Solved

Error 736 connecting using PPTP.

Posted on 2006-07-20
8
3,273 Views
Last Modified: 2007-12-19
I am trying to connect to a VPN connection.  Using Windows XP, and all default options.  Receiving this error: TCP/IP reported error 736: The remote computer terminated the control protocol.

VPN server is SBS 2003 with SP1.  ISA server 2004 non sp2.  I have checked the RRAS settings with another known working SBS server.  They all look ok.  I have rerun the Remove access Wizard serveral time after deleted the RRAS configuration.  The wizard runs successfully and reconfigures RRAS.

I have also check the ISA server settings with another known working SBS server.  All ok.
I have disabled RRAS, rerun the Internet connection wizard, checking all options, rerun the RRAS wizard on the to-do list.  Nothing.  Usually VPN works out of the box.



I have enabled logging for RRAS server.   I did notice something in the PPP.log file.
The control protocol for 8021, returned error 1168
[3728] 07-20 11:18:10:508: while making a configure result on port 325
[3728] 07-20 11:18:10:508: FsmClose event received for protocol 8021 on port 325

Also, when I do an ipconfig the PPTP adapter for dial is set to 192.168.11.2 instead of a local ip address.  I think this may be the problem.  In RRAS, it's set to route this ip address as well.  I believe changing the address may solve my problem.  Does anyone know how to do that?
0
Comment
Question by:Supermig
  • 4
  • 4
8 Comments
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
Comment Utility
That error is generally caused by not having an IP address to be able to assign.  As you have stated, this would normally work out of the box, and you shouldn't have to do any manual routing.  While you state that the "adapter for dial is set to 192.168.11.2" I have no reference to know whether that would be a problem or not.  Generally the PPTP IP for your server is set to a different IP than it's local address.

I would suspect that either you don't have enough IP address assigned to RRAS in DHCP (the wizards should automatically assign at least 5 IP's to RRAS -- view this in DHCP Scope > Address Leases).  These IP's are perpetually leased via DHCP so they should always show up there.

Or, in ISA you either don't have VPN Client Access enabled or if you do, you don't have it set for enough clients to match the number of DHCP leases.

Jeff
TechSoEasy
0
 

Author Comment

by:Supermig
Comment Utility
Well, I got it working for now by going into RRAS and setting the VPN adapter to use a pool of addresses from the local scope.  Unfortunately this only works for a few days.  I go back into the same settings, and they are back to using DHCP.  Also if i rerun the Connection Wizard, it resets to DHCP, obviously that doesn't work.  I need to find out where the system has gotten this ghost address.(192.168.11.2)  Sorry I didn't mention before that my server's address is 192.168.16.2, the Wan card is 192.168.1.1, so you see why the 11.2 is so weird.  I have crossedchecked the settings with the other 20 SBS servers I have installed and administer, it doesn't make any sense.
0
 

Author Comment

by:Supermig
Comment Utility
There are no addresses in the DHCP Scope>Address Leases.  The workstations are setup to use static addresses.  But even so, there should be something there.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
Comment Utility
>>>"Also if i rerun the Connection Wizard, it resets to DHCP, obviously that doesn't work."

What do you mean that doesn't work?  If you are getting errors with the CEICW you need to resolve them.  This should be the ONLY way for you to configure your DHCP Scope as well as your RRAS pool.  This is a very good example of why the wizard must be used on an SBS... because there are about 15 different things which must be simultaneously configured for this to work right and the ONLY way to do that is with the CEICW.

Please post a complete IPCONFIG /ALL from the server and I'll be happy to review where you are at.

Jeff
TechSoEasy
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 

Author Comment

by:Supermig
Comment Utility
I am getting NO obvious errors running the CEICW, it runs with no hiccups.  What I mean is that my temporary fix of going into>>RRAS and manually setting the VPN adapter to use a pool of addresses from the local scope INSTEAD of Dhcp<< is reset by the CEICW.  The CEICW, obviously does what it's supposed to do.   What it is also doing, is setting the VPN adapter address (which you can see by the ipconfig below,) to an address that is foreign to the local subnet.  Because of that, a VPN connection is not initialized correctly.  

