[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

RRAS 20209, VPN, SBS 2003, DHCP internal adapter

Posted on 2007-07-30
23
Medium Priority
?
1,663 Views
Last Modified: 2012-08-13
SBS 2003 Standard
2 NIC
CEICW/Remote Access Wizards complete successfully.

Internet Access is fine.  
internal clients are fine.  IPconfigs (i dont have one for clients)  are correct for wins/dns/gateway to the SBS.
here is IP config for the server.


Windows IP Configuration

   Host Name . . . . . . . . . . . . : server01
   Primary Dns Suffix  . . . . . . . : Saunders.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : Saunders.local

PPP adapter RAS Server (Dial In) Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : WAN (PPP/SLIP) Inter
   Physical Address. . . . . . . . . : 00-53-45-00-00-00
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Autoconfiguration IP Address. . . : 169.254.190.13
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter LAN:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : NETGEAR GA311 Gigabi
   Physical Address. . . . . . . . . : 00-0F-B5-FE-98-D4
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.16.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 192.168.16.2
   Primary WINS Server . . . . . . . : 192.168.16.2

Ethernet adapter INTERNET:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT
   Physical Address. . . . . . . . . : 00-13-72-3E-57-68
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.15.10
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.15.1
   DNS Servers . . . . . . . . . . . : 192.168.16.2
   NetBIOS over Tcpip. . . . . . . . : Disabled


I am able to VPN using the connection wizard or through a manually create connection.  However no internet or network resources are available.  

Also the server logs an error 20209
A connection between the VPN server and the VPN client 68.5.97.138 has been established, but the VPN connection cannot be completed. The most common cause for this is that a firewall or router between the VPN server and the VPN client is not configured to allow Generic Routing Encapsulation (GRE) packets (protocol 47). Verify that the firewalls and routers between your VPN server and the Internet allow GRE packets. Make sure the firewalls and routers on the user's network are also configured to allow GRE packets. If the problem persists, have the user contact the Internet service provider (ISP) to determine whether the ISP might be blocking GRE packets.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

The problem seems to lie in the internal adapter not getting an IP from DHCP.  

Also an IPconfig from a VPN connected client shows an IP and Default gateway of the same IP address. (obviously not going out anywhere through yourself)  I have checked the DHCP scope and the internal clients using DHCP are fine.  I assume this is also bcause the internal adapter cant get an ip.
PPP adapter Connect to Small Business Server:

        Connection-specific DNS Suffix  . : Saunders.local
        Description . . . . . . . . . . . : WAN (PPP/SLIP) I
        Physical Address. . . . . . . . . : 00-53-45-00-00-0
        Dhcp Enabled. . . . . . . . . . . : No
        -->IP Address. . . . . . . . . . . . : 192.168.16.13
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        -->Default Gateway . . . . . . . . . : 192.168.16.13
        DNS Servers . . . . . . . . . . . : 192.168.16.2
        Primary WINS Server . . . . . . . : 192.168.16.2

VPN gre47 PPTP passthrough is set on the router as well as forwarding 1723 to the server.  (also it worked a few days ago)  
This is a new client and I was called in after some "virus removal"
Also seems that this server was mainly managed with "enterprise logic"  Although the wizards seem to be running ok.

 

0
Comment
Question by:livegirllove
  • 13
  • 10
23 Comments
 
LVL 1

Author Comment

by:livegirllove
ID: 19598665
I just ran the connection manager to my company server and realized that it gives me the same ip for default gateway and IP so my comment about that being a problem was obviously wrong..  (I use a manually configured VPN connection and I forgot I set it up different.  Making my comparisons of ipconfigs a little off...
I am now able to access the network and the internet at the same time, however I had to setup RRAS to use a static range of IPs.  So something is still up.

Against my better judgement I installed server 2003 SP2 on an slightly ill server and after that the VPN started working.  (although I had to fix help and support service, but we knew that..)
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 19598877
Did you run the "Configure remote access" wizard? This is important with SBS, to properly configure DHCP, RRAS, WINS and the firewall. See:
http://www.lan-2-wan.com/SBS-VPN-instr.htm

>>"realized that it gives me the same ip for default gateway and IP so my comment about that being a problem was obviously wrong"
This is proper.

Sounds like SP2 is not a problem but it can be with VPN's. If so have a look at the following site/issues:
http://www.lan-2-wan.com/2003-SP2.htm
0
 
LVL 1

Author Comment

by:livegirllove
ID: 19601735
i ran it and it completes successfully.
SP2 actually made it so that it worked.  Before that even with the static IP range i had no internet or network access when connected to the VPN and I would get the DHCP error.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 78

Expert Comment

by:Rob Williams
ID: 19602544
Are you saying everything is working now?

>>"I am now able to access the network and the internet at the same time"
For the record there is a security feature in the VPN client that blocks local connections, including local Internet access, to protect the office/remote network. You can disable this if you wish. To do so on the client/connecting PC, go to:
control panel | network connections | right click on the VPN/Virtual adapter and choose properties | Networking | TCP/IP -properties | Advanced | General | un-check  "Use default gateway on remote network"
0
 
LVL 1

Author Comment

by:livegirllove
ID: 19603776
It seems to be working correctly now.  Although I did leave the Static range in RRAS.  However I discovered that the scope options had not been set in DHCP which may be why RRAS wasnt giving out/getting the correct IP info.  However since it isnt my client/server the other tech said let it ride.  I have a feeling that now that I have set the scope options RRAS will work.

