RRAS VPN Setup on widows server 2003, behind a firewall Watchguard


could some one help me troubleshoot my problem with rras vpn setup server.

our network has two servers, both are windows server 2003 , and are domain controllers.  I have setup rras on one of the servers with a dedicated nic for it. I have opened up firewall which is provided by Watchguard router. we only have one public ip. on the firewall I have opened up the port of pptp and assigned the host address as the ip address of the nic I am using for rras. ( I don't think , this device watchguard, has explicti natting available).

When I try test by creating a vpn connection using a computer from my home it hangs at verifying user name and password for a bit, then gives the error message ' error 691: access was denied becuase the username and or password was invalid on the domian.'

I have gave the user account I am using to connect access as allow in the properties of AD for dial and remote access connection ( something like that, i don't remember the name of the option /tab).

am I mising something really obvious here. how do I troubleshoot this issue and hopefully resolve it.
Who is Participating?

Improve company productivity with a Business Account.Sign Up

dj_relentlessConnect With a Mentor Commented:
Try it with full upn user@domain.local. If no go enable security auditing on the vpn box if not already and see if your getting failure events on the username and password.
you must allow also GRE protocol on your router

This really depends on which watchguard you are using. If you are using a firebox and not the soho. you can setup a direct one to one NAT with out a prob.

Which Watchguard are you using?
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

ashjuvAuthor Commented:
this is the watchguard info

version 6.4.1
build 15
boot rom 5.6
Watchguard SOHO 6TC
ashjuvAuthor Commented:
when i specify pptp as the service should it not automatically take care of both the tcp port and protocol on the firewall.??

I actually did try creating my own service and specifying the the rras port as well as protocol, it gave the same result
ashjuvAuthor Commented:
Actually I tried logging on using full name user@domain.com and it worked.

thanks so much.
mickeyfanConnect With a Mentor Commented:
I would use the MUVPN Software for mobile users with any watchguard hardware. The software is free and setting it up is pretty easy.

We have had issue with using MS VPN through the watchguard hardware. We have had zero problem when we switched over to the watchguard software. The software is more secure and does compression as well.


MUVPN client connects to a SOHO 6
Determine the software version your SOHO 6 runs

To see what version your SOHO 6 has, go to the main System Status page and look for "Firewall Version" above the picture of the SOHO:

If your SOHO 6 has software version 6.4 or later

Send the MUVPN installation file, the client configuration file, and the Shared Key to the MUVPN user

1. Where to find the client configuration file.

Every Mobile User VPN account you configure has a client configuration file called a "wgx file". You get the wgx file from the SOHO 6 Web management page, in the main VPN area:

Click on the hyperlink for a user's wgx file. Follow the prompts to save the file locally:

2. Copy these files to the user's computer:

The MUVPN installation file, MUVPN.exe or MUVPNLite.exe
The wgx file
3. Give the user the Shared Key.

The shared key is sensitive information. You should not send this to the user with email. Give the user the shared key by telling it to the user, or by some other method that does not allow an unauthorized person to get the shared key
Install the MUVPN software

Note:  Do not install this software if there is another IPSec VPN program on the user's computer. Uninstall any other VPN software, including any previous version of WatchGuard's MUVPN software before installing this software.
Note:  You must have local administrative rights on the computer to install the software. You do not have to have administrative rights to use the program after it is installed.

Installation of the MUVPN software is exactly the same for a user connecting to a Firebox III or Firebox X. Follow the steps at "Install the MUVPN Program" listed in the previous section. Ignore any mention of certificates. The SOHO 6 can not use certificates for MUVPN connections.

The SOHO 6 also has a Remote Management feature that is very similar to an MUVPN client account. You get the wgx file for the Remote Management account from the SOHO 6 Administration page:

ashjuvAuthor Commented:
thanks, mickey, the information would really be helpful if I run into vpn problems. So far with ms it looks good ( still in test ). when I start rolling out i i will find out what are the other issues. In the mean time i will close the case and open a new one whent the issues happen again. thanks for all your hlep guys who responded to this mesage in timely manner.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.