So, I need to figure out one of two things:

1. Go into the script the CEICW uses and fix the wrong setting(s). or,
2. Manually set the ip address of the VPN adapter.


Here is an ipconfig for your review anyway, settings after the CEICW has ran:

Windows IP Configuration



   Host Name . . . . . . . . . . . . : sbserver

   Primary Dns Suffix  . . . . . . . : *******.local

   Node Type . . . . . . . . . . . . : Unknown

   IP Routing Enabled. . . . . . . . : Yes

   WINS Proxy Enabled. . . . . . . . : Yes

   DNS Suffix Search List. . . . . . : *******.local



Ethernet adapter Server Local Area Connection:



   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection

   Physical Address. . . . . . . . . : 00-11-11-8D-0F-F9

   DHCP Enabled. . . . . . . . . . . : No

   IP Address. . . . . . . . . . . . : 192.168.16.2

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Default Gateway . . . . . . . . . :

   DNS Servers . . . . . . . . . . . : 192.168.16.2

   Primary WINS Server . . . . . . . : 192.168.16.2



Ethernet adapter Internet Connection:



   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Intel(R) PRO/100 S Desktop Adapter

   Physical Address. . . . . . . . . : 00-0E-0C-65-6E-0C

   DHCP Enabled. . . . . . . . . . . : No

   IP Address. . . . . . . . . . . . : 192.168.1.1

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Default Gateway . . . . . . . . . : 192.168.1.254

   DNS Servers . . . . . . . . . . . : 192.168.16.2

   Primary WINS Server . . . . . . . : 192.168.16.2

   NetBIOS over Tcpip. . . . . . . . : Disabled



PPP adapter RAS Server (Dial In) Interface:



   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface

   Physical Address. . . . . . . . . : 00-53-45-00-00-00

   DHCP Enabled. . . . . . . . . . . : No

   IP Address. . . . . . . . . . . . : 192.168.11.2

   Subnet Mask . . . . . . . . . . . : 255.255.255.255

   Default Gateway . . . . . . . . . :

   NetBIOS over Tcpip. . . . . . . . : Disabled

0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 500 total points
Comment Utility
The first thing you need to do is remove the WINS server setting from your External NIC.  Then, I'm guessing that you hae a ghosted IP address that you initially used on your server.  Just use the CHANGE SERVER IP ADDRESS wizard and set it to it's current IP of 192.168.16.2 (which it already is, but obviously not everywhere).  The Change Server IP Address Wizard should fix this.

Jeff
TechSoEasy
0
 

Author Comment

by:Supermig
Comment Utility
Your answer did lead me to fix the problem.  This is what I did.

1.  Removed the WINS setting from the WAN card.
2.  Using the wizard, changed the server ip address to 16.3, and then back to 16.2
3.  Deleted the RRAS configuration.
4.  Reran the CEICW.

Presto.  Give Jeff a medal.  Thanks man.  You're awesome.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
Comment Utility
Glad you got it resolved... generally you don't have to change the server IP back and forth, but if that worked then great!  The wizard does allow you to "change" the IP to the current IP address.  

Deleting the RRAS configuration was also a good idea since manually tinkering with it would make it difficult to un-tinker.  Since the CEICW rebuilds it anyhow, there's no problem in deleting.  FYI, you should also run the Configure Remote Access Wizard so that your VPN Clients are configured properly for download (Small Business Server Connection Manager, downloaded  from Remote Web Workplace main menu).

Jeff
TechSoEasy
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

This guide is intended for migrating Windows 2003 Standard with Exchange 2003 to Windows Small Business Server 2008. You will need the following: Exchange Best Practice Analyzer: http://www.microsoft.com/downloads/details.aspx?FamilyID=DBAB201F-…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now