Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


RRAS VPN Setup on widows server 2003, behind a firewall Watchguard

Posted on 2009-04-09
Medium Priority
Last Modified: 2012-05-06

could some one help me troubleshoot my problem with rras vpn setup server.

our network has two servers, both are windows server 2003 , and are domain controllers.  I have setup rras on one of the servers with a dedicated nic for it. I have opened up firewall which is provided by Watchguard router. we only have one public ip. on the firewall I have opened up the port of pptp and assigned the host address as the ip address of the nic I am using for rras. ( I don't think , this device watchguard, has explicti natting available).

When I try test by creating a vpn connection using a computer from my home it hangs at verifying user name and password for a bit, then gives the error message ' error 691: access was denied becuase the username and or password was invalid on the domian.'

I have gave the user account I am using to connect access as allow in the properties of AD for dial and remote access connection ( something like that, i don't remember the name of the option /tab).

am I mising something really obvious here. how do I troubleshoot this issue and hopefully resolve it.
Question by:ashjuv
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 24111148
you must allow also GRE protocol on your router


Expert Comment

ID: 24111207
This really depends on which watchguard you are using. If you are using a firebox and not the soho. you can setup a direct one to one NAT with out a prob.

Which Watchguard are you using?

Accepted Solution

dj_relentless earned 1000 total points
ID: 24111395
Try it with full upn user@domain.local. If no go enable security auditing on the vpn box if not already and see if your getting failure events on the username and password.
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments


Author Comment

ID: 24111409
this is the watchguard info

version 6.4.1
build 15
boot rom 5.6
Watchguard SOHO 6TC

Author Comment

ID: 24111435
when i specify pptp as the service should it not automatically take care of both the tcp port and protocol on the firewall.??

I actually did try creating my own service and specifying the the rras port as well as protocol, it gave the same result

Author Comment

ID: 24111501
Actually I tried logging on using full name user@domain.com and it worked.

thanks so much.

Assisted Solution

mickeyfan earned 1000 total points
ID: 24111515
I would use the MUVPN Software for mobile users with any watchguard hardware. The software is free and setting it up is pretty easy.

We have had issue with using MS VPN through the watchguard hardware. We have had zero problem when we switched over to the watchguard software. The software is more secure and does compression as well.


MUVPN client connects to a SOHO 6
Determine the software version your SOHO 6 runs

To see what version your SOHO 6 has, go to the main System Status page and look for "Firewall Version" above the picture of the SOHO:

If your SOHO 6 has software version 6.4 or later

Send the MUVPN installation file, the client configuration file, and the Shared Key to the MUVPN user

1. Where to find the client configuration file.

Every Mobile User VPN account you configure has a client configuration file called a "wgx file". You get the wgx file from the SOHO 6 Web management page, in the main VPN area:

Click on the hyperlink for a user's wgx file. Follow the prompts to save the file locally:

2. Copy these files to the user's computer:

The MUVPN installation file, MUVPN.exe or MUVPNLite.exe
The wgx file
3. Give the user the Shared Key.

The shared key is sensitive information. You should not send this to the user with email. Give the user the shared key by telling it to the user, or by some other method that does not allow an unauthorized person to get the shared key
Install the MUVPN software

Note:  Do not install this software if there is another IPSec VPN program on the user's computer. Uninstall any other VPN software, including any previous version of WatchGuard's MUVPN software before installing this software.
Note:  You must have local administrative rights on the computer to install the software. You do not have to have administrative rights to use the program after it is installed.

Installation of the MUVPN software is exactly the same for a user connecting to a Firebox III or Firebox X. Follow the steps at "Install the MUVPN Program" listed in the previous section. Ignore any mention of certificates. The SOHO 6 can not use certificates for MUVPN connections.

The SOHO 6 also has a Remote Management feature that is very similar to an MUVPN client account. You get the wgx file for the Remote Management account from the SOHO 6 Administration page:


Author Comment

ID: 24111727
thanks, mickey, the information would really be helpful if I run into vpn problems. So far with ms it looks good ( still in test ). when I start rolling out i i will find out what are the other issues. In the mean time i will close the case and open a new one whent the issues happen again. thanks for all your hlep guys who responded to this mesage in timely manner.

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question