vpn connection  does not connect

Posted on 2007-03-19
Last Modified: 2010-04-18
i have 3 DC's and 3 member servers, all working properly. Recentely, the remote access serivce (VPN) stopped working. I reset up the Routing and remote access on one of the dc,and 2 additional member servers with the same results.

The story is like this:
i am trying internally,which means that i do not have to worry about firewalls and routers. I can not connect from a workstation to the remote access service for any user who is granted  permissions to connect. But, i can connect with the same user account from any server or member server. no firewall is enabled at all. If i try to connect from a workstation on the same network, it just says connecting and that it it, then it quits. on the same worksation , i go to command prompt, and type netstat -a, and it shows me that it did established a connection to the remote access server. I tried everything, remote access policy dhcp relay agent with no luck. i am doing pptp. nothing special, and i am going with the default when i setup the routing and remote access server.
Any ideas

Question by:Kazzaz
  • 4
  • 2
LVL 77

Expert Comment

by:Rob Williams
ID: 18753445
As a rule you cannot test this using your External/WAN/Public IP from the same site. You are asking the router to do a 'U'-turn, which most cannot do. Have you tried connecting from off site? or are you using and internal address on the RRAS server as a test ?

You might also want to review the configuration at:
Server 2003 configuration:
Windows XP client configuration:
Is the port forwarding on the router still the same, or has any of the IP addressing changed?

Author Comment

ID: 18753889
Thanks for the reply

I am not asking the router to do U turn, i am just entering the ip address of the RAS server while i am on site , i am not going out at all. If i can connect internally, i can manage the forwarding ports on the router.
My RAS Ip address is, my workstation is, on the workstation my VPN connection is set to contact to connect to the VPN.
I did try it from outside and on the router i have the 1723, 47 port forwarded to, it used to be working right until 2 weeks ago.

LVL 77

Expert Comment

by:Rob Williams
ID: 18757843
There is a security feature in the VPN client that blocks local connections, to protect the office/remote network. In a single server environment this should not affect your ability to connect to the RRAS server, but in the multi-server environment you have, I am not sure of the consequences when connecting locally. For example it could block access to your DC or DNS server. Perhaps try disabling as a test. I am "grasping at straws" but if you wish to do so, on the client/connecting PC, go to:
control panel | network connections | right click on the VPN/Virtual adapter and choose properties | Networking | TCP/IP -properties | Advanced | General | un-check  "Use default gateway on remote network"
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.


Author Comment

ID: 18757893
I did that too with no success. I narrowed it down to policy issues, but i tried all kind policy setting for the users and still the same thing.
Thanks for the input Robwill
LVL 77

Accepted Solution

Rob Williams earned 500 total points
ID: 18758893
Any idea what "policy issues" ? Shouldn't have to enable/disable any polices within RRAS, IAS, or group policy to enable a connection. They are more for restricting access once configured. The only one that would need to be configured is to allow access. Usually this is set in the user's profile in active directory under dial-in. However, if it were set to disabled you would get a an authentication error when connecting.
LVL 77

Expert Comment

by:Rob Williams
ID: 18816562
Thanks Kazzaz,
Cheers !

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now