VPN Connections in 2000 Driving Me Crazy!

  • Thread starter Thread starter Karl Burrows
  • Start date Start date
K

Karl Burrows

I'm not sure what is going on, but I have having a bear of time getting VPN
connections established between several Win2000 machines and a Win2000
server at our home office. The clients all have SP4 and all updates and
patches and are the same model/make computer (or so I am told). I can
connect from home with no problem (XP and 2000).

These were all recently upgraded from NT (no VPN setup then). I get the
following errors on the machines:

Error 721 Remote computer is not responding
Error 781 Encryption attempt failed...

All the settings are the default settings form the wizard (there is no
IPSec, etc.).

I have port 1723 forwarded on a Linksys router at the home office. Again, I
am able to Terminal Services in and VPN from home with no problem. I read
somewhere about another port for GRE?

Thanks!
 
The 781 error tells me that those computers are trying to use l2tp to connect instead
of pptp. On the vpn connectoid for those computers go to properties/networking and
for type of vpn server make sure that pptp is selected - not auto or l2tp. --- Steve
 
That worked on one machine. All the others time out after a few minutes
saying unable to connect.

I don't have IPX/SPX installed or any other protocol that might stop
authentication.

Any other thoughts? A setting on a server?

Thanks!

The 781 error tells me that those computers are trying to use l2tp to
connect instead
of pptp. On the vpn connectoid for those computers go to
properties/networking and
for type of vpn server make sure that pptp is selected - not auto or
2tp. --- Steve
 
You might want to double check that you have enough ip addresses available on the vpn
server either from an internal dhcp server or static assignment list in Remote Access
Management server name/properties/ip. You also need to make sure that you have enough
pptp ports available for connections. Checking the Event Viewer log on the vpn server
may also provide clues. I had trouble with the supposed SPI on my Linksys router and
had to disable it to get pptp vpn server to work behind it. I was using the four port
wired version. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;308208

Karl Burrows said:
That worked on one machine. All the others time out after a few minutes
saying unable to connect.

I don't have IPX/SPX installed or any other protocol that might stop
authentication.

Any other thoughts? A setting on a server?

Thanks!

The 781 error tells me that those computers are trying to use l2tp to
connect instead
of pptp. On the vpn connectoid for those computers go to
properties/networking and
for type of vpn server make sure that pptp is selected - not auto or
2tp. --- Steve
Click to expand...
 
I setup 10 connections and all 10 WAN miniports show up in the properties.
I assigned a 10 IP address range to the incoming connections, so the Linksys
shouldn't even get involved with the connection other than forwarding the
port request.

I was also connecting each with no other connections open, so it was just
one connection in at a time.

Would it have anything to so with CHAP? Log files aren't telling me
anything other than the connections I am able to make. Nothing in there
where connections have tried to connect, so something is probably happening
on the client end and not the server.

I'm pretty clueless at this point. I have setup VPN at for at least 3 other
servers without this many problems.

?????

Thanks for the help!!!!

You might want to double check that you have enough ip addresses available
on the vpn
server either from an internal dhcp server or static assignment list in
Remote Access
Management server name/properties/ip. You also need to make sure that you
have enough
pptp ports available for connections. Checking the Event Viewer log on the
vpn server
may also provide clues. I had trouble with the supposed SPI on my Linksys
router and
had to disable it to get pptp vpn server to work behind it. I was using the
four port
wired version. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;308208

Karl Burrows said:
That worked on one machine. All the others time out after a few minutes
saying unable to connect.

I don't have IPX/SPX installed or any other protocol that might stop
authentication.

Any other thoughts? A setting on a server?

Thanks!

The 781 error tells me that those computers are trying to use l2tp to
connect instead
of pptp. On the vpn connectoid for those computers go to
properties/networking and
for type of vpn server make sure that pptp is selected - not auto or
2tp. --- Steve


Karl Burrows said:
I'm not sure what is going on, but I have having a bear of time getting VPN
connections established between several Win2000 machines and a Win2000
server at our home office. The clients all have SP4 and all updates and
patches and are the same model/make computer (or so I am told). I can
connect from home with no problem (XP and 2000).

These were all recently upgraded from NT (no VPN setup then). I get the
following errors on the machines:

Error 721 Remote computer is not responding
Error 781 Encryption attempt failed...

All the settings are the default settings form the wizard (there is no
IPSec, etc.).

I have port 1723 forwarded on a Linksys router at the home office.
Click to expand...
Again,
Click to expand...
 
