Solved

sbs 2008 vpn woes - error 800 -previously vpn worked with this router when sbs 2003

Posted on 2010-11-17
9
1,387 Views
Last Modified: 2012-05-10
hi all,
as usual after hours and days of banging my head, i've turned to the experts.
my sbs 2008 setup is running smoothly (knock on wood)
office router is linksys wrt54g (very common/popular router).  vpn is enabled, as is ipsec on the router.  forwarding ports 1723, 1701, 3389, 443, etc. to the server
i had a non-domain computer plugged into the lan, and the vpn seemed to connect (even though the test machine was not on the domain).  tried that with a domain notebook that i unplugged and used a different ssid, and still had no joy.
my home machine is the same notebook (previously, with xp pro, it connected via vpn to my previously sbs 2003 now sbs 2008 server)
i have made sure the user account has vpn permissions, and have run the vpn wizard repeatedly at the office.  port query shows 1723 is listening (but not 1701).  i have no way to "force" a protocol 47 allowance at the server level (i've read all about gre).  i have enabled 1723 pass through via the firewall, have enabled 1701, and for 1723 allowed all possible protocols for my firewall (tcp, udp, and 2 more that i don't recall/not familiar with - imgp or similar)
at home, my router is a dlink 655 which is also a popular and powerful router.  i have enabled all the vpn settings on that one as well (and in fact, that one i can enable protocol 47, which i have though i think it's irrelvant on that front)
ISP on both ends is optimum (cablevision).  i believe they do NOT block vpn.
i have thought about trying my old matching linksys wrt54g router at home - i do not believe i every had success with the dlink even when the server was sbs 2003 (but then, i had tons of server issues)
i know microsoft recommends rww which does work flawlessly, but i wanted vpn as a poor man's off-site backup for my documents, along with some other network access that would be very unwieldly with rww
any help would be very appreciated!
0
Comment
Question by:GaryGarland
  • 5
  • 4
9 Comments
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
You do not need 1701, nor do you need IPSec for the SBS VPN.
With SBS you usually also want 25, 443, and 987  for e-mail, OWA, RWW, and Sharepoint

-Run the SBS VPN wizard as you said you did. I assume you mean from the SBS console and not RRAS. It is located under SBS console | networking | connectivity
-your router requires only port 1723 be forwarded to the SBS for the VPN and under the firewall section (I believe) enable PPTP pass-through. This will enable GE (protocol 47)
-The router must have a public IP. Are you sure it does and it is not getting a private IP from a combined modem/router? If so the modem has to be out in bridge mode
-on the client you need to configure the VPN client as per the following
  XP: http://www.lan-2-wan.com/vpns-XP-Client.htm
  Vista/Win7: http://www.onecomputerguy.com/networking/vista_vpn_client.htm
0
 

Author Comment

by:GaryGarland
Comment Utility
Rob, thanks for the response.  I hadn't seen the referenced article (one computer guy) but i'd done everything there many times (except for playing with my hosts file)
public ip - i'm using my dyndns address which works fine for rww, owa, etc.
not sure what you mean by bridge mode - this set up did work under sbs 2003 - i'm using a cable modem into the router.
i'm beating my head against the wall - don't know what the culprit could be...
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
Sounds like bridging is not an issue.

f you log on to the SBS and go to  www.canyouseeme.org  and test for port 1723 does it show succeded?

Have you tried running the BPA?
http://www.microsoft.com/downloads/en/details.aspx?familyid=86a1aa32-9814-484e-bd43-3e42aec7f731&displaylang=en
It will often point out all sorts of configuration issues.
0
 

Author Comment

by:GaryGarland
Comment Utility
Hi - 1723  shows success.  Bpa shows no sp2 which actually failed previously - think sp2 might solve all my ills, or other suggestions?
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
Comment Utility
I  am doubtful SP will resolve the issue and it is definitely not that cause of the problem.

Can you confirm what you said before; the VPN will connect from the LAN using the LAN IP?
0
 

Author Comment

by:GaryGarland
Comment Utility
hi - i tried again using a different router (my spare wrt54gl at home that matched the one at the office) - AND IT CONNECTED!
i then switched by to the prior router, and after power cycling it now works. i give up - no rhyme nor reason.  i can sync files - though i can't see other computers from the office network (in other words, they are not showing up, but their shares still work) - wierd.
any ideas?
my primary goals of vpn are two-fold
1) documents sync
2) ability to print to remote device (i.e. i have a fax driver that will fax when i print to the fax machine, would like to be able to hit that from home)
i'll post points - not sure if i need to ask a separate question.  Rob, thanks again for your responses!
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
>>" i can't see other computers from the office network "
Generally you will not be able to browse the Network. Network browsing relies on NetBIOS broadcasts. Broadcast packets are not routable and thus not forwarded over the VPN. In order to have full browsing capability you usually have to set up a WINS server at each site and have them replicate. However file access and DNS will work fine over a VPN.

You ask about a second question, but I am not sure what it is. Sounds like syncing is working Now? Printing can be another issue primarily due to drivers and default gateways. The FAX driver may or may not work. You need to install the driver locally, point to the IP of the FAX device but it may also require that the FAX device use the server as it's default gateway and that is not usually an option with a software client VPN. With a site to site VPN between two VPN routers that is easily done.
0
 

Author Comment

by:GaryGarland
Comment Utility
Thanks Rob - i actually feel assured with your response, in that i can browse the shares even if not observe them.
if i can ask you yet one more question - i set up my new notebook on the domain, and brought home.  so i am having permission/network issues when running as a domain machine; however when i log in to the notebook locally there are no issues - can you think of anything i should do at home to get things more in sync, or is this common?  i'm not sure if i should play with "home" and "work" network settings in the network center (windows 7).
home network - router, mybook (hey, gotta access my movies and backups, right?), printer, wife's computer (just for internet and email), etc. - i can change the home network to be more friendly to the office if it makes sense.  home is 192.168.1.X, office is 192.168.2.X (i did this years ago so vpn should work without conflict)
thanks again - if this is inappropriate in this section i'll ask a new question but i think it's germaine.  thanks again!
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
Don't worry about relevant or not, glad to help if I can.

You mention permission issues. Are these accessing files at home or files on the domain?
If you are connecting to a different domain or workgroup you usually have to use the credentials for the other domain  or workgroup to access those permissions, in the form domain\username  or PC\username.
If the issue is once you joined the laptop to the domain, and you logon with that account at home, and you cannot access local resources , try creating an account on the home computers with the same name and password as you use at the office. This should allow access without a problem.

As for IP configuration that is fine. Home and work must use different subnets so don't change that.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Suggested Solutions

If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now