Cannot establish a VPN connection - Event ID 20209

Posted on 2009-01-16
Medium Priority
Last Modified: 2012-05-06
We have had our VPN setup and working for quite some time. All employees off-site can still successfully connect to the VPN except for one who is out of state. She is at a conference and everytime she tries to connect to the VPN she generates one of these warnings in the eventlog. She claims that there are people there from other companies and they are able to get on their VPNs. So it sounds like the issue is on our side, but if everyone else can connect to the VPN, where is the difference? Please help me find where the issue resides.

Windows Server 2003, Windows XP Pro laptop

Event Type:      Warning
Event Source:      Rasman
Event Category:      None
Event ID:      20209
Computer:      MYSERVER
A connection between the VPN server and the VPN client has been established, but the VPN connection cannot be completed. The most common cause for this is that a firewall or router between the VPN server and the VPN client is not configured to allow Generic Routing Encapsulation (GRE) packets (protocol 47). Verify that the firewalls and routers between your VPN server and the Internet allow GRE packets. Make sure the firewalls and routers on the user's network are also configured to allow GRE packets. If the problem persists, have the user contact the Internet service provider (ISP) to determine whether the ISP might be blocking GRE packets.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Question by:donvfp
  • 3
  • 3
  • 2
LVL 33

Expert Comment

by:Todd Gerbert
ID: 23395911
If she's behind a consumer-grade router with NAT enabled, then it would probably only allow 1 VPN connection at a time (because GRE doesn't use the notion of port numbers like TCP the router can only handle one internal computer using it at a time).

Expert Comment

ID: 23396061
Tell her to disable all Firewalls, Anti-viruses ,... programs and try again. If successful, so add a rule that allows VPN session. (pptp=tcp 1723   -  L2TP=udp 1701 - udp=500 - IP protocol=47)

Author Comment

ID: 23396542
She is in a hotel at this conference and more than one person is able to connect to their vpn at a time.
So I don't think it's being limited on her end.

I have enabled IPsec, L2TP over IPsec, and PPTP.
I have also added rules in the firewall to allow TCP 1723, UDP 1701, and UDP 500.

I asked her to try to connect again and she is still getting error 721.
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.


Expert Comment

ID: 23396619
in a hotel means she uses a public PC? I meant on her laptop.
LVL 33

Accepted Solution

Todd Gerbert earned 2000 total points
ID: 23396622
Well, I would tend to think that so long as you can connect any clients to your VPN (especially if it has been working for some time and you haven't made any changes), and her computer also was able to connect and no changes were made to it, then the only other unknown is the hotels routers.

Given that some people are able to connect I might guess that A) They're not connecting to a VPN, maybe using RPC over HTTP, e.g. (I know my users can barely spell VPN, much less know whether they're connected or not), B) either some others, or your person, are connected to the wrong router (maybe a nearby house/apartment), or C) others at the hotel are using other VPN clients that don't depend on GRE (I'm only familiar with PPTP, so I don't know how likely that is) or D) The hotel's got a half-decent router but still has a limit that's being reached as far as the number of GRE connections it can keep track of.

Author Comment

ID: 23397474
She is not using a public PC. She is using a company supplied laptop that she has brought to other off-site locations and has been able to connect to the VPN just fine in the past.

I believe tgerbert has got it right.
We haven't made any changes to the vpn or to the settings on her computer. The hotel is the unknown factor.
The other people probably are connecting through third party vpn software or not using a vpn at all.

It's just frustrating that's all.

Expert Comment

ID: 23397711
Did you check or told her to check her laptop? maybe she has recently installed or enabled a firewall.

Author Closing Comment

ID: 31535572
I am accepting this as a solution since it is the best explanation of what was probably happening.

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
There are literally thousands of Exchange recovery applications out there. So how do you end up picking one that’s ideal for your business & purpose? By carefully scouting the product’s features, the benefits it offers you, & reading ample reviews f…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Hi, this video explains a free download that you can incorporate into your Access databases, or use stand-alone for contact management. Contacts -- Names, Addresses, Phone Numbers, eMail Addresses, Websites, Lists, Projects, Notes, Attachments…
Suggested Courses

587 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question