Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Cannot connect to VPN on Windows 2003 Enterprise R2 Server.  Client receives VPN connection error 733.  Server receives VPN event id 20050

Posted on 2008-04-22
13
Medium Priority
?
1,966 Views
Last Modified: 2012-06-21
When a user tries to connect using Windows XP, he gets as far as registering computer on the network, then: TCP/IP CP reported error 733: A connection to the remote computer could not be completed.  You might need to adjust the protocols on this computer.

On the server, Event 20050 occurs, saying The User DOMAIN\username connected to port VPN4-23 has been disconnected because no network protocols were successfully negotiated.

These errors occur whether we are attempting a connection from internal, or external, so it does not appear to be firewall related.

We updated a few nights ago, 4/22/2008, applying all Windows updates from the last month.
Prior to doing this, the VPN connection itself was working great.  We thought this was the culprit.

We have uninstalled all updates applied 4/22, and no change in the results.

Server: Windows 2003 Enterprise R2
Clients:  Windows XP Pro, Windows Vista Business

What troubleshooting steps should I take?
0
Comment
Question by:pankis
  • 8
  • 5
13 Comments
 
LVL 80

Expert Comment

by:arnold
ID: 21412242
Which VPNs does the server offer, IPSEC+L2TP or PPTP? Check the networking tab of the wan miniport settings to see which options are checked tere and the tcp/ip protocol.  You may need to uncheck the enable LCP extenstions.  What about copression.  Do you specifically specify a PPTP or L2TP connection?  
0
 

Author Comment

by:pankis
ID: 21412990
The server appears to offer both.

I don't believe we specify a PPTP or L2TP connection.  They both appear to be available.

Can you tell me how to check the WAN miniport?  I'm not finding this.  (Newbie to VPN)

Under Administrative Tools > Routing and Remote Access > Ports Properties, it reads as follows:


Name                    Used By       Type     Number
WAN Miniport (L2TP)     RAS/Routing   L2TP     0
WAN Miniport (PPPOE)    Routing       PPPoE    1
WAN Miniport (PPTP)     RAS/Routing   Parallel 1

Open in new window

0
 

Author Comment

by:pankis
ID: 21413041
Let's try this again (ignore previous post of details):

The description of Administrative Tools > Routing and Remote Access > Ports Properties:
Name                     Used By        Type      Number
--------------------------------------------------------
WAN Miniport (L2TP)      RAS/Routing    L2TP      0
WAN Miniport (PPPOE)     Routing        PPPoE     1
WAN Miniport (PPTP)      RAS/Routing    PPTP      24
Direct Parallel          Routing        Parallel  1

Open in new window

0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
LVL 80

Expert Comment

by:arnold
ID: 21413080
On the windows XP or Vista system, in the network connections, you should have a wan miniport for PPTP or L2TP (this is the VPN connection)?  See my prior comment for checking the settings on the client side.

0
 

Author Comment

by:pankis
ID: 21413130
On the XP side, here is what is checked under Network Connections > WAN Miniport > Properties:

(CHECKED) Display Progress while connecting
(CHECKED) Prompt for name and password, certificate, etc.
(UN-CHECKED) Include WIndows Logon Domain

Redial attempts:  3
Time between redial attempts: 1 minute
Idle time before hanging up: never
0
 
LVL 80

Expert Comment

by:arnold
ID: 21413287
There should be three other tabs there.  See options, security, networking and advanced.  Make sure your choices under each match what your server's configuration is.  Reference the prior comment ID:21412242.

How many PPTP tunnels can be established at one time on your server?
0
 

Author Comment

by:pankis
ID: 21413735
I think we need to troubleshoot this from a server perspective.  3 days ago 15 people could VPN into this server, no problem.  Then we installed Windows Updates (doh!), and they cannot.  After the updates were installed, Event ID 20050 began showing up in the logs, every time someone tried to connect.

Regarding connection settings on the client side XP machine, as you requested:

Options, are posted in  21413130.

Security: Typical (require secured password) and "Require Data Encryption" are both selected.

Networking Protocol:

Type of VPN:  Automatic
All of the following are checked:  TCP/IP, QoS Packet Scheduler, File and Printer Sharing for Microsoft Networks, Client for Microsoft Networks.
0
 
LVL 80

Expert Comment

by:arnold
ID: 21413826
Settings on the networking page? Enable LCP extentions checked or unchecked?  Which updates did you install?

Are you using certificate authentication?  There is not information to point to a single location where you should look to correct the issue.The two sides can not agree on a protocol.
Try forcing the PPTP connection type under the Networking tab.

Check the security tab, which options are set are you using the default or did you go through and specify a specific set of valid redential exchanges.
0
 

Author Comment

by:pankis
ID: 21414074
Setting on the networking page points to the VPN address, which is resolving in DNS.  LCP extensions is not available as an option, as this is not a dial-up connection.  Maybe I'm missing something?  I checked these on the XP client.

How can I tell if I am using certificate authentication?

Forced PPTP, 773 error.
Forced L2TP IPSec VPN, 789 error, reading "The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer.

On security tab, I have kept everything as default.  It is Typical (recommended settings), Require Secure Password, and Require Data Encryption.

I will post the updates I installed and then uninstalled, in the next post.

Thanks for helping me through this, I am a little confused.
0
 

Author Comment

by:pankis
ID: 21414115
Updates that I installed 4/20/2008 are as follows.  

Everything was working prior to these!

They were uninstalled last night, but that didn't seem to help.

KB942830
KB942831
KB943055
KB943460
KB943485
KB942763
KB945553
KB941644
KB948496
KB948590
KB948881
KB944653
KB936021
KB935840
KB935839
KB933729
KB941569
KB941568
KB941202
KB936782
KB929123
KB941693
KB946026
KB926122
KB936357
KB933854
0
 
LVL 80

Expert Comment

by:arnold
ID: 21414263
This is a "dial-up connection" of sorts.  The option is under the settings button on the Networking Tab.  

L2TP over IPSEC could have failed because it did not have the passphrase to establish the IPSEC tunnel.

In the properties of the WAN miniport there are five distinct tabs.  Under the networking there is the settings button that has additional choices.
Force your connection to use PPTP.  Are you able to connect?
under the security tab you need to configure depending on what you have on the server.  You may have to specify using the advanced button on the securty tab.
Do you need to specify IPSEC passphrase?  

Double check the status of windows firewall on the server.
You should apply the patches.

0
 

Author Comment

by:pankis
ID: 21414614
Okay, just got off the phone with the client (end users).  I believe the answer to your PPTP, security, etc., questions is answered in the feedback I got from them.  Basically, they've been able to run through the wizard, putting in the VPN server's address, and then connect.

They have been setup such that they can run the Windows New Connection Wizard, choose "Virtual Private Network" connection, tell it NOT to dial in, and then put in the Host Name, and click finish.

AT this point, with these default settings, they've been able to connect.  Now they can't.  

Would it be reasonable to re-create the VPN connection on the server?  

Nobody in the organization can connect right now anyway.
0
 

Accepted Solution

by:
pankis earned 0 total points
ID: 21465246
The tech's who set the VPN up have fixed it.  Not sure of the solution.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn about cloud computing and its benefits for small business owners.
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question