Windows 7 to SBS 2003 VPN Error 807
Hi,
I've been experiencing huge problems getting 2 new Windows 7 Pro x64 laptops to connect to a SBS 2003 via PPTP VPN. Both are running AVG Internet Security 2011 Business Edition.
The VPN works correctly using XP Pro with the same settings and credentials both internally and externally.
The 807 error is a latency problem according to Windows. However I have tried logging onto the VPN from the same internal LAN as which the server resides on using the internal IP address of the server and get the same result.
I have tried disabling the AVG/Windows firewall and still have the same outcome.
Oddly, one of the laptops did connect for a couple of weeks but now it doesn't.
It is almost like Windows is not even trying the VPN based on the sped that the error message pops up, which is pretty much instantaneous.
Any help/suggestions would be gratefully appreciated!
Bish
I've been experiencing huge problems getting 2 new Windows 7 Pro x64 laptops to connect to a SBS 2003 via PPTP VPN. Both are running AVG Internet Security 2011 Business Edition.
The VPN works correctly using XP Pro with the same settings and credentials both internally and externally.
The 807 error is a latency problem according to Windows. However I have tried logging onto the VPN from the same internal LAN as which the server resides on using the internal IP address of the server and get the same result.
I have tried disabling the AVG/Windows firewall and still have the same outcome.
Oddly, one of the laptops did connect for a couple of weeks but now it doesn't.
It is almost like Windows is not even trying the VPN based on the sped that the error message pops up, which is pretty much instantaneous.
Any help/suggestions would be gratefully appreciated!
Bish
Erk333
what are you managing your VPN with (ASA, concentrator, etc..), and which dialer are you using?
ASKER
Hi Erk333,
I am using a Zyxel Firewall that is passing all PPTP traffic (GRE and Port 1723) directly to RRAS on the SBS 2003.
This is done using the standard Windows VPN Dialer.
I'm 100% sure it is nothing to do with the firewall. I have a VPN setup on my XP laptop, using the same settings and credentials which works both from the internal LAN (connecting directly to the SBS by its private IP address) and remote LAN's (connecting through the public IP address of the firewall).
There is nothing in the event logs on the server and I only get an 807 error in the event log on the local machine.
I hope this helps?
I am using a Zyxel Firewall that is passing all PPTP traffic (GRE and Port 1723) directly to RRAS on the SBS 2003.
This is done using the standard Windows VPN Dialer.
I'm 100% sure it is nothing to do with the firewall. I have a VPN setup on my XP laptop, using the same settings and credentials which works both from the internal LAN (connecting directly to the SBS by its private IP address) and remote LAN's (connecting through the public IP address of the firewall).
There is nothing in the event logs on the server and I only get an 807 error in the event log on the local machine.
I hope this helps?
the 807 is a fairly generic code. just means ' i could not get out'. my first thought would have been local firewall but if youre confident you've tested while disabled i would check network properties and disable ipv6 if its up.
if one of them was working briefly it could be an tcp/ip, dns, or winsock thing.
if you havent already id reset both winsock and ip
netsh winsock reset
netsh int ip reset
if one of them was working briefly it could be an tcp/ip, dns, or winsock thing.
if you havent already id reset both winsock and ip
netsh winsock reset
netsh int ip reset
ASKER
Thanks for the advice.
When you say disable IPv6 d you mean generally or just on the adapter settings? Also, it shouldn't be a DNS issue because the dialer is set to connect to an IP address and not a FQDN.
I'll give it a try. I don't have access to the laptops at the moment so will report back as soon as I have had a chance to try out your suggestions.
Thanks again!
When you say disable IPv6 d you mean generally or just on the adapter settings? Also, it shouldn't be a DNS issue because the dialer is set to connect to an IP address and not a FQDN.
I'll give it a try. I don't have access to the laptops at the moment so will report back as soon as I have had a chance to try out your suggestions.
Thanks again!
Are you by any chance using the SBS "Connection Manager Client" on the Win7 machine? It will not work on a 64bit machine. If so you need to manually configure the client side using instructions similar to the following:
http://www.onecomputerguy.com/networking/vista_vpn_client.htm
http://www.onecomputerguy.com/networking/vista_vpn_client.htm
ASKER
Thanks for your comment Rob.
The VPN dialer was created manually as per your link. I have checked the settings against my working VPN connection over and over again and although there are some very subtle differences in the options you can choose, they are basically the same.
Thanks again!
The VPN dialer was created manually as per your link. I have checked the settings against my working VPN connection over and over again and although there are some very subtle differences in the options you can choose, they are basically the same.
Thanks again!
Win 7 VPN manual client on both 32 and 64 bit with just the defaults should work fine, and the server is obviously OK if the XP clients work. Also the router from which you are connecting is not the problem if you have the same erroro when you try to connect from the LAN. Thus I would suggest the problem resides locally on the Win7 machine. I have never had to disable IPv6 though I see that as a recommendation when Googling. Personally I would more suspect 3rd party security software on the Win7 PC. Is it possible to completely disable AVG, on the PC, for a test?
Correction, there is a possibility on the server, but if set to defaults it should be fine. To be sure; in the RRAS console right click on the server name and choose properties | under the security tab, make sure MS-Chap-V2 is enabled. Leaving any others that may be enabled is fine, just make sure V2 is added. Vista and Win7 will not use basic CHAP, but XP will.
ASKER
Rob, thanks for your comments once again.
MS Chap V2 is enabled. As for AVG you can disable all modules for a certain amount of time but it does still run as an application in the system tray. Likewise you can disable the firewall. However, I suspect that the only true way of disabling it would be to uninstall and reinstall after the test.