Don't know why you would be using Chap, but if you are that could be a problem. Check
the authentication methods allowed in RRAS management console for the server
properties and in remote access policies. You want to configure clients to use MS
ChapV2 anyhow if possible.You also may want to check the remote access logs in
\winnt\system32\logfiles folder. Check your remote access policy/edit profile
settings carefully as there might be something there restricting access. I have never
dealt with NT4 upgraded machines, but it seems if there may be some issue there.
Double check that they are using the correct public address to connect to your
network and I also understand some ISP's may filter/not allow vpn traffic for
whatever reason. You may want to attempt a vpn connection from one of those machines
over your lan to rule out wan problems - just have it use the internal lan ip address
of the vpn server. I do that when troubleshooting. There is also a
win2000.ras_routing newsgroup that you may want to post in. -- Steve


Karl Burrows said:
I setup 10 connections and all 10 WAN miniports show up in the properties.
I assigned a 10 IP address range to the incoming connections, so the Linksys
shouldn't even get involved with the connection other than forwarding the
port request.

I was also connecting each with no other connections open, so it was just
one connection in at a time.

Would it have anything to so with CHAP? Log files aren't telling me
anything other than the connections I am able to make. Nothing in there
where connections have tried to connect, so something is probably happening
on the client end and not the server.

I'm pretty clueless at this point. I have setup VPN at for at least 3 other
servers without this many problems.

?????

Thanks for the help!!!!

You might want to double check that you have enough ip addresses available
on the vpn
server either from an internal dhcp server or static assignment list in
Remote Access
Management server name/properties/ip. You also need to make sure that you
have enough
pptp ports available for connections. Checking the Event Viewer log on the
vpn server
may also provide clues. I had trouble with the supposed SPI on my Linksys
router and
had to disable it to get pptp vpn server to work behind it. I was using the
four port
wired version. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;308208
Click to expand...
 
Not running CHAP. I was just thinking that the older protocol may work with
the NT upgraded machines.

What I am trying to do is connect our deli locations to the home office to
upload payroll and to do our ordering. The setup is one computer at each
location on DSL behind a Linksys router. All are setup exactly the same.
All were upgraded from NT (I think 1 or 3 may have had to have a clean
install done) and all have the same patches and upgrades, etc.

I think there has to be something left over from the NT O/S that is keeping
these from connecting. I checked TCP/IP, there is no IPX/SPX, NetBEUI or
other running. Just TCP/IP.

I can usually go to a server, start RRAS and away we go with connections,
but something seems to be blocking it, which makes me think it is from the
client side.

Any other suggestions? I really appreciate your assistance!!!


Don't know why you would be using Chap, but if you are that could be a
problem. Check
the authentication methods allowed in RRAS management console for the server
properties and in remote access policies. You want to configure clients to
use MS
ChapV2 anyhow if possible.You also may want to check the remote access logs
in
\winnt\system32\logfiles folder. Check your remote access policy/edit
profile
settings carefully as there might be something there restricting access. I
have never
dealt with NT4 upgraded machines, but it seems if there may be some issue
there.
Double check that they are using the correct public address to connect to
your
network and I also understand some ISP's may filter/not allow vpn traffic
for
whatever reason. You may want to attempt a vpn connection from one of those
machines
over your lan to rule out wan problems - just have it use the internal lan
ip address
of the vpn server. I do that when troubleshooting. There is also a
win2000.ras_routing newsgroup that you may want to post in. -- Steve


Karl Burrows said:
I setup 10 connections and all 10 WAN miniports show up in the properties.
I assigned a 10 IP address range to the incoming connections, so the Linksys
shouldn't even get involved with the connection other than forwarding the
port request.

I was also connecting each with no other connections open, so it was just
one connection in at a time.

Would it have anything to so with CHAP? Log files aren't telling me
anything other than the connections I am able to make. Nothing in there
where connections have tried to connect, so something is probably happening
on the client end and not the server.

I'm pretty clueless at this point. I have setup VPN at for at least 3 other
servers without this many problems.

?????

Thanks for the help!!!!

You might want to double check that you have enough ip addresses available
on the vpn
server either from an internal dhcp server or static assignment list in
Remote Access
Management server name/properties/ip. You also need to make sure that you
have enough
pptp ports available for connections. Checking the Event Viewer log on the
vpn server
may also provide clues. I had trouble with the supposed SPI on my Linksys
router and
had to disable it to get pptp vpn server to work behind it. I was using the
four port
wired version. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;308208
Click to expand...
 
Can't think of much more except I would take a laptop that I know can make a vpn
connection to one of the locations to see what happens to try to narrow the problem
down. I would also make sure that the configuration on your router at home matches
those of the remote locations as far as advanced features such as pptp passthrough
and SPI [if any]. --- Steve
 
The outgoing routers don't need any setup, do they? Just the one that is
receiving the VPN request.

