Daniel Bertolone
asked on
VPN SBS 2008 Not Working
I am trying to connect to an sbs server via vpn but every time i try & connect it fails on the user name & password.
I have opened ports 1723 & 47 on my router & have also enabled vpn access for the user in question via the sbs console.
I have opened ports 1723 & 47 on my router & have also enabled vpn access for the user in question via the sbs console.
Is routing and remote access enabled on the SBS server?
ASKER
Where do i look to check?
If it does the initial connection and fails on the password do you get a 721 or 691 error? I suspect you have forwarded port 1723 correctly but not GRE. GRE is protocol 47 not port 47. To allow GRE there are different methods on different routers but generally you cannot do this with a forwarding rule. On some routers you enable "PPTP pass-through", on others you forward the built-in PPTP service, not port 1723 and it does both for you, yet on others it requires a command to enable GRE pass-through. If you can provide the make and model of the router we may be able to provide specifics.
I assume you enabled the VPN using the wizard from the SBS console under network | connectivity?
I assume you enabled the VPN using the wizard from the SBS console under network | connectivity?
Go to Start->Administrative Tools->Routing and remote access. Check to see if it's enabled. Expand your server
Right-click ports -> Properties
click Wan Miniport (PPTP) and press configure
Make sure 'Remote access connections (inbound only)' is checked
configure maximum ports to allow for as many concurent vpn connections (mine is set up for 5)
Right-click ports -> Properties
click Wan Miniport (PPTP) and press configure
Make sure 'Remote access connections (inbound only)' is checked
configure maximum ports to allow for as many concurent vpn connections (mine is set up for 5)
ASKER
That is not a GRE error then. That is prior to where GRE would fail.
Does the user have permission to use the VPN?
They need to be granted access in the SBS control panel under users | properties of the user | remote access | "user can access virtual private network"
Does the user have permission to use the VPN?
They need to be granted access in the SBS control panel under users | properties of the user | remote access | "user can access virtual private network"
ASKER
User has been granted vpn access via the sbs console
As a test try connecting from the LAN using the LAN IP of the server not the public address and see if you can connect with that user name and password.
Also in Active Directory make sure under the Dial-in tab of the user's profile they are not set to deny access.
Also in Active Directory make sure under the Dial-in tab of the user's profile they are not set to deny access.
ASKER
Checked routing & remote access and is configured as you mentioned
Have your forwarded port 1723 to your SBS server?
ASKER
Checked in AD & the users remote dial in tab is set to "control access through NPS network policy"
I tried changing to allow but it made no difference
I tried changing to allow but it made no difference
ASKER
Port 1723 has been forwaded to the servers internal ip on the router
ASKER
VPN Connection internally works with the same credentials
NPS is correct.
If works internally it may then be a GRE error. Initial handshaking is dine via port 1723, but GRE is required for authentication.
What make and model router?
If works internally it may then be a GRE error. Initial handshaking is dine via port 1723, but GRE is required for authentication.
What make and model router?
ASKER
Draytek 2820
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Mate you are a star, that sorted it!
If i wanted to use the routers own vpn service aswell is this possible?
If i wanted to use the routers own vpn service aswell is this possible?
Glad to hear.
You can use a different service on the Draytek for VPN but not the same.
For example you can enable the IPSec VPN on the Draytek, which is more secure, and still use the SBS PPTP VPN, but you cannot use PPTP on both.
You can use a different service on the Draytek for VPN but not the same.
For example you can enable the IPSec VPN on the Draytek, which is more secure, and still use the SBS PPTP VPN, but you cannot use PPTP on both.
ASKER
Thanks Rob!
You are very welcome. Thank you Dantech-IT-Solutions.
Cheers!
--Rob
Cheers!
--Rob