Do the scope options not get set by the CEICW if you remove and reinstall DHCP?
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 19603937
To be honest I am not sure in SBS where the client scope options are set.
In the default RRAS configuration using the static address pool, only IP, subnet, and gateway are usually assigned to the client. If you enable the DHCP relay agent in RRAS then it will use the server's "normal" DHCP server functions and hand out the appropriate scope options.
SBS does not seem to use the DHCP relay agent, yet it very nicely hands out the WINS and DNS IP's. I think this is more a function of using the remote client configuration install from RWW or using the client disk, that customizes the client, rather than the server to hand them out.
0
 
LVL 1

Author Comment

by:livegirllove
ID: 19603958
ah ok.
well ill leave this open for a day or so but the issue is resolved.
0
 
LVL 78

Accepted Solution

by:
Rob Williams earned 2000 total points
ID: 19603972
Let's keep out fingers crossed <G>
--Rob
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 19717305
Thanks livegirllove.
Cheers !
--Rob
0
 
LVL 1

Author Comment

by:livegirllove
ID: 19752328
the problem has returned.

The server was rebooted today because a tape got hung in the drive and now its back to the same private IP being assigned to the Internal network interface.

I can hook up to the VPN.  The internal adapter will show an internal IP.  As soon as I try to browse shares it reverts back to the private IP.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 19754468
What state is it in? You can establish a connection, but cannot access any resources over the VPN?

>>"SBS 2003 Standard"
I assume then ISA is not installed?
0
 
LVL 1

Author Comment

by:livegirllove
ID: 19755699
i can connect.  for about 30 seconds I can access the internal website before the servers internal network interface goes to APIPA.

no ISA
0
 
LVL 1

Author Comment

by:livegirllove
ID: 19755854
I set RRAS use to use a static range.  Same thing happens.

I updated the drivers for both NICs to the most current...
0
 
LVL 1

Author Comment

by:livegirllove
ID: 19755868
i should say I set it back to static.  I had changed it to DHCP to see if that would work now.  It didn't so I switched it back but that hasnt helped.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 19755884
So it assigns the correct IP to the server's internal adapter, and then 30 seconds later changes to an APIPA address? Strange.
What happens to the client? Do they get a proper address and then loose the connection when the server changes it's IP? Can you reconnect with the VPN and get an APIPA address? The VPN will work with APIPA addresses, but of course only if both ends are using it.
0
 
LVL 1

Author Comment

by:livegirllove
ID: 19755973
they get a correct IP.  then the server switches to APIPA.  The VPN does not drop.  However they have no access to lan resources.

the client keeps the IP they were originally assigned.

Strange also that even when set to static IPs it still reverts to APIPA.
0
 
LVL 1

Author Comment

by:livegirllove
ID: 19755997
and another thing weird.  I am connected to the server via RDP to the external(public) IP of the server.  If I connect via VPN  I do not drop my connection to the server even though I lose internet access.  i assume this is because im using an IP to RDP so no DNS is required.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 19756048
How many IP's are assigned to your static Range? If less than 10, I am not sure of the results. By default RRAS grabs/reserves the first block of 10 IP's and assigns itself the first one. If you have a static pool of 1 IP or a subnet mask of 255.255.255.255 (in the RRAS pool - that is fine on the client), I suspect you will experience problems as you have described. Make sure you are using >10 IP address pool, and subnet mask matches that of the server's LAN

As for RDP still working, I assume that is a routing issue. When the Server's IP changes you would have to add a route to the client to access anything beyond the server, however the server itself may remain connected. You should be able to access shares on the server even with the new IP...I assume.
0
 
LVL 1

Author Comment

by:livegirllove
ID: 19756106
i have a static block of only 5....

Im actually on the phone with PSS.  They said "that's really strange.  Give me 4 or 5 minutes to research it"  after logging in and poking around.

Ill update with what they say.
0
 
LVL 1

Author Comment

by:livegirllove
ID: 19759252
Well 4-5 minutes turned into them logging in from 9:30am - 1:30PM

It ended up being a registry key was wrong.  I happened to look away when they did it and didnt see which one. DOH!! I have contacted the lady that helped me and hopefully she will send me the details which I will post back here.

btw PSS business critical support is pretty good.  very helpful and courteous and spoke english well enough that I didnt have to strain.

The cause was most likely a windows update and so they never asked me for any money.  However they have my partner account info so they could probably send a bill later.

I will post back when   I get more details.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 19759275
Thanks for updating livegirllove. Love to hear the answer if you hear from them.
Thanks,
--Rob
0
 
LVL 1

Author Comment

by:livegirllove
ID: 19770425
ISSUE: Unable to establish VPN connection
RESOLUTION:
Steps mentioned in KB 323441
http://support.microsoft.com/kb/323441/

There are two NICs on the server and both the NICs are on different subnet. Both of them were not able to communicate with each other hence we enable IP routing  by changing the value of IPEnableRouter key in registry.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
Set the following registry values:
Value Name: IPEnableRouter
Value type: REG_DWORD
Value:1

After the NICs were able to communicate with each other we ran the following command to reset the TCP/IP stack which reverts the value of IPEnableRouter key back to 0
Netsh int ip reset reset.log
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 19775086
Very interesting. I have only seen that key manually edited on non server operating systems. The "LAN and demand-dial routing" option in RRAS should look after the routing. However, I just looked at a couple of systems and enabling and disabling that option does not change the registry key. I am not sure what the differences are.

Good information to know. Out of curiosity, I plan to do a little more digging.
Thanks livegirllove.
Cheers !
--Rob
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
Measuring Server's processing rate with a simple powershell command. The differences in processing rate also was recorded in different use-cases, when a server in free and busy states.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question