Error 721 when making a VPN connection

[Dan Voss]

I use my Windows XP Pro workstation to connect to 3
different VPN Servers. Until recently, I did not have
problems connecting to any of them. The current RRAS
servers that I connect to are a Windows Server 2003, a
Windows 2000 SP3 Server, and a Windows 2000 SP4 Server.
Each of these servers is at a different location. I have
recently begun to experience problems connecting to the
Windows 2000 SP4 Server. When verifying username and
password, I get an Error 721, the remote host is not
responding. Occasionally, I do get a connection.

For comparison purposes, immediately after getting that
error, I have been able to successfully connect to either
of the other 2 servers, so I tend to be ruling out a
problem on my workstation. However, not all users of this
VPN connection are experiencing the same problem.

A review of the RRAS logs shows that there was not a
maximum user problem at the time of the attempted
connection.

I suspect that the installation of Windows SP4 on the
RRAS server may have something to do with this. I have
reviews KB article 810839. It is a little unclear as to
whether the registry change listed at the end of the
article is to be appled to the PPTP client or the server,
but I do know that applying this fix to the client did
not resolve the problem.

Any suggestions are welcome.

 

[Robert L [MS-MVP]]

also check the tcp/ip settings on vpn server.

--
For more and other information, go to http://www.ChicagoTech.net

Don't send e-mail or reply to me except you need consulting services.
Posting on MS newsgroup will benefit all readers and you may get more help.

Robert Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on
http://www.ChicagoTech.net
This posting is provided "AS IS" with no warranties.

 

[Dan Voss]

Here's another key piece of information related to this
problem. I experience this problem when connecting from
my home network. I have also experienced it from one of
our branch offices. However, I have found that I can
connect successfully to the Windows 2000 SP4 server from
my home if I connect directly to my DSL modem - bypassing
my Linksys router. The strange part of this is that I
have no problem connecting through my router to VPN
servers running Windows 2000 SP3 or Windows 2003 Server.

Thanks!

 

[Sharoon Shetty K [MSFT]]

Can you give more details on the how you are getting the error?

Generally if the router (or some other router/firewall in the path) is
blocking the GRE we get this error as the encrypted VPN data travels as the
payload of
an IP packet with a GRE header. If anything blocks GRE in either direction,
no data will flow and the connection fails. GRE (Generic Routing
Encapsulation) is IP protocol 47.

Thanks,
Sharoon

 

[scott]

Hi,

Saw your posting in google.

Im having the same error 721 problem, did you ever find a solution ?

MS article suggested turning off port validate on the 2ksp4 server using
registry, i guess that is why it works without a router/firewall.

http://support.microsoft.com/default.aspx?scid=kb;en-us;810839

I tried this but it made no difference.

Thanks for any help.
Scott.

 

[scott]

Hi,

Thanks for reponse.

- A windows 98 user reported error 650 using PPTP to win2k server sp4
- For testing I have a windows 2000 sp4 clinet (stand alone) sitting behind
a router on a dialup connection.
- This 2k machine reports error 721.
- My 2kserver (sp4) (advanced) sits behind a firewall and 3 routers.
- This service has been working for 2 years with no problems.
- I recently upgraded to sp4 but had no problems until today.
- I ran an existing PPTP VPN dialup connection from both machines to get the
error.
- I ran it internally and did not get an error.

This suggests a routing problem but nothing has changed on the nat table of
firewall filter for ages. I then read this article:

http://support.microsoft.com/default.aspx?scid=kb;en-us;810839

which suggestes its a port validation problem. I spplied the regedit fix but
it made no difference.

In addition, I CANNOT establish a PPTP connnection to any customer networks
from the internal machines. But it does work from the external machine (on
sp4).

I know this suggestes a router/firewall problem but im sure its not.

Let me know if you need any further information ?

Thanks
Scott.







(e-mail address removed)...

 

[scott]

Hi,

This artcile worked thanks.

http://support.microsoft.com/?id=271731

Cheers.
Scott.

 

[scott]

Got a better test:

NET
v
ROUTER
v
ROUTER > win2k clinet (WS012)
v
FIREWALL
v
RAS SERVER

- The win2k clinet (WS012) on the middle router (DMZ) can ALWAYS establish a
PPTP connection to RAS SERVER.
- This connection passes through the FIREWALL.
- Once this connection has been made all other external PPTP WIN2k clients
can connect.
- After WS012 disconnects and after several mins all external WIN2k that
attempt connection get error 721.

What the heck is going on ?

Thanks for any information at all.
Scott.

 

[scott]

futher testing showed:

win98 on external ip connect ok (firewall report PPTP 1723 + GRE)

win 98 manually disconet, reconnect (frewall report PPTP 1723 only)

Its like GRE was lost during the second connection. IE second time GRE did
not make it as far as the FIREWALL.

Im checking middle ROUTER.