Solved

Error trying to VPN using WAN Miniport L2TP

Posted on 2010-11-26
12
5,503 Views
Last Modified: 2012-05-10
Unable to connect using Windows 7 VPN to Windows Server 2003.  I get several messages.  First message is "Verifying Password...", second message "connecting to ip using WAN Miniport (SSTP)', third message connecting to ip using WAN Miniport PPTP,  then last message "Connecting to  IP using "WAN Miniport (L2TP)...Error 800...".  This used to work up until that last few days.  No changes have been made to the network or configuration settings on either side (Client or Server including the PIX Firewall).  any ideas?
0
Comment
Question by:drest
  • 6
  • 5
12 Comments
 
LVL 11

Expert Comment

by:diprajbasu
ID: 34220733
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 34221525
diprajbasu,
Please don't post just links, and in particular if they only lead to a list of threads not directly related.

drest,
Do you know which one of those protocols have been used actually to connect when it succeeded? It's important since the diagnostics differ for PPTP and L2TP (we can forget about SSTP - not supported with W2003).
0
 

Author Comment

by:drest
ID: 34222360
Genius, i do not know which used to work.  It has been working for over months.  

The only change that was made recently on the network was a local switch went bad (1 of the 2) and had to connect about half the  local workstations to an old backup switch.  The switches are unmanaged.  The Pix and the server are unaffected as the are/were connected to the 1 working existing switch.  No other changes have been made to the network.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 69

Expert Comment

by:Qlemo
ID: 34222437
I agree the switches are not part of the issue. However, there has to be a change somewhere. Look into your server's event log - maybe it's the server's fault. But it could also be a lost or changed setting on the Cisco (about forwarding the necessary ports).
0
 

Author Comment

by:drest
ID: 34223245
Spent the last few hours toubleshooting this.  Got it to work, but don't know exactly why.  Inserted a couple of switches to help me troubleshoot. Bypassing the modem, the pix firewall, and tried several scenerios.  One time i was connected to the VPN and simply reconnected the Modem (DSL) and it immediately brought down the VPN connection.  Logged onto the Modem and saw nothing that would interfere with the VPN (no firewall, everything port forwarded).  Then reconnected bypassing everything but the modem, the pix, and the server...and whalla, i was able to connect.  reconnected everything the way it was originally and the VPN now works.  I do not have any clue as to why it is working!   Maybe the sequence of when the devices are brought up/attached?  Unexplainable!  
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 34223312
There seem to be too much factors in the equation to really determine what is happening.
Now that the VPN is working, you should take note of whether it is PPTP or L2TP. If you cannot determine it otherwise, just issue a    netstat -an | findstr "1701 1723 500 4500"    to list the ports used.
0
 

Author Comment

by:drest
ID: 34223348
It is PPTP.
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 34223369
Oy - many, many things can go wrong then. GRE, which is used for encapsulation, is a flaky protocol when crossing NAT devices.
I would wait for at least one day to see whether the effect is retained. If the connection breaks again, I'm afraid nothing else then logging the traffic on at least three locations (client, your router, and server) helps. That is the only way you can make sure you know enough about what is happening (or not).
0
 

Author Comment

by:drest
ID: 34226273
it broke again!
0
 
LVL 69

Accepted Solution

by:
Qlemo earned 500 total points
ID: 34226306
We had that with our smart firewall device (Juniper SSG) applying a PPTP application layer gateway, which allows for using more than one PPTP connection in- or outbound with the same public IPs in a double-NAT scenario (ouch). Depending on the GRE session number, or anything exchanged different each time on connection initiation, the connection works or does not. It is random. Yours might be a similar issue.
The official answer for using PPTP behind NAT devices is to use an own public IP per remote target. In your case, if you have an IP address block assigned by your ISP, you can use a different IP for PPTP, and forward that to the W2003 server. That might help, but we cannot know, since we both have no hint yet what really breaks the connection.
0
 

Author Closing Comment

by:drest
ID: 34337050
Thank you for your comments.  it turned out to be the switch.  Since it was the only change, i relaced with a new switch and things began to work again.
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 34337096
If the switch is a routing one (L3 Switch), that can explain the failure. If not, I was totally off, and should not get points.
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
DirectAccess only works one way 3 81
robocopy vs xcopy vs copy 8 108
AWS VPS as AD Server 2 65
Determine if SQL is installed in Server 2008 R2 4 77
Ever notice how you can't use a new drive in Windows without having Windows assigning a Disk Signature?  Ever have a signature collision problem (especially with Virtual Machines?)  This article is intended to help you understand what's going on and…
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

816 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now