PPTP VPN Error 721 issue for 1 out 25 users

Posted on 2009-04-07
Medium Priority
Last Modified: 2012-05-06

Very frustrated with this issue.  I have searched here, and via google and can not come up with a real answer to the problem.

We have a network with 25 users on Laptops.  We also have Windows 2003 server handleing all VPN connections and authentication.  Everybody can connected using a PPTP VPN without issue, excpet 1 user.  It connects, and then stalls while verifing user name and password, giving an error 721.

He uses TrendMicro Total Internet Security for AV & firewall.  Windows firewall is disabled.  I tried configuring the firewall, and even disabling it completely.  Still doesn't work.  I shut the software completely off, still no go.  I have tried from a variaty of internet sources, wired, wireless, mobile broadband, from a variety of sources.  I have basically varified that the problem is with the machine it's self, not a router, firewall or other external source.  I still get the same Error 721.  Does anybody have any tips or ideas to look at?

Question by:thompsontech
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 3
  • +2
LVL 23

Assisted Solution

debuggerau earned 300 total points
ID: 24093021
From http://support.microsoft.com/kb/163111

721     Remote PPP peer is not responding.

So does the user have internet or network access?
Default gateway ok? DHCP lease ok?

Are they on an unreliable link?

Maybe they reconfigured their client with another wrong ip address?
LVL 79

Expert Comment

ID: 24093469
Did you create a new PPTP connection or were you using the existing one.

Is the PPTP connection configured on this laptop is the same as the ones on the working model?

Did you try the connection from the same location where another laptop had no problem establishing a VPN?

LVL 77

Expert Comment

by:Rob Williams
ID: 24100029
A 721 error is almost always caused by blocked GRE protocol. This can be due to many issues at either end of the tunnel, but it sounds like you have narrowed it down to the client machine itself. Several security applications such as Symantec have to actually be uninstalled to allow GRE, simply shutting them down does not do it. Trend is one that can block GRE but I don't know if it actually has to be removed. Even some Anti-virus applications will block GRE such as Symantec if "internet worm protection" is enabled. Assuming you have tried from behind different routers and different ISP's I would suggest focusing on the security apps on the PC.
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users


Author Comment

ID: 24107674

I have tried using the VPN from multiple internet access points; mobile broadband, the users home internet, and another access point.  In the case of the mobile broadband, other working PC's have been able to access the VPN without issue.

I configured the VPN link myself, and it is setup the same as on every other machine.  I removed the VPN and reinstalled it on at least three occasions.  Using both IP address and the url that points to the static IP.  Again, using settings that work on all other PC's with access.

The mobile broadband, is my own and was installed for testing this issue out.  I use it on a regualr basis on at least 3 other PCs for VPN access.

I suspect the GRE issue is the culprit, but not sure how to verify whether it's currently blocked.  

I have since learned a Symantec security suite was once used, but has been uninstalled.  TrendMicro is now the security suite used.  While in the TrendMicro's Internet Security  application I was unable to determine how to verify the status of the GRE portocol.

Any ideas related to this Security Suite would be helpful.  If I unistall the suite, I will still need to reinstall so not to leave the user exposed, so I need to find out how to configure it properly.

LVL 79

Expert Comment

ID: 24108116
See if you have an option to add an exemption for protocol 47 (GRE) within its firewall configuration.
LVL 77

Accepted Solution

Rob Williams earned 900 total points
ID: 24108441
You can test to verify if GRE is the issue, though I suspect it definitely is. I am afraid I haven't worked with Trend enough to know the required configuration to allow.

From an earlier post of mine:
Microsoft has a pair of test tools pptpsrv and pptpclnt, to test for GRE pass-through, which are available as part of the Windows resource kit or from:

Log onto the client or VPN server machine and connect to the other with remote desktop, or a similar remote management tool. At a command line on the client machine, run pptpclnt and on the server run pptpsrv. The client machine will send a set of GRE packets to the server and it should show as received if GRE is able to pass. The server is then supposed to respond and the client indicate received, but I have never had that part work. The one direction client to server is usually enough to test.

Following links outline the use of the test tools:
See VPN traffic:
LVL 23

Expert Comment

ID: 24143611
Could be something TCPIP related to windows like the MTU setting or something similar.

If you have GRE pass-through, I would check your TCP settings with DrTCP...


Assisted Solution

glzeiger earned 300 total points
ID: 24246858
I got it to work:
In Trend, go to Personal Firewall Controls.
Click Settings
Click Advanced Settings
Click Network Protocol Control Tab
In here you are going to add 2 OUTGOING rules:

Allow TCP Port 1723

Allow Custom Protocol Number 47.

Worked like a champ for me. Able to access PPTP VPN at office.

Hope this helps.
LVL 23

Expert Comment

ID: 24246960
but the firewall was disabled was the claim above...

Anyways, happy you have it sorted..


Author Comment

ID: 24253160
I am looking in to trying the above fix from glzeiger.  I will report back as soon as I am able to work on the machine in question.  Currently, he is on the east and his internet is down, and I am on the west coast, so trying things out is a little slow sometimes, but I apreciate everybodies input.

Author Comment

ID: 24661541
I have gone round and round with this issue for sometime.  It has taken even longer due to the fact the machine is very rarley under my direct control.  The user and the machine are live on the east coast (I'm with the rest of the company on the west coast).  

After trying many things mentioned both here and other places I fianally set up a test machine with the same A/V firewall setup and was able to replicate the problem.  Could not find a solution.

Contacted TrendMicro (probably should have done this earlier) and was told point blank, PPTP VPN connections are not supported with this software firewall.  If I needed a PPTP VPN then I was directed to uninstall their firewall.

I did that and the problem was resolved.  I should note, disabling the firewall will not help, it must be uninstalled.  

I'm leaving the issue alone at this point and having the user uninstall their TrendMicro firewall, and will move on to another solution as needed.

Thanks for the help!
LVL 77

Expert Comment

by:Rob Williams
ID: 24661624
Glad to hear you have at least found the problem. As mentioned in ID:24100029, TrendMicro is known to be a problem with VPN's.

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The password reset disk is often mentioned as the best solution to deal with the lost Windows password problem. In Windows 2008, 7, Vista and XP, a password reset disk can be easily created. But besides Windows 7/Vista/XP, Windows Server 2008 and ot…
I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question