Solved

Error 736 connecting using PPTP.

Posted on 2006-07-20
8
3,327 Views
Last Modified: 2007-12-19
I am trying to connect to a VPN connection.  Using Windows XP, and all default options.  Receiving this error: TCP/IP reported error 736: The remote computer terminated the control protocol.

VPN server is SBS 2003 with SP1.  ISA server 2004 non sp2.  I have checked the RRAS settings with another known working SBS server.  They all look ok.  I have rerun the Remove access Wizard serveral time after deleted the RRAS configuration.  The wizard runs successfully and reconfigures RRAS.

I have also check the ISA server settings with another known working SBS server.  All ok.
I have disabled RRAS, rerun the Internet connection wizard, checking all options, rerun the RRAS wizard on the to-do list.  Nothing.  Usually VPN works out of the box.



I have enabled logging for RRAS server.   I did notice something in the PPP.log file.
The control protocol for 8021, returned error 1168
[3728] 07-20 11:18:10:508: while making a configure result on port 325
[3728] 07-20 11:18:10:508: FsmClose event received for protocol 8021 on port 325

Also, when I do an ipconfig the PPTP adapter for dial is set to 192.168.11.2 instead of a local ip address.  I think this may be the problem.  In RRAS, it's set to route this ip address as well.  I believe changing the address may solve my problem.  Does anyone know how to do that?
0
Comment
Question by:Supermig
  • 4
  • 4
8 Comments
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17147777
That error is generally caused by not having an IP address to be able to assign.  As you have stated, this would normally work out of the box, and you shouldn't have to do any manual routing.  While you state that the "adapter for dial is set to 192.168.11.2" I have no reference to know whether that would be a problem or not.  Generally the PPTP IP for your server is set to a different IP than it's local address.

I would suspect that either you don't have enough IP address assigned to RRAS in DHCP (the wizards should automatically assign at least 5 IP's to RRAS -- view this in DHCP Scope > Address Leases).  These IP's are perpetually leased via DHCP so they should always show up there.

Or, in ISA you either don't have VPN Client Access enabled or if you do, you don't have it set for enough clients to match the number of DHCP leases.

Jeff
TechSoEasy
0
 

Author Comment

by:Supermig
ID: 17300805
Well, I got it working for now by going into RRAS and setting the VPN adapter to use a pool of addresses from the local scope.  Unfortunately this only works for a few days.  I go back into the same settings, and they are back to using DHCP.  Also if i rerun the Connection Wizard, it resets to DHCP, obviously that doesn't work.  I need to find out where the system has gotten this ghost address.(192.168.11.2)  Sorry I didn't mention before that my server's address is 192.168.16.2, the Wan card is 192.168.1.1, so you see why the 11.2 is so weird.  I have crossedchecked the settings with the other 20 SBS servers I have installed and administer, it doesn't make any sense.
0
 

Author Comment

by:Supermig
ID: 17301746
There are no addresses in the DHCP Scope>Address Leases.  The workstations are setup to use static addresses.  But even so, there should be something there.
0
Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17305554
>>>"Also if i rerun the Connection Wizard, it resets to DHCP, obviously that doesn't work."

What do you mean that doesn't work?  If you are getting errors with the CEICW you need to resolve them.  This should be the ONLY way for you to configure your DHCP Scope as well as your RRAS pool.  This is a very good example of why the wizard must be used on an SBS... because there are about 15 different things which must be simultaneously configured for this to work right and the ONLY way to do that is with the CEICW.

Please post a complete IPCONFIG /ALL from the server and I'll be happy to review where you are at.

Jeff
TechSoEasy
0
 

Author Comment

by:Supermig
ID: 17305751
I am getting NO obvious errors running the CEICW, it runs with no hiccups.  What I mean is that my temporary fix of going into>>RRAS and manually setting the VPN adapter to use a pool of addresses from the local scope INSTEAD of Dhcp<< is reset by the CEICW.  The CEICW, obviously does what it's supposed to do.   What it is also doing, is setting the VPN adapter address (which you can see by the ipconfig below,) to an address that is foreign to the local subnet.  Because of that, a VPN connection is not initialized correctly.  

