Supermig
asked on
Error 736 connecting using PPTP.
I am trying to connect to a VPN connection. Using Windows XP, and all default options. Receiving this error: TCP/IP reported error 736: The remote computer terminated the control protocol.
VPN server is SBS 2003 with SP1. ISA server 2004 non sp2. I have checked the RRAS settings with another known working SBS server. They all look ok. I have rerun the Remove access Wizard serveral time after deleted the RRAS configuration. The wizard runs successfully and reconfigures RRAS.
I have also check the ISA server settings with another known working SBS server. All ok.
I have disabled RRAS, rerun the Internet connection wizard, checking all options, rerun the RRAS wizard on the to-do list. Nothing. Usually VPN works out of the box.
I have enabled logging for RRAS server. I did notice something in the PPP.log file.
The control protocol for 8021, returned error 1168
[3728] 07-20 11:18:10:508: while making a configure result on port 325
[3728] 07-20 11:18:10:508: FsmClose event received for protocol 8021 on port 325
Also, when I do an ipconfig the PPTP adapter for dial is set to 192.168.11.2 instead of a local ip address. I think this may be the problem. In RRAS, it's set to route this ip address as well. I believe changing the address may solve my problem. Does anyone know how to do that?
VPN server is SBS 2003 with SP1. ISA server 2004 non sp2. I have checked the RRAS settings with another known working SBS server. They all look ok. I have rerun the Remove access Wizard serveral time after deleted the RRAS configuration. The wizard runs successfully and reconfigures RRAS.
I have also check the ISA server settings with another known working SBS server. All ok.
I have disabled RRAS, rerun the Internet connection wizard, checking all options, rerun the RRAS wizard on the to-do list. Nothing. Usually VPN works out of the box.
I have enabled logging for RRAS server. I did notice something in the PPP.log file.
The control protocol for 8021, returned error 1168
[3728] 07-20 11:18:10:508: while making a configure result on port 325
[3728] 07-20 11:18:10:508: FsmClose event received for protocol 8021 on port 325
Also, when I do an ipconfig the PPTP adapter for dial is set to 192.168.11.2 instead of a local ip address. I think this may be the problem. In RRAS, it's set to route this ip address as well. I believe changing the address may solve my problem. Does anyone know how to do that?
ASKER
Well, I got it working for now by going into RRAS and setting the VPN adapter to use a pool of addresses from the local scope. Unfortunately this only works for a few days. I go back into the same settings, and they are back to using DHCP. Also if i rerun the Connection Wizard, it resets to DHCP, obviously that doesn't work. I need to find out where the system has gotten this ghost address.(192.168.11.2) Sorry I didn't mention before that my server's address is 192.168.16.2, the Wan card is 192.168.1.1, so you see why the 11.2 is so weird. I have crossedchecked the settings with the other 20 SBS servers I have installed and administer, it doesn't make any sense.
ASKER
There are no addresses in the DHCP Scope>Address Leases. The workstations are setup to use static addresses. But even so, there should be something there.
>>>"Also if i rerun the Connection Wizard, it resets to DHCP, obviously that doesn't work."
What do you mean that doesn't work? If you are getting errors with the CEICW you need to resolve them. This should be the ONLY way for you to configure your DHCP Scope as well as your RRAS pool. This is a very good example of why the wizard must be used on an SBS... because there are about 15 different things which must be simultaneously configured for this to work right and the ONLY way to do that is with the CEICW.
Please post a complete IPCONFIG /ALL from the server and I'll be happy to review where you are at.
Jeff
TechSoEasy
What do you mean that doesn't work? If you are getting errors with the CEICW you need to resolve them. This should be the ONLY way for you to configure your DHCP Scope as well as your RRAS pool. This is a very good example of why the wizard must be used on an SBS... because there are about 15 different things which must be simultaneously configured for this to work right and the ONLY way to do that is with the CEICW.
Please post a complete IPCONFIG /ALL from the server and I'll be happy to review where you are at.
