exist). To do so:
a. On the Edit menu, point to New, and then click Key.
b. Type Protocols, and then press ENTER.

4. Add a 0 (zero) subkey to the Protocols subkey. To do so:
a. Click the Protocols sub key that you created in step 3.
b. On the Edit menu, point to New, and then click Key.
c. Type 0 (zero), and then press ENTER.

5. Click the 0 subkey that you created in step 4.
6. On the Edit menu, point to New, and then click DWORD Value.
7. In the Value data box, type ProtocolType, and then click OK.
8. On the Edit menu, click Modify.
9. In the Value data box, type 800, make sure Hexadecimal is selected under
Base, and then click OK.
10. On the Edit menu, point to New, and then click DWORD Value.
11. Type PPPProtocolType, and then press ENTER.
12. On the Edit menu, click Modify.
13. In the Value data box, type 21, make sure Hexadecimal is selected under
Base, and then click OK.
14. On the Edit menu, point to New, and then click DWORD Value.
15. Type TunnelMTU, and then press ENTER.
16. On the Edit menu, click Modify.
17. Under Base, click Decimal, type the MTU size that you want in the Value
data box, and then click OK.
18. Quit Registry Editor.
19. Restart your computer.

More information, please refer to :

HOW TO: Change the Default Maximum Transmission Unit (MTU) Size Settings
for PPP Connections or for VPN Connections
http://support.microsoft.com/kb/826159

How to Troubleshoot Black Hole Router Issues
http://support.microsoft.com/default.aspx?scid=kb;EN-US;314825

Hope this helps. Also, if you have any questions or concerns, please do not
hesitate to let me know.

Thank you for your time and cooperation.

Best regards,
Robbin Meng(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security

Follow-Ups:
- Re: VPN connect error 691 help - new postings
  - From: "Robbin Meng [MSFT]"

References:
- VPN connect error 691 help
  - From: John Lenz
- RE: VPN connect error 691 help
  - From: "Robbin Meng [MSFT]"
- Re: VPN connect error 691 help
  - From: John Lenz
- Re: VPN connect error 691 help
  - From: "Robbin Meng [MSFT]"
- Re: VPN connect error 691 help - new postings
  - From: John Lenz
- Re: VPN connect error 691 help - new postings
  - From: "Robbin Meng [MSFT]"
- Re: VPN connect error 691 help - new postings
  - From: John Lenz
- Re: VPN connect error 691 help - new postings
  - From: "Robbin Meng [MSFT]"

Prev by Date: Re: Exchange 2007 POP3 Connector
Next by Date: Re: Exchange 2007 POP3 Connector
Previous by thread: Re: VPN connect error 691 help - new postings
Next by thread: Re: VPN connect error 691 help - new postings
Index(es):
- Date
- Thread

Relevant Pages

Re: Some Questions
... you may need to follow the steps below to configure VPN access ... And make sure you have typed the public FQDN of the SBS ... server on the Web Server Certificate page. ... log in and download Connection Manager. ...
(microsoft.public.windows.server.sbs)
RE: VPN Connectivity issues through LAN
... I understand that you cannot ping SBS after ... you can establish VPN connection from the remote LAN. ... You have to rerun the CEICW to make sure your SBS 2003 server have right ...
(microsoft.public.windows.server.sbs)
RE: VPN
... Thank you for posting in SBS newsgroup. ... establish the VPN connection to the SBS server by using the 'Connection ... The error code indicated "Unable to establish the VPN connection. ...
(microsoft.public.windows.server.sbs)
RE: Remote Access Routing Questions
... When we setup VPN connection to some network from internet, ... When we VPN to the SBS network, we surely can access the Companyweb site by ...
(microsoft.public.windows.server.sbs)
RE: Connect Computer and VPN
... these things compromise any of the security, or is this ment to be on SBS? ... I will start a new post regarding the VPN as this still fails to work. ... Directory and uncheck "Enforce Strict RPC Compliance". ... please test the VPN connection. ...
(microsoft.public.windows.server.sbs)