Solved

SBS 2011 VPN connection

Posted on 2011-09-15
15
1,693 Views
Last Modified: 2013-12-02
I have a newly installed SBS 2011 standard server, patched up, working fine. I have run the VPN config wizard and when my end users connect to the VPN, it does not give them an IP address. I have re-run the VPN wizard successfully, ran the FMNW, and checked that port 1723 is pointed to my server on my router. Router and Cable modem are the same as before, only changed from SBS 2003 to SBS 2011. All users were working ok with VPN untill the new server. Any help would really be appreciated.
0
Comment
Question by:terrontech
15 Comments
 
LVL 6

Expert Comment

by:jaredr80
ID: 36544847
Have you made sure in the SBS console under the User properties that under the 'Remote Access' tab if the user has 'User can access vpn' checked off?
0
 

Author Comment

by:terrontech
ID: 36546153
Yes, it's there. Connecting isn't the problem. Getting an IP address is. Thanks.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 36546157
SBS needs to be the DHCP server
You need to run the SBS wizard and not the RRAS wizard
Makes sure the router forwards 1723 to the IP of the new server and not the old
As jaredr80 stated you need to grant access under the user name in the SBS console, or add them to the VPN user group.

Can they connect from the LAN, using the LAN IP of the wizard, just as a test.
0
 

Author Comment

by:terrontech
ID: 36546181
That's the Wizard I've run. Inside the SBS console under network, connectivity. I configured VPN from there it ran successfully. I also made sure under the user's properties that "user can access virtual private network" was enabled. I even vpn'd in as the network admin account and the behavior is the same. It let's me connect, but does not assign an IP address. Please help. Thanks again.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 36546210
As a test to see if it is a routing or VPN configuration issue try connecting from the same LAN as the server but use the server's LAN IP, not the public IP.
0
 

Author Comment

by:terrontech
ID: 36546227
Same behavior. I think it's DHCP related. I ran the fix my network wizard earlier and it found no issues. Here is the output of ipconfig/all for the PPP adapter: I replaced the company name w/ companyname.

PPP adapter Companyname VPN:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Companyname VPN
   Physical Address. . . . . . . . . :
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 169.254.106.192(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . : 0.0.0.0
   DNS Servers . . . . . . . . . . . : 192.168.1.10
   NetBIOS over Tcpip. . . . . . . . : Enabled
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 36546300
If you open the DHCP server are there any leases available, and there should be a green dot on the server name. If there are any red or yeelow marks it may be related to the DHCP service itself.
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 

Author Comment

by:terrontech
ID: 36546313
Green dots on both IPV4 and IPV6. Very strange.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 36546367
and there are leases available? i.e. the scope is large enough?
0
 

Author Comment

by:terrontech
ID: 36546376
Yes, plenty. I have less than 20 users
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
ID: 36546402
But the scope may have been reconfigured to 20 or less. Presumably not.

In the RRAS console if you right click on the server name and choose properties, under the IPv4 tab are enable IPv4 routing and Dynamic Host Protocol checked?
0
 

Author Comment

by:terrontech
ID: 36547197
Hi Robwill. I resolved the issue like this. I manually disabled RRAS in the RRAS console and re-ran the VPN wizard in the SBS wizard. Thank you for your help and quick response.
0
 

Author Closing Comment

by:terrontech
ID: 36547199
Thank you.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 36547207
Glad to hear you were able to resolve.
Thanks terrontech.
Cheers!
--Rob
0
 

Expert Comment

by:MissyTuttle
ID: 38407589
Great solutions guys.  Worked like a charm.
0

Featured Post

Want to promote your upcoming event?

Are you going to an event? Are you going to be exhibiting at a tradeshow? Talking at a conference? Using a promotional banner in your email signature ensures that your organization’s most important contacts stay in the know and can potentially spread the word about the event.

Join & Write a Comment

Have you considered what group policies are backwards and forwards compatible? Windows Active Directory servers and clients use group policy templates to deploy sets of policies within your domain. But, there is a catch to deploying policies. The…
The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now