Hello...in desperate need with help with a small office that wants VPN:
BTW: First post ever on EE ... so be kind :-)
Hardware/software conditions are:
* ISP line with fixed IP, comming into office.
* - Note that Firewall ports are managed by line provider (have to fax to open/close any...so a real pain!)
* ADSL Modem at 192.168.0.1
* Which goes to Switch.
* No internal firewall.
* And comes out to Server 2003 Standard edition at IP 192.168.0.2
* - Runnning DNS, AD, FileServer, WebServer.
* - Currently only 1 NIC (builtin) ... but could install second if explained why/how.
* 10 users.
* Internal range is 192.168.0.x
Steps taken so far:
1) Installed RRAS in manual mode as per instructions found on the web which amount to the following:
* Page1: VPN or Dialup [choose VPN]
* Page2:Set which card is which (internal/public)
* Uncheck Static Packet Filtering
* Page3:IP's Assigned: [choose Custom]
Give range (192.168.0.240- 192.168.0.245)
* Page4:Radius? [No]
* Page5: Warning about adding computer to
* Page6: Warning about DHCP Relaying
*** WARNING: Service Starts automatically!
In the process, wizard created a virtual loopback network card, cut back the default it 5 PPTP.
* Post Installation Cleanup:
* Ensure server is member of RAS and IAS Group
* In RRAS MMC:
* RightClick Ports:
* Limit PPTP Ports to 10 InboundOnly connections
* Limit L2TP ....
* PPOE: Disconnect
* RichtClick SRV1
* IP Tab: IP Routing = TRUE (so clients can see within networkbeyond this comp).
* Made sure the Connection conditions were set to Accept rather than Deny.
3) Modifies a couple of accounts to allow them to Remote Access.
4) Create a client account on a Win XP (and another Win2003) computer...
4) Signed in from a client...works!....For a minute or two or less. Keep on being disconnected.
5) I look at the server logs with full tracing ... but no big error messages. Just basic information as to when I signed in or out...
6) Look at the Client Logs.
I see info that I am signing in:
"The user x successfully established a connection to vpn scr using the device VPN4-1."
I also get some error messages saying:
Warning: Src:MRxSmb EventID: 3019 "The redirector failed to determine the connection type."
Which leads to this KB:
http://www.microsoft.com/products/ee/transform.aspx?EvtSrc=MRxSmb&EvtCat=None&EvtID=3019&EvtCatID=0&EvtType=Warning&EvtTypeID=2&EvtRptTime=1137106359&EvtTZBias=-60&CoName=Microsoft%20Corporation&ProdName=Microsoft%c2%ae%20Windows%c2%ae%20Operating%20System&ProdVer=5.1.2600.0&FileName=netevent.dll&FileVer=5.1.2600.0Which leads to this FAQ:
Error Message: The Redirector Failed to Determine the Connection Type
http://support.microsoft.com/kb/315244/en-usWhich -- I think -- states that its not a critical error...that it just has a bit of trouble, but will continue.
So I don't think this is the source of the disconnections.
I've tried different Clients (WinXP, secondary Win2003 box not yet configured for much)...same issue. About a minute or sometimes a bit more, of access, and then dropped connection.
Possible causes?
* Low quality builtin NIC can't handle this? Doesn't seem likely: if it were failing, since it is same card for office filesharing, I would have seen log errors before.
That I am using one NIC card rather than two? I've tried to figure out what IP to use for the second card, but I never can understand that part... so falling back to the simpler scenario of 1 NIC and 1 virtual. Is this a real problem?
* If I am signed in, then I have passed all conditions, etc? right? It can't possibly be letting me sign in, and then take another minute or so to work its way through conditions that one of them is causing them to drop me? (Anyway, the user account has Accept (Win2000 mode) -- and is not relying on RRAS conditions, so should be ignoring them).
* Missing Firewall port? I have not called the provider to open/close any specific ports (if I remember off hand its port 47?) anyway... If it were closed, I would not be able to establish a connection at all, correct?
* DHCP range is miscongured? What should the range be? Same range as internal network (192.168.0.240-245) or totally different range?
* Bad line? Well, I get the same problem from home over both fixed cable to home router, as well, as Wifi, as well as from within office (which I know is not a great way to test VPN, but atleast it can, and within the same network, should not be dropping).
* ????
As you can see, totally out of ideas. I've tried everything that I thought might be an issued... I've added/removed routing... I've gone back and forth from Dynamic IP to set range...
Help getting this up and running is so very appreciated.
Thanks!