Can't think of much more except I would take a laptop that I know can make a
vpn
connection to one of the locations to see what happens to try to narrow the
problem
down. I would also make sure that the configuration on your router at home
matches
those of the remote locations as far as advanced features such as pptp
passthrough
and SPI [if any]. --- Steve
 
I am not sure exactly how they hande inbound pptp traffic. Generally anything you
send out allows response back in, but it may be different due to how vpn traffic is
encapsulated. What advanced configuration works at your home should work at the
remote locations. Assuming they are same model, it would be worth checking it
out. --- Steve

Karl Burrows said:
The outgoing routers don't need any setup, do they? Just the one that is
receiving the VPN request.

Can't think of much more except I would take a laptop that I know can make a
vpn
connection to one of the locations to see what happens to try to narrow the
problem
down. I would also make sure that the configuration on your router at home
matches
those of the remote locations as far as advanced features such as pptp
passthrough
and SPI [if any]. --- Steve

Karl Burrows said:
Not running CHAP. I was just thinking that the older protocol may work with
the NT upgraded machines.

What I am trying to do is connect our deli locations to the home office to
upload payroll and to do our ordering. The setup is one computer at each
location on DSL behind a Linksys router. All are setup exactly the same.
All were upgraded from NT (I think 1 or 3 may have had to have a clean
install done) and all have the same patches and upgrades, etc.

I think there has to be something left over from the NT O/S that is keeping
these from connecting. I checked TCP/IP, there is no IPX/SPX, NetBEUI or
other running. Just TCP/IP.

I can usually go to a server, start RRAS and away we go with connections,
but something seems to be blocking it, which makes me think it is from the
client side.

Any other suggestions? I really appreciate your assistance!!!


Don't know why you would be using Chap, but if you are that could be a
problem. Check
the authentication methods allowed in RRAS management console for the server
properties and in remote access policies. You want to configure clients to
use MS
ChapV2 anyhow if possible.You also may want to check the remote access logs
in
\winnt\system32\logfiles folder. Check your remote access policy/edit
profile
settings carefully as there might be something there restricting access. I
have never
dealt with NT4 upgraded machines, but it seems if there may be some issue
there.
Double check that they are using the correct public address to connect to
your
network and I also understand some ISP's may filter/not allow vpn traffic
for
whatever reason. You may want to attempt a vpn connection from one of those
machines
over your lan to rule out wan problems - just have it use the internal lan
ip address
of the vpn server. I do that when troubleshooting. There is also a
win2000.ras_routing newsgroup that you may want to post in. -- Steve
Click to expand...
Click to expand...
 
Karl,
The router I am using, a D-Link, is able to accept only one connection at a
time. It did not say anything in the documentation, only when I contacted
D-Link Technical Support did I find out.
If you find that only one connection at a time is supported, and it is just
the first one that tries to connect when there is no existing connection,
then this might be part of your problem.
HTH
Dave
Karl Burrows said:
I setup 10 connections and all 10 WAN miniports show up in the properties.
I assigned a 10 IP address range to the incoming connections, so the Linksys
shouldn't even get involved with the connection other than forwarding the
port request.

I was also connecting each with no other connections open, so it was just
one connection in at a time.

Would it have anything to so with CHAP? Log files aren't telling me
anything other than the connections I am able to make. Nothing in there
where connections have tried to connect, so something is probably happening
on the client end and not the server.

I'm pretty clueless at this point. I have setup VPN at for at least 3 other
servers without this many problems.

?????

Thanks for the help!!!!

You might want to double check that you have enough ip addresses available
on the vpn
server either from an internal dhcp server or static assignment list in
Remote Access
Management server name/properties/ip. You also need to make sure that you
have enough
pptp ports available for connections. Checking the Event Viewer log on the
vpn server
may also provide clues. I had trouble with the supposed SPI on my Linksys
router and
had to disable it to get pptp vpn server to work behind it. I was using the
four port
wired version. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;308208
Click to expand...
 
I tried them independently (in other words when another one was not
connected).

Any other thoughts?

Karl,
The router I am using, a D-Link, is able to accept only one connection at a
time. It did not say anything in the documentation, only when I contacted
D-Link Technical Support did I find out.
If you find that only one connection at a time is supported, and it is just
the first one that tries to connect when there is no existing connection,
then this might be part of your problem.
HTH
Dave
Karl Burrows said:
I setup 10 connections and all 10 WAN miniports show up in the properties.
I assigned a 10 IP address range to the incoming connections, so the Linksys
shouldn't even get involved with the connection other than forwarding the
port request.

I was also connecting each with no other connections open, so it was just
one connection in at a time.

