MaCuban
asked on
2008 RAS does not accept PPTP connections from windows clients.
OK,
Performed windows updates last Friday on all servers. On Monday received complaints about not being able to connect to the VPN from developers and teleworkers. This issue seems only to affect windows clients. The configuration is a 2008 server running ADDC services and RAS. Behind a firewall that forwards connections to the vpn address at ports tcp 1723 and GRE to the server internally. My Mac connects fine using the VPN clients built into osx in network prefs. the behavior doesn't seem to differentiate between client PCs being domain attached or not.
From the server event log
"The user aayers connected from x.x.x.x but failed an authentication attempt due to the following reason: The connection was denied because the username and/or password you specified is invalid. This could be caused by the following conditions: Your username and/or password was mis-typed. The specified username does not exist on the server. Your password has expired. The administrator has not given you access to connect remotely. The selected authentication protocol is not permitted on the remote server."
On the Client:
The user xxxx has started dialing a VPN connection using a per-user connection profile named [VPN]. The connection settings are:
Dial-in User = [domain\User]
VpnStrategy = PPTP
DataEncryption = Require
PrerequisiteEntry =
AutoLogon = No
UseRasCredentials = Yes
Authentication Type = CHAP/MS-CHAPv2
Ipv4DefaultGateway = Yes
Ipv4AddressAssignment = By Server
Ipv4DNSServerAssignment = By Server
Ipv6DefaultGateway = Yes
Ipv6AddressAssignment = By Server
Ipv6DNSServerAssignment = By Server
IpDnsFlags =
IpNBTEnabled = Yes
UseFlags = Private Connection
ConnectOnWinlogon = No.
There are 2 additional events then:
"The link to the Remote Access Server has been established by user xxxxxx"
Clearly it has not.
The Client just stays at verifying username and password until its gets an error 619.
"error 619 a connection to the remote computer could not be established, so the port used for this connection was closed."
Any and all Comments, questions, or suggestions are always greatly appreciated. Thanks in advance.
Performed windows updates last Friday on all servers. On Monday received complaints about not being able to connect to the VPN from developers and teleworkers. This issue seems only to affect windows clients. The configuration is a 2008 server running ADDC services and RAS. Behind a firewall that forwards connections to the vpn address at ports tcp 1723 and GRE to the server internally. My Mac connects fine using the VPN clients built into osx in network prefs. the behavior doesn't seem to differentiate between client PCs being domain attached or not.
From the server event log
"The user aayers connected from x.x.x.x but failed an authentication attempt due to the following reason: The connection was denied because the username and/or password you specified is invalid. This could be caused by the following conditions: Your username and/or password was mis-typed. The specified username does not exist on the server. Your password has expired. The administrator has not given you access to connect remotely. The selected authentication protocol is not permitted on the remote server."
On the Client:
The user xxxx has started dialing a VPN connection using a per-user connection profile named [VPN]. The connection settings are:
Dial-in User = [domain\User]
VpnStrategy = PPTP
DataEncryption = Require
PrerequisiteEntry =
AutoLogon = No
UseRasCredentials = Yes
Authentication Type = CHAP/MS-CHAPv2
Ipv4DefaultGateway = Yes
Ipv4AddressAssignment = By Server
Ipv4DNSServerAssignment = By Server
Ipv6DefaultGateway = Yes
Ipv6AddressAssignment = By Server
Ipv6DNSServerAssignment = By Server
IpDnsFlags =
IpNBTEnabled = Yes
UseFlags = Private Connection
ConnectOnWinlogon = No.
There are 2 additional events then:
"The link to the Remote Access Server has been established by user xxxxxx"
Clearly it has not.
The Client just stays at verifying username and password until its gets an error 619.
"error 619 a connection to the remote computer could not be established, so the port used for this connection was closed."
Any and all Comments, questions, or suggestions are always greatly appreciated. Thanks in advance.
Maybe this helps troubleshooting: http://vpn-error-code.blogspot.com/2006/07/vpn-error-619-port-was-disconnected.html
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.