Can't connect more than two clients through SBS VPN--> 736 error

Posted on 2006-04-19
Last Modified: 2008-06-10
We have an office sever with SBS 2003 and VPN setup. We have no problem connecting two remote XP clients to the network, but when a third tries to connect we get
"TCP/IP CP reported error 736: The remote computer terminated the control protocol."  I know that SBS 2003 will not allow more that two terminal service connections is this
the same for VPN?  If not, how can I get more than two connections?
Question by:DBBurnsIN
    LVL 4

    Accepted Solution

    It's acting like there are only 2 vpn ports defined for that protocol in RRAS.  Either that or the assigned IP addresses (whether static or through bridging dhcp) have only 2 available and then cannot create a port for the third.  By default I believe there are like 10 or 11 concurrent connections setup in SBS, but really only half that as half are L2TP and other half are PPTP, of which you are most likely only using one.

    Look in RRAS (Routing and Remote Access).  Click on Ports. And see how many PPTP ports you have showing in the list.  If it's more than two or three then right click on the "server name (Local)" and select Properties.  (If it's not more than three then you need add more PPTP ports.

    Click on the IP tab and see whether you are using DHCP on the server or static IP's.  If static IP's note how many there are and jot down the IP's listed.  (If you're using static IP's and you added more PPTP ports above then you'll also need to add more static IP addresses to match that number).  Now click on the Logging tab and select "log all events".

    If you were using DHCP, Close out those windows and go to your DHCP server.  Open up your main Scope, then Client Leases.  You should see several listings with the little dial up networking symbol icon beside them (with a little phone).  See how many you have, and notate the IP addresses.  If less than the number of ports you had above you need to add more to the dhcp leases.  If not then check those IP addresses and insure that you haven't added static IP's somewhere in the network that overlap that list of dhcp lease addresses.

    Finally, have your users attempt to log on to vpn and get the error:

    To enable RAS logs run command “netsh ras set tracing * enabled”  (for some reason this is frequently disabled in SBS regardless of what you set in the logging directory)
    Now have those 3 users attempt to recreate the error by logging in.
    Now immediately dump the RAS logs to disk by typing “netsh ras set tracing * disabled” command.
    Check the logs at c:\windows\tracing directory (or your main win directory if different)
    Some of the files where you can look to debug the problem are –

    Also see the “Event viewer” and see if you can find any by “RemoteAccess” .

    Error codes related to RRAS are listed at

    Let us know what you find

    Matt Ridings
    MSR Consulting

    Author Comment

    Thanks Matt, all I had to do was change the IP setting from DHCP to Static and it worked.
    LVL 4

    Expert Comment

    Cool, probably didn't have enough IP's in your dynamic pool.

    Glad it worked,

    Matt Ridings
    MSR Consulting

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    In the event you manage a Small Business Server 2003, and you are audited for PCI compliance, there are several changes you must make in order to pass the audit. I can take no credit for discovering any of these fixes or workarounds, but there is no…
    The problem of the system drive in SBS 2003 getting full continues to be an issue, even though SBS 2008 and SBS 2011 are both in the market place.  There are several solutions to this, including adding additional drive space or using third party uti…
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    9 Experts available now in Live!

    Get 1:1 Help Now