Solved

sbs 2008 vpn woes - error 800 -previously vpn worked with this router when sbs 2003

Posted on 2010-11-17
9
1,396 Views
Last Modified: 2012-05-10
hi all,
as usual after hours and days of banging my head, i've turned to the experts.
my sbs 2008 setup is running smoothly (knock on wood)
office router is linksys wrt54g (very common/popular router).  vpn is enabled, as is ipsec on the router.  forwarding ports 1723, 1701, 3389, 443, etc. to the server
i had a non-domain computer plugged into the lan, and the vpn seemed to connect (even though the test machine was not on the domain).  tried that with a domain notebook that i unplugged and used a different ssid, and still had no joy.
my home machine is the same notebook (previously, with xp pro, it connected via vpn to my previously sbs 2003 now sbs 2008 server)
i have made sure the user account has vpn permissions, and have run the vpn wizard repeatedly at the office.  port query shows 1723 is listening (but not 1701).  i have no way to "force" a protocol 47 allowance at the server level (i've read all about gre).  i have enabled 1723 pass through via the firewall, have enabled 1701, and for 1723 allowed all possible protocols for my firewall (tcp, udp, and 2 more that i don't recall/not familiar with - imgp or similar)
at home, my router is a dlink 655 which is also a popular and powerful router.  i have enabled all the vpn settings on that one as well (and in fact, that one i can enable protocol 47, which i have though i think it's irrelvant on that front)
ISP on both ends is optimum (cablevision).  i believe they do NOT block vpn.
i have thought about trying my old matching linksys wrt54g router at home - i do not believe i every had success with the dlink even when the server was sbs 2003 (but then, i had tons of server issues)
i know microsoft recommends rww which does work flawlessly, but i wanted vpn as a poor man's off-site backup for my documents, along with some other network access that would be very unwieldly with rww
any help would be very appreciated!
0
Comment
Question by:GaryGarland
  • 5
  • 4
9 Comments
 
LVL 77

Expert Comment

by:Rob Williams
ID: 34155975
You do not need 1701, nor do you need IPSec for the SBS VPN.
With SBS you usually also want 25, 443, and 987  for e-mail, OWA, RWW, and Sharepoint

-Run the SBS VPN wizard as you said you did. I assume you mean from the SBS console and not RRAS. It is located under SBS console | networking | connectivity
-your router requires only port 1723 be forwarded to the SBS for the VPN and under the firewall section (I believe) enable PPTP pass-through. This will enable GE (protocol 47)
-The router must have a public IP. Are you sure it does and it is not getting a private IP from a combined modem/router? If so the modem has to be out in bridge mode
-on the client you need to configure the VPN client as per the following
  XP: http://www.lan-2-wan.com/vpns-XP-Client.htm
  Vista/Win7: http://www.onecomputerguy.com/networking/vista_vpn_client.htm
0
 

Author Comment

by:GaryGarland
ID: 34156849
Rob, thanks for the response.  I hadn't seen the referenced article (one computer guy) but i'd done everything there many times (except for playing with my hosts file)
public ip - i'm using my dyndns address which works fine for rww, owa, etc.
not sure what you mean by bridge mode - this set up did work under sbs 2003 - i'm using a cable modem into the router.
i'm beating my head against the wall - don't know what the culprit could be...
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 34157216
Sounds like bridging is not an issue.

f you log on to the SBS and go to  www.canyouseeme.org  and test for port 1723 does it show succeded?

Have you tried running the BPA?
http://www.microsoft.com/downloads/en/details.aspx?familyid=86a1aa32-9814-484e-bd43-3e42aec7f731&displaylang=en
It will often point out all sorts of configuration issues.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:GaryGarland
ID: 34180435
Hi - 1723  shows success.  Bpa shows no sp2 which actually failed previously - think sp2 might solve all my ills, or other suggestions?
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
ID: 34185102
I  am doubtful SP will resolve the issue and it is definitely not that cause of the problem.

Can you confirm what you said before; the VPN will connect from the LAN using the LAN IP?
0
 

Author Comment

by:GaryGarland
ID: 34217654
hi - i tried again using a different router (my spare wrt54gl at home that matched the one at the office) - AND IT CONNECTED!
i then switched by to the prior router, and after power cycling it now works. i give up - no rhyme nor reason.  i can sync files - though i can't see other computers from the office network (in other words, they are not showing up, but their shares still work) - wierd.
any ideas?
my primary goals of vpn are two-fold
1) documents sync
2) ability to print to remote device (i.e. i have a fax driver that will fax when i print to the fax machine, would like to be able to hit that from home)
i'll post points - not sure if i need to ask a separate question.  Rob, thanks again for your responses!
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 34218148
>>" i can't see other computers from the office network "
Generally you will not be able to browse the Network. Network browsing relies on NetBIOS broadcasts. Broadcast packets are not routable and thus not forwarded over the VPN. In order to have full browsing capability you usually have to set up a WINS server at each site and have them replicate. However file access and DNS will work fine over a VPN.

You ask about a second question, but I am not sure what it is. Sounds like syncing is working Now? Printing can be another issue primarily due to drivers and default gateways. The FAX driver may or may not work. You need to install the driver locally, point to the IP of the FAX device but it may also require that the FAX device use the server as it's default gateway and that is not usually an option with a software client VPN. With a site to site VPN between two VPN routers that is easily done.
0
 

Author Comment

by:GaryGarland
ID: 34218193
Thanks Rob - i actually feel assured with your response, in that i can browse the shares even if not observe them.
if i can ask you yet one more question - i set up my new notebook on the domain, and brought home.  so i am having permission/network issues when running as a domain machine; however when i log in to the notebook locally there are no issues - can you think of anything i should do at home to get things more in sync, or is this common?  i'm not sure if i should play with "home" and "work" network settings in the network center (windows 7).
home network - router, mybook (hey, gotta access my movies and backups, right?), printer, wife's computer (just for internet and email), etc. - i can change the home network to be more friendly to the office if it makes sense.  home is 192.168.1.X, office is 192.168.2.X (i did this years ago so vpn should work without conflict)
thanks again - if this is inappropriate in this section i'll ask a new question but i think it's germaine.  thanks again!
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 34218304
Don't worry about relevant or not, glad to help if I can.

You mention permission issues. Are these accessing files at home or files on the domain?
If you are connecting to a different domain or workgroup you usually have to use the credentials for the other domain  or workgroup to access those permissions, in the form domain\username  or PC\username.
If the issue is once you joined the laptop to the domain, and you logon with that account at home, and you cannot access local resources , try creating an account on the home computers with the same name and password as you use at the office. This should allow access without a problem.

As for IP configuration that is fine. Home and work must use different subnets so don't change that.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SBS 2008 DC DIAG Missing AAAA record at DNS server : 5 53
Cisco Any Connect Client 5 45
Move for SBS 2011 to Office 365 3 51
Exchange 2007 3 35
Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question