Windows SBS 2003 VPN error 691
We are in a Windows SBS 2003 Domain enviroment and have implemented VPN for mobile users to acces the domain. I am able to connect to the domain via VPN with all users for the excetpion of 2. These 2 user were created recently. I gave the users mobile, power user and even administrative right and still, they are not allowed to connect through VPN. I receive error 691. i have checked over and over again to make sure the all have the same rights, and no dice.
btw, we are trying to connect with window xp pro sp 2 machines.
btw, we are trying to connect with window xp pro sp 2 machines.
ASKER
I have been testing VPN from home, so it has been 1 user at a time.
I am using the Windows XP Pro VPN CLient.
I am using the Windows XP Pro VPN CLient.
Try going to your remote web workplace loging in (uncheck box saying 'I'm using public computer) and then download the connecction manager and try again using that to connect.
ASKER
RWW has also been down, i receive this error Server Error in '/Remote' Application.
But why would vpn work with all users except for 2?
But why would vpn work with all users except for 2?
Local firewall on the 2 pc's?
ASKER
No change, can connect with all but 2 users.
ASKER
I am testing from my local machine to office server. I do have a firwall at both ends and they have been configured for vpn...I am testing all users from my home machine to the office server 1 at a time. all are able to connect but 2 users. so the enviroment hasnt changed from user to user.
On a machine that works, can you connect using one of the failing user names? ie is it a user specific error or a machine specific error?
ASKER
I am testing every user on a single machine...VPN has only been tested on my home machine and 2 out of the 10 users cannot connect. There has been no other tests on other machines. So it is 2 specific users that cannot connect.
In your AD, are the users authorised for remote access in the account details?
ASKER
Yes they are allowed remote access.
Do you have a vpn_users group? Atre these users in there?
ASKER
They are in the mobile user group which allows vpn.
Not sure of what else then?
What do you see in the ISA log when these trwo users try to access?
Compare with a log view of what is seen when a successful user logs in.
Open the gui, select monitoring - logging - click start query and then make the two attempts.
What do you see in the ISA log when these trwo users try to access?
Compare with a log view of what is seen when a successful user logs in.
Open the gui, select monitoring - logging - click start query and then make the two attempts.
ASKER
How do i open the ISA? or ISA Log?
Ah - that suggests you don't have ISA Server..... I see now that you did not answer Neils question about it previously. It has to be a user issue - if it was a machine problem then no users would be able to be logged on through this laptop.
ASKER
So how do i fix the user issue?
Good question - what have 'you' tried already?
If you create a new (test) user, can that user name log in OKthrough the VPN or do they get the same issue?
Are all users in the the default SBS users group or have you moved things around at all in the AD?
If you create a new (test) user, can that user name log in OKthrough the VPN or do they get the same issue?
Are all users in the the default SBS users group or have you moved things around at all in the AD?
Hi I'm back
If you go to Routing and remote access from admin tools, then remote access logging. This will give you the location of the log file for RRA, (ensure that logging is activated).
Go there and check the log file and if you have any problems post them so we can have a look.
If you go to Routing and remote access from admin tools, then remote access logging. This will give you the location of the log file for RRA, (ensure that logging is activated).
Go there and check the log file and if you have any problems post them so we can have a look.
ASKER
all users are under SBS user group and any new users i create cannot connect.
I will post the log in a sec...
I will post the log in a sec...
When you say SBS user group do you mean that they are only users and not mobile users?
ASKER
they are also mobiile users...
ASKER
RRA did not create a log yesterday nor today... theis log is from 1-29-08 and i didnt try to connect with the failed users this day. is there anyway i can make it create a log right now?
"192.168.1.11,,01/29/2008,
"192.168.1.11,,01/29/2008,
set to create a new log daily?
sorry is it set to brate a log daily
I have to say that I am wondering if you have a bigger problem then it seems. You say that RWW isn't working you also have problems with RRA.
Have you rerun the CIEW and RRAW?
Neil
Have you rerun the CIEW and RRAW?
Neil
ASKER
it is set to log daily...
ASKER
1. how do i run those?
2. if i run those, will it change anything with Exchange, OWA or anything that has to do with email?
2. if i run those, will it change anything with Exchange, OWA or anything that has to do with email?
When the srver was set up it was done using the To Do list?
One is the connect to the Internet and Email wizard and one is the Routing and Remote Access Wizard.
They are both accesable from the to do list on the server management console.
One is the connect to the Internet and Email wizard and one is the Routing and Remote Access Wizard.
They are both accesable from the to do list on the server management console.
ASKER
I did run the RRAW, thats how i got VPN to work. and i beleive we ran CIEW when we setup the server. So if i re-run CIEW, is it going to affect Exchange, OWA or anything that has to do with email?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Are you using ISA?
Are you using the VPN connector from the RWW or the XP native client?
Re Run CIEW and RRA wizards.
How many users are connected at one time?
Cheers
NeilParbrook