VPN SBS 2008 Not Working

Is routing and remote access enabled on the SBS server?

Where do i look to check?

If it does the initial connection and fails on the password do you get a 721 or 691 error? I suspect you have forwarded port 1723 correctly but not GRE. GRE is protocol 47 not port 47. To allow GRE there are different methods on different routers but generally you cannot do this with a forwarding rule. On some routers you enable "PPTP pass-through", on others you forward the built-in PPTP service, not port 1723 and it does both for you, yet on others it requires a command to enable GRE pass-through. If you can provide the make and model of the router we may be able to provide specifics.

I assume you enabled the VPN using the wizard from the SBS console under network | connectivity?

Go to Start->Administrative Tools->Routing and remote access.  Check to see if it's enabled.  Expand your server

Right-click ports -> Properties
click Wan Miniport (PPTP) and press configure
Make sure 'Remote access connections (inbound only)' is checked
configure maximum ports to allow for as many concurent vpn connections (mine is set up for 5)

I always get the following error.

Router is a draytek 2820
vpn.png

That is not a GRE error then. That is prior to where GRE would fail.
Does the user have permission to use the VPN?
They need to be granted access in the SBS control panel under users | properties of the user | remote access | "user can access virtual private network"

User has been granted vpn access via the sbs console

As a test try connecting from the LAN using the LAN IP of the server not the public address and see if you can connect with that user name and password.

Also in Active Directory make sure under the Dial-in tab of the user's profile they are not set to deny access.

Checked routing & remote access and is configured as you mentioned

Have your forwarded port 1723 to your SBS server?

Checked in AD & the users remote dial in tab is set to "control access through NPS network policy"
I tried changing to allow but it made no difference

Port 1723 has been forwaded to the servers internal ip on the router

VPN Connection internally works with the same credentials

NPS is correct.
If works internally it may then be a GRE error. Initial handshaking is dine via port 1723, but GRE is required for authentication.
What make and model router?

Draytek 2820

Mate you are a star, that sorted it!

If i wanted to use the routers own vpn service aswell is this possible?

Glad to hear.

You can use a different service on the Draytek for VPN but not the same.
For example you can enable the IPSec VPN on the Draytek, which is more secure, and still use the SBS PPTP VPN, but you cannot use PPTP on both.

Thanks Rob!

You are very welcome. Thank you Dantech-IT-Solutions.
Cheers!
--Rob