We help IT Professionals succeed at work.

Anyone know of good online information for setting up VPN Access to SBS Server 2003.

mstep3
mstep3 asked
on
194 Views
Last Modified: 2010-04-19
Hi,

Does anyone know of any good online articles & troubleshooting information for setting up VPN access to Windows Small Business Server 2003.  Having a few difficulties setting up VPN access to Small Business Server 2003 using SMC Broadband Router/Firewall.  Thanks for any helpful information you may be able to provide.

Thanks,
Mike
Comment
Watch Question

Brian PiercePhotographer
CERTIFIED EXPERT
Awarded 2007
Top Expert 2008

Commented:

Author

Commented:
Hi,

I've read through many of the articles and tried many of the suggestions but my configuration still does not seem to be working correct.  

I am running SBS 2003 with dual nic configuration and an SMC broadband modem/router/firewall for my internet connection.  I've got the router/firewall set up to forward incoming requests on port 1723 to the IP address of the External Nic on the SBS Server using port forwarding.  Is this the correct thing to do to get the request to the Server or should I be using something else?

Thanks,
Mike
Jeffrey Kane - TechSoEasyPrincipal Consultant
CERTIFIED EXPERT
Most Valuable Expert 2016
Top Expert 2014

Commented:
That sounds correct, but you also need GRE Protocol 47 enabled on the router.  Generally this is called PPTP Passthrough.

Outside of that, see http://sbsurl.com/vpn for the visual how-to for running the Remote Access Configuration Wizard.

If you are still having problems, you need to specify the exact error message you're getting in order for us to understand what the problem is.

Jeff
TechSoEasy

Author

Commented:
Hi,

Right now when I try to connect I am getting an

Error 691:  Access was denied because the username and/or password was invalid on the domain.

I started using Remote Web Workplace because I couldn't get VPN connection.

I am a little confused because I am not even sure on my firewall/router how to enable PPTP (GRE 47 Protocol).  The router is an SMC Comcast Business Broadband Router.  The only section I have that pertains to PPTP is a section under VPN that I can add users for PPTP/L2TP Connection.  Is there anything specific that I should look for to allow GRE or is this probably it.

I'm certain that the user I'm logging in with is correct and is under Mobile Users Group.  Thanks for the help.

Mike
Jeffrey Kane - TechSoEasyPrincipal Consultant
CERTIFIED EXPERT
Most Valuable Expert 2016
Top Expert 2014

Commented:
Well, even though you didn't provide the make/model of your router, that's not actually the problem here...

If you're getting Error 691, then most likely you ARE getting through to the SBS's VPN Authorization, but you might still have things misconfigured.  

Are you using the Small Business Connection Manager VPN Client (Downloaded from the RWW Main Menu)?

Or did you create the VPN Connection manually?  If you did that, then see these troubleshooting steps:
http://www.howtonetworking.com/casestudy/vpnerror691.htm

Jeff
TechSoEasy
Jeffrey Kane - TechSoEasyPrincipal Consultant
CERTIFIED EXPERT
Most Valuable Expert 2016
Top Expert 2014

Commented:
FYI, VPN's are normally only used for laptops which are members of the domain.  
RWW is a better solution for those people who have desktop workstations in the office.

Jeff
TechSoEasy

Author

Commented:
Hello,

Thanks for the links.  I did go through them and verify that I had the VPN connections set up properly.

I actually have tried setting up the VPN connection manually and also I have downloaded the Connection Manger using the RWW Main Page.  When I try to connect outisde my office from home they both give the same error 691:  'Access was denied because the username and/or password was invalid on the domain'.  I'm stumped on it right now, not sure what's wrong.

It's not really necessecary for me to be able to VPN, I guess I'm basically just wanting to make it work.  I am able to do everything I need to do using Remote Web Workplace.

Thanks for your help and suggestions.

Mike



Jeffrey Kane - TechSoEasyPrincipal Consultant
CERTIFIED EXPERT
Most Valuable Expert 2016
Top Expert 2014

Commented:
And what happens if you try to connect from INSIDE your office?

Also, what is the OS on the computer you are connecting from?  Is it a domain-joined laptop?  Or your home computer?

Jeff
TechSoEasy

Author

Commented:
Hi,

It does authenticate and I can connect from within the network when I set up a VPN connection manually and it's using Windows XP Home.  I am not able to authenticate when I try to connect outside my network.  

I know I can't configure it on the domain cause it's XP Home, but if the laptop has not been added to the domain using the connect client computer wizard is it not possible to connect to my network through VPN connection?

Thanks,
Mike
Jeffrey Kane - TechSoEasyPrincipal Consultant
CERTIFIED EXPERT
Most Valuable Expert 2016
Top Expert 2014

Commented:
Are those two separate issues?  Or are you using this same laptop at home as well?

Jeff
TechSoEasy

Author

Commented:
Yes, I am using the same laptop at home as well as at work.  I am able to set up a VPN connection and connect to the server at work but I can't get it to authenticate when I try to access from outside the network.  

Thanks,
Mike
Jeffrey Kane - TechSoEasyPrincipal Consultant
CERTIFIED EXPERT
Most Valuable Expert 2016
Top Expert 2014

Commented:
Please provide a COMPLETE ipconfig /all from your SBS.

Also, have you tested "outside the network" from various locations? or just from home?

Jeff
TechSoEasy

Author

Commented:
Hello,

No, I haven't tried connecting from any other locations yet, only from home.  I do have a hardware firewall at home too so I don't know if that might be affecting it.  It does seem to try to authenticate though so I don't think anything is getting blocked.

Thanks,
Mike



Windows IP Configuration

   Host Name . . . . . . . . . . . . : scs-server
   Primary Dns Suffix  . . . . . . . : SCS.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : SCS.local

Ethernet adapter Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/100 S Server Adapter
   Physical Address. . . . . . . . . : 00-1B-21-00-CD-A5
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 10.1.10.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.1.10.1
   DNS Servers . . . . . . . . . . . : 192.168.10.2
   Primary WINS Server . . . . . . . : 192.168.10.2
   NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Server Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : HP NC7760 Gigabit Server Adapter
   Physical Address. . . . . . . . . : 00-0B-CD-CF-DD-0E
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.10.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 192.168.10.2
   Primary WINS Server . . . . . . . : 192.168.10.2
Principal Consultant
CERTIFIED EXPERT
Most Valuable Expert 2016
Top Expert 2014
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
Hello,

Thank you for your time and help.  We have decided to use RWW rather than setting up VPN connections.  It seems much more secure and has much more functionality than using VPN connection.  I appreciate all your help.

Mike

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.