Windows SBS 2003 VPN error 691

We are in a Windows SBS 2003 Domain enviroment and have implemented VPN for mobile users to acces the domain. I am able to connect to the domain via VPN with all users for the excetpion of 2. These 2 user were created recently. I gave the users mobile, power user and even administrative right and still, they are not allowed to connect through VPN. I receive error 691. i have checked over and over again to make sure the all have the same rights, and no dice.
btw, we are trying to connect with window xp pro sp 2 machines.
krawl23Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

NeilParbrookCommented:
Hi

Are you using ISA?

Are you using the VPN connector from the RWW or the XP native client?

Re Run CIEW and RRA wizards.

How many users are connected at one time?

Cheers

NeilParbrook
0
krawl23Author Commented:
I have been testing VPN from home, so it has been 1 user at a time.

I am using the Windows XP Pro VPN CLient.
0
NeilParbrookCommented:
Try going to your remote web workplace loging in (uncheck box saying 'I'm using public computer) and then download the connecction manager and try again using that to connect.
0
Redefine Your Security with AI & Machine Learning

The implications of AI and machine learning in cyber security are massive and constantly growing, creating both efficiencies and new challenges across the board. Check out our on-demand webinar to learn more about how AI can help your organization!

krawl23Author Commented:
RWW has also been down, i receive this error Server Error in '/Remote' Application.

But why would vpn work with all users except for 2?
0
Keith AlabasterEnterprise ArchitectCommented:
Local firewall on the 2 pc's?
0
krawl23Author Commented:
No change, can connect with all but 2 users.
0
krawl23Author Commented:
I am testing from my local machine to office server. I do have a firwall at both ends and they have been configured for vpn...I am testing all users from my home machine to the office server 1 at a time. all are able to connect but 2 users. so the enviroment hasnt changed from user to user.
0
Keith AlabasterEnterprise ArchitectCommented:
On a machine that works, can you connect using one of the failing user names?  ie is it a user specific error or a machine specific error?
0
krawl23Author Commented:
I am testing every user on a single machine...VPN has only been tested on my home machine and 2 out of the 10 users cannot connect. There has been no other tests on other machines. So it is 2 specific users that cannot connect.
0
Keith AlabasterEnterprise ArchitectCommented:
In your AD, are the users authorised for remote access in the account details?
0
krawl23Author Commented:
Yes they are allowed remote access.
0
Keith AlabasterEnterprise ArchitectCommented:
Do you have a vpn_users group? Atre these users in there?
0
krawl23Author Commented:
They are in the mobile user group which allows vpn.
0
Keith AlabasterEnterprise ArchitectCommented:
Not sure of what else then?
What do you see in the ISA log when these trwo users try to access?
Compare with a log view of what is seen when a successful user logs in.

Open the gui, select monitoring - logging - click start query and then make the two attempts.
0
krawl23Author Commented:
How do i open the ISA? or ISA Log?
0
Keith AlabasterEnterprise ArchitectCommented:
Ah - that suggests you don't have ISA Server..... I see now that you did not answer Neils question about it previously. It has to be a user issue - if it was a machine problem then no users would be able to be logged on through this laptop.
0
krawl23Author Commented:
So how do i fix the user issue?
0
Keith AlabasterEnterprise ArchitectCommented:
Good question - what have 'you' tried already?
If you create a new (test) user, can that user name log in OKthrough the VPN or do they get the same issue?
Are all users in the the default SBS users group or have you moved things around at all in the AD?
0
NeilParbrookCommented:
Hi I'm back

If you go to Routing and remote access from admin tools, then remote access logging.  This will give you the location of the log file for RRA, (ensure that logging is activated).

Go there and check the log file and if you have any problems post them so we can have a look.
0
krawl23Author Commented:
all users are under SBS user group and any new users i create cannot connect.

I will post the log in a sec...
0
NeilParbrookCommented:
When you say SBS user group do you mean that they are only users and not mobile users?

0
krawl23Author Commented:
they are also mobiile users...
0
krawl23Author Commented:
RRA did not create a log yesterday nor today... theis log is from 1-29-08 and i didnt try to connect with the failed users this day. is there anyway i can make it create a log right now?

"192.168.1.11,,01/29/2008,22:46:40,RAS,PMDEXCHANGE2,4,192.168.1.11,44,0,40,7,4108,192.168.1.11,4155,2,4136,4,4142,0"
0
NeilParbrookCommented:
set to create a new log daily?
0
NeilParbrookCommented:
sorry is it set to brate a log daily
0
NeilParbrookCommented:
I have to say that I am wondering if you have a bigger problem then it seems.  You say that RWW isn't working you also have problems with RRA.

Have you rerun the CIEW and RRAW?

Neil
0
krawl23Author Commented:
it is set to log daily...
0
krawl23Author Commented:
1. how do i run those?
2. if i run those, will it change anything with Exchange, OWA or anything that has to do with email?
0
NeilParbrookCommented:
When the srver was set up it was done using the To Do list?

One is the connect to the Internet and Email wizard and one is the Routing and Remote Access Wizard.

They are both accesable from the to do list on the server management console.
0
krawl23Author Commented:
I did run the RRAW, thats how i got VPN to work. and i beleive we ran CIEW when we setup the server. So if i re-run CIEW, is it going to affect Exchange, OWA or anything that has to do with email?
0
NeilParbrookCommented:
No not if you don't change anything but if there is a problem you will find out at the end.

The rerun the RRA wizard.

Are you using the server for DHCP?
0
krawl23Author Commented:
I am using DHCP...I will try to run CIEW later this vening when everyone is off the netowrk.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.