PPTP VPN Error 721 issue for 1 out 25 users


Very frustrated with this issue.  I have searched here, and via google and can not come up with a real answer to the problem.

We have a network with 25 users on Laptops.  We also have Windows 2003 server handleing all VPN connections and authentication.  Everybody can connected using a PPTP VPN without issue, excpet 1 user.  It connects, and then stalls while verifing user name and password, giving an error 721.

He uses TrendMicro Total Internet Security for AV & firewall.  Windows firewall is disabled.  I tried configuring the firewall, and even disabling it completely.  Still doesn't work.  I shut the software completely off, still no go.  I have tried from a variaty of internet sources, wired, wireless, mobile broadband, from a variety of sources.  I have basically varified that the problem is with the machine it's self, not a router, firewall or other external source.  I still get the same Error 721.  Does anybody have any tips or ideas to look at?

Who is Participating?
Rob WilliamsConnect With a Mentor Commented:
You can test to verify if GRE is the issue, though I suspect it definitely is. I am afraid I haven't worked with Trend enough to know the required configuration to allow.

From an earlier post of mine:
Microsoft has a pair of test tools pptpsrv and pptpclnt, to test for GRE pass-through, which are available as part of the Windows resource kit or from:

Log onto the client or VPN server machine and connect to the other with remote desktop, or a similar remote management tool. At a command line on the client machine, run pptpclnt and on the server run pptpsrv. The client machine will send a set of GRE packets to the server and it should show as received if GRE is able to pass. The server is then supposed to respond and the client indicate received, but I have never had that part work. The one direction client to server is usually enough to test.

Following links outline the use of the test tools:
See VPN traffic:
debuggerauConnect With a Mentor Commented:
From http://support.microsoft.com/kb/163111

721     Remote PPP peer is not responding.

So does the user have internet or network access?
Default gateway ok? DHCP lease ok?

Are they on an unreliable link?

Maybe they reconfigured their client with another wrong ip address?
Did you create a new PPTP connection or were you using the existing one.

Is the PPTP connection configured on this laptop is the same as the ones on the working model?

Did you try the connection from the same location where another laptop had no problem establishing a VPN?

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

Rob WilliamsCommented:
A 721 error is almost always caused by blocked GRE protocol. This can be due to many issues at either end of the tunnel, but it sounds like you have narrowed it down to the client machine itself. Several security applications such as Symantec have to actually be uninstalled to allow GRE, simply shutting them down does not do it. Trend is one that can block GRE but I don't know if it actually has to be removed. Even some Anti-virus applications will block GRE such as Symantec if "internet worm protection" is enabled. Assuming you have tried from behind different routers and different ISP's I would suggest focusing on the security apps on the PC.
thompsontechAuthor Commented:

I have tried using the VPN from multiple internet access points; mobile broadband, the users home internet, and another access point.  In the case of the mobile broadband, other working PC's have been able to access the VPN without issue.

I configured the VPN link myself, and it is setup the same as on every other machine.  I removed the VPN and reinstalled it on at least three occasions.  Using both IP address and the url that points to the static IP.  Again, using settings that work on all other PC's with access.

The mobile broadband, is my own and was installed for testing this issue out.  I use it on a regualr basis on at least 3 other PCs for VPN access.

I suspect the GRE issue is the culprit, but not sure how to verify whether it's currently blocked.  

I have since learned a Symantec security suite was once used, but has been uninstalled.  TrendMicro is now the security suite used.  While in the TrendMicro's Internet Security  application I was unable to determine how to verify the status of the GRE portocol.

Any ideas related to this Security Suite would be helpful.  If I unistall the suite, I will still need to reinstall so not to leave the user exposed, so I need to find out how to configure it properly.

See if you have an option to add an exemption for protocol 47 (GRE) within its firewall configuration.
Could be something TCPIP related to windows like the MTU setting or something similar.

If you have GRE pass-through, I would check your TCP settings with DrTCP...

glzeigerConnect With a Mentor Commented:
I got it to work:
In Trend, go to Personal Firewall Controls.
Click Settings
Click Advanced Settings
Click Network Protocol Control Tab
In here you are going to add 2 OUTGOING rules:

Allow TCP Port 1723

Allow Custom Protocol Number 47.

Worked like a champ for me. Able to access PPTP VPN at office.

Hope this helps.
but the firewall was disabled was the claim above...

Anyways, happy you have it sorted..

thompsontechAuthor Commented:
I am looking in to trying the above fix from glzeiger.  I will report back as soon as I am able to work on the machine in question.  Currently, he is on the east and his internet is down, and I am on the west coast, so trying things out is a little slow sometimes, but I apreciate everybodies input.
thompsontechAuthor Commented:
I have gone round and round with this issue for sometime.  It has taken even longer due to the fact the machine is very rarley under my direct control.  The user and the machine are live on the east coast (I'm with the rest of the company on the west coast).  

After trying many things mentioned both here and other places I fianally set up a test machine with the same A/V firewall setup and was able to replicate the problem.  Could not find a solution.

Contacted TrendMicro (probably should have done this earlier) and was told point blank, PPTP VPN connections are not supported with this software firewall.  If I needed a PPTP VPN then I was directed to uninstall their firewall.

I did that and the problem was resolved.  I should note, disabling the firewall will not help, it must be uninstalled.  

I'm leaving the issue alone at this point and having the user uninstall their TrendMicro firewall, and will move on to another solution as needed.

Thanks for the help!
Rob WilliamsCommented:
Glad to hear you have at least found the problem. As mentioned in ID:24100029, TrendMicro is known to be a problem with VPN's.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.