Would it have anything to so with CHAP? Log files aren't telling me
anything other than the connections I am able to make. Nothing in there
where connections have tried to connect, so something is probably happening
on the client end and not the server.

I'm pretty clueless at this point. I have setup VPN at for at least 3 other
servers without this many problems.

?????

Thanks for the help!!!!

You might want to double check that you have enough ip addresses available
on the vpn
server either from an internal dhcp server or static assignment list in
Remote Access
Management server name/properties/ip. You also need to make sure that you
have enough
pptp ports available for connections. Checking the Event Viewer log on the
vpn server
may also provide clues. I had trouble with the supposed SPI on my Linksys
router and
had to disable it to get pptp vpn server to work behind it. I was using the
four port
wired version. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;308208
Click to expand...
 
It appears, according to the Linksys site, that it accepts all responses
from all incoming requests.

I am not sure exactly how they hande inbound pptp traffic. Generally
anything you
send out allows response back in, but it may be different due to how vpn
traffic is
encapsulated. What advanced configuration works at your home should work at
the
remote locations. Assuming they are same model, it would be worth checking
it
out. --- Steve

Karl Burrows said:
The outgoing routers don't need any setup, do they? Just the one that is
receiving the VPN request.

Can't think of much more except I would take a laptop that I know can make a
vpn
connection to one of the locations to see what happens to try to narrow the
problem
down. I would also make sure that the configuration on your router at home
matches
those of the remote locations as far as advanced features such as pptp
passthrough
and SPI [if any]. --- Steve

Karl Burrows said:
Not running CHAP. I was just thinking that the older protocol may work with
the NT upgraded machines.

What I am trying to do is connect our deli locations to the home office to
upload payroll and to do our ordering. The setup is one computer at each
location on DSL behind a Linksys router. All are setup exactly the same.
All were upgraded from NT (I think 1 or 3 may have had to have a clean
install done) and all have the same patches and upgrades, etc.

I think there has to be something left over from the NT O/S that is keeping
these from connecting. I checked TCP/IP, there is no IPX/SPX, NetBEUI or
other running. Just TCP/IP.

I can usually go to a server, start RRAS and away we go with connections,
but something seems to be blocking it, which makes me think it is from the
client side.

Any other suggestions? I really appreciate your assistance!!!


Don't know why you would be using Chap, but if you are that could be a
problem. Check
the authentication methods allowed in RRAS management console for the server
properties and in remote access policies. You want to configure clients to
use MS
ChapV2 anyhow if possible.You also may want to check the remote access logs
in
\winnt\system32\logfiles folder. Check your remote access policy/edit
profile
settings carefully as there might be something there restricting access. I
have never
dealt with NT4 upgraded machines, but it seems if there may be some issue
there.
Double check that they are using the correct public address to connect to
your
network and I also understand some ISP's may filter/not allow vpn traffic
for
whatever reason. You may want to attempt a vpn connection from one of those
machines
over your lan to rule out wan problems - just have it use the internal lan
ip address
of the vpn server. I do that when troubleshooting. There is also a
win2000.ras_routing newsgroup that you may want to post in. -- Steve


using
the updates
and get
the
Click to expand...
is
no
Click to expand...
Click to expand...
 
Appears it responds/replies to all requests (per the Linksys site).

I tried them independently (in other words when another one was not
connected).

Any other thoughts?

Karl,
The router I am using, a D-Link, is able to accept only one connection at a
time. It did not say anything in the documentation, only when I contacted
D-Link Technical Support did I find out.
If you find that only one connection at a time is supported, and it is just
the first one that tries to connect when there is no existing connection,
then this might be part of your problem.
HTH
Dave
Karl Burrows said:
I setup 10 connections and all 10 WAN miniports show up in the properties.
I assigned a 10 IP address range to the incoming connections, so the Linksys
shouldn't even get involved with the connection other than forwarding the
port request.

I was also connecting each with no other connections open, so it was just
one connection in at a time.

Would it have anything to so with CHAP? Log files aren't telling me
anything other than the connections I am able to make. Nothing in there
where connections have tried to connect, so something is probably happening
on the client end and not the server.

I'm pretty clueless at this point. I have setup VPN at for at least 3 other
servers without this many problems.

?????

Thanks for the help!!!!

You might want to double check that you have enough ip addresses available
on the vpn
server either from an internal dhcp server or static assignment list in
Remote Access
Management server name/properties/ip. You also need to make sure that you
have enough
pptp ports available for connections. Checking the Event Viewer log on the
vpn server
may also provide clues. I had trouble with the supposed SPI on my Linksys
router and
had to disable it to get pptp vpn server to work behind it. I was using the
four port
wired version. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;308208
Click to expand...
 
Back
Top