I'm gonna try Erk333's suggestions first, as soon as I have access to the laptops which will not be until tomorrow now, then failing that I will try uninstalling AVG, testing the connection again and then reinstalling AVG.
I'll keep you posted...
Thanks again!
MS Chap V2 is enabled. As for AVG you can disable all modules for a certain amount of time but it does still run as an application in the system tray. Likewise you can disable the firewall. However, I suspect that the only true way of disabling it would be to uninstall and reinstall after the test.
I'm gonna try Erk333's suggestions first, as soon as I have access to the laptops which will not be until tomorrow now, then failing that I will try uninstalling AVG, testing the connection again and then reinstalling AVG.
I'll keep you posted...
Thanks again!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks guys for all your advice. I'll keep you all posted on the results of my tests which hopefully I'll get to do tomorrow.
ASKER
Neither of my clients have been in their office today with their laptops so I have been testing from my own Windows 7 Ultimate machine from home. It is currently running AVG 9.0 Free which allowed me to successfully setup a VPN to the SBS.
I'm currently downloading a free trial of AVG Internet Security Business Edition 2011 which I'll install on my machine to see if it makes a difference.
I didn't have to do the winsock or ip reset as suggested by Erk333 on my machine to get it to work, although that is not to say it might still fix these two rogue laptops.
I am starting to think it may well be AVG that is the problem.
I'll give you an update shortly when I have tested the VPN with the new version of AVG.
I'm currently downloading a free trial of AVG Internet Security Business Edition 2011 which I'll install on my machine to see if it makes a difference.
I didn't have to do the winsock or ip reset as suggested by Erk333 on my machine to get it to work, although that is not to say it might still fix these two rogue laptops.
I am starting to think it may well be AVG that is the problem.
I'll give you an update shortly when I have tested the VPN with the new version of AVG.
Win7 should be very simple to connect, no tweaking, just address, name, and password. I agree AVG is likely the culprit, ESPECIALLY if more than just basic A/V.
ASKER
It is definitely due to AVG. As soon as I installed it, my VPN connection stopped working.
That said... On my machine, it does work by disabling the firewall. After delving a little deeper into the firewall rules, the PPTP, L2TP, AH, ESP & GRE system services are all blocked by default. Marking them as safe means we're all good!!!
One thing that does confuse me though, is, I did explain to my customers how to disable the firewall yet they still maintain that the VPN was not working. Maybe it's one of those PICNIC (problem in chair, not in computer) moments?;-)
I will mark this as answered as soon I can confirm that this is the issue with both laptops.
Thanks again for all your help!
That said... On my machine, it does work by disabling the firewall. After delving a little deeper into the firewall rules, the PPTP, L2TP, AH, ESP & GRE system services are all blocked by default. Marking them as safe means we're all good!!!
One thing that does confuse me though, is, I did explain to my customers how to disable the firewall yet they still maintain that the VPN was not working. Maybe it's one of those PICNIC (problem in chair, not in computer) moments?;-)
I will mark this as answered as soon I can confirm that this is the issue with both laptops.
Thanks again for all your help!
Are you using the AVG management tools from the server for the clients? If so they may not be able to disable various features due to policies. Also watch AVG updates, the McAfee firewall will occasionally re-block ports and services after some updates.
ASKER
Hi Rob,
I have logged on to their server and changed the firewall policies and pushed it out to the clients. Hopefully next time they log on to their network, they should receive the new settings.
However, based on the problems I am now having removing AVG Internet Security 2011 Business Edition from my home PC I wouldn't be at all surprised if it didn't work and they had to be updated manually.
What has happened to AVG? It used to be a great product but 2011 seems to be causing nothing but problems!
I will keep my eye on the AVG updates... Cheers!
I have logged on to their server and changed the firewall policies and pushed it out to the clients. Hopefully next time they log on to their network, they should receive the new settings.
However, based on the problems I am now having removing AVG Internet Security 2011 Business Edition from my home PC I wouldn't be at all surprised if it didn't work and they had to be updated manually.
What has happened to AVG? It used to be a great product but 2011 seems to be causing nothing but problems!
I will keep my eye on the AVG updates... Cheers!
Let us know how it goes.
I haven't used AVG client/server in several years. I liked it when it was simple A/V but gave up on it due to similar complications a few years ago. Having said that they are not alone with having network issues, especially with SBS.
I haven't used AVG client/server in several years. I liked it when it was simple A/V but gave up on it due to similar complications a few years ago. Having said that they are not alone with having network issues, especially with SBS.
ASKER
Thanks guys for all your help. Making the changes to the firewall rules on the server certainly fixed the problem.
Cheers,
Bish
Cheers,
Bish
Good to hear. Thanks Bish.
Cheers!
--Rob
Cheers!
--Rob
You don't need to uninstall AVG 2011. Since the free version I have has no Firewall options listed, the only way I could get MS VPN to be excepted was Tools, Advanced Settings, Update, Dial Up. Select use dial-up connections, Automatically use this connection, Then select your previously created (and working - pre avg 2011) and click Close dial-up connection when finished.
This will allow the protocols and ports necessary to successfully connect using MS VPN.
Tested on XP Pro SP3, VIsta and Windows 7 to remote SBS2003 server.
AVG 2011 free is a good product as far as free goes. All the issues my clients have regarding VPN connection is all down to the Firewall, protocols and routing. The last one is especially important in Ubuntu when connecting by VPN to a MS box.
This will allow the protocols and ports necessary to successfully connect using MS VPN.
Tested on XP Pro SP3, VIsta and Windows 7 to remote SBS2003 server.
AVG 2011 free is a good product as far as free goes. All the issues my clients have regarding VPN connection is all down to the Firewall, protocols and routing. The last one is especially important in Ubuntu when connecting by VPN to a MS box.