Can connect to Windows 2000 VPN, but can do nothing else

Posted on 2006-06-01
Last Modified: 2010-08-05
My question is regarding a VPN connection that was working for the longest time, then just stopped working. I assume it might have been caused by a Windows update, but not sure. The only update recently applied was for a fix to the group policies.

Anyway, the way it's currently setup, is the router/firewall has the PPTP port open to a specific Windows 2000 server, which is setup with Routing and Remote Access Server.

Everything seems fine, as people can connect and get authenticated, but they can no longer access any other server/resource on the network except the RRAS server itself. They need to be able to get to servers other than the RRAS, which they used to be able to do so.

Any ideas? The Event Logs just have errors about DNS problems, but they've always been there.
Question by:mk553
    LVL 77

    Expert Comment

    by:Rob Williams
    Personally I am aware of no updates affecting PPTP VPN's (there are some for IPSec VPN's). However if you have DNS errors, have you tried connecting to the other devices by IP rather than by name, just as a test?

    Author Comment

    Thanks for the comment. No, I can't ping/connect to any other devices by IP address either.

    Another odd thing, is if I try to ping the RRAS server locally by name, the IP address returned is the internal one the RRAS assigned to itself.

    In the meantime, I've been trying to just create a new RRAS server on a different computer, but with worse results. Once enabled, the RRAS server seems to knock the computer off the network -- it seems to prevent any kind of routing (i.e., internet or local resources).

    LVL 77

    Accepted Solution


    What error number do the users get when they try to connect, such as 721 ?
    Does the RRAS server have 1 or 2 network adapters ?
    On the new RRAS server there isn't and IP conflict with another device is there, DHCP or static ?

    Author Comment

    Well, I went ahead and created a new static pool of IP addresses, just to be on the safe side, but what *appears* to have fixed it was removing a windows KB Update. I noticed it was installed right about the time the trouble started.

    To answer your questions though, for anyone else that might have been having the same trouble: no, the users could connect just fine -- they just couldn't ping/connect to anything once connected. The RRAS server would *only* allow people to log in on our PDC. I tried setting it up on other servers, but once enabled, those servers could no longer see the network, effectively breaking everything. So I had to disable those again. There's only 1 NIC in the PDC that finally works now.

    Do you know why the RRAS server would cause such a problem on the non-PDC servers? Once I tried to ping the PDC or gateway, I would just get 'destination host unreachable'. Nothing else had changed though, so it was very confusing (and frustrating) to say the least. :-)

    Thanks again for your help!
    LVL 77

    Expert Comment

    by:Rob Williams
    Thanks mk553,

    Which KB update was it? Would be good to keep an eye out for that as a potential problem.

    As for the problem with RRAS, the only thought I had was it was assigning an IP that was causing a conflict. I have set it up on standalone servers before without a problem. You could also have an authentication problem if Active Directory or DNS were set up wrong but that didn't seem to be the case with your problem.


    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    When you connect to your workplace's VPN, you may not notice that you are using your workplace's servers to serve up webpages.  This might be undesirable since the workplace can log all the places you've been.  It also might be very slow to load pag…
    Overview Often, we set up VPN appliances where the connected clients are on a separate subnet and the company will have alternate internet connections and do not use this particular device as the gateway for certain servers or clients. In this case…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now