So, I need to figure out one of two things:

1. Go into the script the CEICW uses and fix the wrong setting(s). or,
2. Manually set the ip address of the VPN adapter.


Here is an ipconfig for your review anyway, settings after the CEICW has ran:

Windows IP Configuration



   Host Name . . . . . . . . . . . . : sbserver

   Primary Dns Suffix  . . . . . . . : *******.local

   Node Type . . . . . . . . . . . . : Unknown

   IP Routing Enabled. . . . . . . . : Yes

   WINS Proxy Enabled. . . . . . . . : Yes

   DNS Suffix Search List. . . . . . : *******.local



Ethernet adapter Server Local Area Connection:



   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection

   Physical Address. . . . . . . . . : 00-11-11-8D-0F-F9

   DHCP Enabled. . . . . . . . . . . : No

   IP Address. . . . . . . . . . . . : 192.168.16.2

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Default Gateway . . . . . . . . . :

   DNS Servers . . . . . . . . . . . : 192.168.16.2

   Primary WINS Server . . . . . . . : 192.168.16.2



Ethernet adapter Internet Connection:



   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Intel(R) PRO/100 S Desktop Adapter

   Physical Address. . . . . . . . . : 00-0E-0C-65-6E-0C

   DHCP Enabled. . . . . . . . . . . : No

   IP Address. . . . . . . . . . . . : 192.168.1.1

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Default Gateway . . . . . . . . . : 192.168.1.254

   DNS Servers . . . . . . . . . . . : 192.168.16.2

   Primary WINS Server . . . . . . . : 192.168.16.2

   NetBIOS over Tcpip. . . . . . . . : Disabled



PPP adapter RAS Server (Dial In) Interface:



   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface

   Physical Address. . . . . . . . . : 00-53-45-00-00-00

   DHCP Enabled. . . . . . . . . . . : No

   IP Address. . . . . . . . . . . . : 192.168.11.2

   Subnet Mask . . . . . . . . . . . : 255.255.255.255

   Default Gateway . . . . . . . . . :

   NetBIOS over Tcpip. . . . . . . . : Disabled

0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 500 total points
ID: 17314981
The first thing you need to do is remove the WINS server setting from your External NIC.  Then, I'm guessing that you hae a ghosted IP address that you initially used on your server.  Just use the CHANGE SERVER IP ADDRESS wizard and set it to it's current IP of 192.168.16.2 (which it already is, but obviously not everywhere).  The Change Server IP Address Wizard should fix this.

Jeff
TechSoEasy
0
 

Author Comment

by:Supermig
ID: 17316251
Your answer did lead me to fix the problem.  This is what I did.

1.  Removed the WINS setting from the WAN card.
2.  Using the wizard, changed the server ip address to 16.3, and then back to 16.2
3.  Deleted the RRAS configuration.
4.  Reran the CEICW.

Presto.  Give Jeff a medal.  Thanks man.  You're awesome.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17316424
Glad you got it resolved... generally you don't have to change the server IP back and forth, but if that worked then great!  The wizard does allow you to "change" the IP to the current IP address.  

Deleting the RRAS configuration was also a good idea since manually tinkering with it would make it difficult to un-tinker.  Since the CEICW rebuilds it anyhow, there's no problem in deleting.  FYI, you should also run the Configure Remote Access Wizard so that your VPN Clients are configured properly for download (Small Business Server Connection Manager, downloaded  from Remote Web Workplace main menu).

Jeff
TechSoEasy
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A lot of problems and solutions are available on the net for the error message "Source server does not meet minimum requirements for migration" while performing a migration from Small Business Server 2003 to SBS 2008. This error pops up just before …
In the event you manage a Small Business Server 2003, and you are audited for PCI compliance, there are several changes you must make in order to pass the audit. I can take no credit for discovering any of these fixes or workarounds, but there is no…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question