Jeff
TechSoEasy
ASKER
I am getting NO obvious errors running the CEICW, it runs with no hiccups. What I mean is that my temporary fix of going into>>RRAS and manually setting the VPN adapter to use a pool of addresses from the local scope INSTEAD of Dhcp<< is reset by the CEICW. The CEICW, obviously does what it's supposed to do. What it is also doing, is setting the VPN adapter address (which you can see by the ipconfig below,) to an address that is foreign to the local subnet. Because of that, a VPN connection is not initialized correctly.
So, I need to figure out one of two things:
1. Go into the script the CEICW uses and fix the wrong setting(s). or,
2. Manually set the ip address of the VPN adapter.
Here is an ipconfig for your review anyway, settings after the CEICW has ran:
Windows IP Configuration
Host Name . . . . . . . . . . . . : sbserver
Primary Dns Suffix . . . . . . . : *******.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : *******.local
Ethernet adapter Server Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection
Physical Address. . . . . . . . . : 00-11-11-8D-0F-F9
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.16.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.16.2
Primary WINS Server . . . . . . . : 192.168.16.2
Ethernet adapter Internet Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100 S Desktop Adapter
Physical Address. . . . . . . . . : 00-0E-0C-65-6E-0C
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.254
DNS Servers . . . . . . . . . . . : 192.168.16.2
Primary WINS Server . . . . . . . : 192.168.16.2
NetBIOS over Tcpip. . . . . . . . : Disabled
PPP adapter RAS Server (Dial In) Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.11.2
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled
So, I need to figure out one of two things:
1. Go into the script the CEICW uses and fix the wrong setting(s). or,
2. Manually set the ip address of the VPN adapter.
Here is an ipconfig for your review anyway, settings after the CEICW has ran:
Windows IP Configuration
Host Name . . . . . . . . . . . . : sbserver
Primary Dns Suffix . . . . . . . : *******.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : *******.local
Ethernet adapter Server Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection
Physical Address. . . . . . . . . : 00-11-11-8D-0F-F9
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.16.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.16.2
Primary WINS Server . . . . . . . : 192.168.16.2
Ethernet adapter Internet Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100 S Desktop Adapter
Physical Address. . . . . . . . . : 00-0E-0C-65-6E-0C
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.254
DNS Servers . . . . . . . . . . . : 192.168.16.2
Primary WINS Server . . . . . . . : 192.168.16.2
NetBIOS over Tcpip. . . . . . . . : Disabled
PPP adapter RAS Server (Dial In) Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.11.2
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Your answer did lead me to fix the problem. This is what I did.
1. Removed the WINS setting from the WAN card.
2. Using the wizard, changed the server ip address to 16.3, and then back to 16.2
3. Deleted the RRAS configuration.
4. Reran the CEICW.
Presto. Give Jeff a medal. Thanks man. You're awesome.
1. Removed the WINS setting from the WAN card.
2. Using the wizard, changed the server ip address to 16.3, and then back to 16.2
3. Deleted the RRAS configuration.
4. Reran the CEICW.
Presto. Give Jeff a medal. Thanks man. You're awesome.
Glad you got it resolved... generally you don't have to change the server IP back and forth, but if that worked then great! The wizard does allow you to "change" the IP to the current IP address.
Deleting the RRAS configuration was also a good idea since manually tinkering with it would make it difficult to un-tinker. Since the CEICW rebuilds it anyhow, there's no problem in deleting. FYI, you should also run the Configure Remote Access Wizard so that your VPN Clients are configured properly for download (Small Business Server Connection Manager, downloaded from Remote Web Workplace main menu).
Jeff
TechSoEasy
Deleting the RRAS configuration was also a good idea since manually tinkering with it would make it difficult to un-tinker. Since the CEICW rebuilds it anyhow, there's no problem in deleting. FYI, you should also run the Configure Remote Access Wizard so that your VPN Clients are configured properly for download (Small Business Server Connection Manager, downloaded from Remote Web Workplace main menu).
Jeff
TechSoEasy
I would suspect that either you don't have enough IP address assigned to RRAS in DHCP (the wizards should automatically assign at least 5 IP's to RRAS -- view this in DHCP Scope > Address Leases). These IP's are perpetually leased via DHCP so they should always show up there.
Or, in ISA you either don't have VPN Client Access enabled or if you do, you don't have it set for enough clients to match the number of DHCP leases.
Jeff
TechSoEasy