vpn error 800 when accessing sbs 2011

Posted on 2013-01-16
Last Modified: 2013-12-02
I have a remote office with 10 users that are VPNing to our main office sbs2011 server.   the first 5 users have connected  fine.  When I attempt to connect the 6th remote client they get an error 800.  this laptop connected successfully yesterday, when I was setting the office up.  I haven't made any changes to it.  
Is there some setting on the sbs2011 server that has maxed out?  some setting I need to bump up to allow additional vpn tunnels?
Question by:TIGUETX
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
LVL 58

Expert Comment

by:Cliff Galiher
ID: 38785124
Did you set up the VPN service on SBS 2011 or are you using one provided by your router? Are you doing PPTP, L2TP, or SSTP? What kind of equipment is at your network's edge?

Author Comment

ID: 38785345
Yes, I set up the VPN on SBS2011.  I brought the laptop home that was failing to connect Now that 3-4 off the other users have disconnected for the night. I can successfully vpn into the server.  got to be a limit setting on the server
LVL 58

Expert Comment

by:Cliff Galiher
ID: 38785394
You did not answer any of my other questions...
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.


Author Comment

ID: 38785461
Sorry. PPTP and Comcast Business Class Routers at both ends running 27 down and 7 up  (Not at office, so I can't tell you the brand)

I was hoping to keep this simple, but some of the post on the subject seem to indicate that Multiple VPNs can put a major drain on the network and dedicated VPN routers at both ends creating the tunnel might be the way to go.

I have 2 Cisco rvs4000s gigabit routers with VPN ready to roll if i need them.

Author Comment

ID: 38785462
also have avail static IPs at both ends
LVL 58

Accepted Solution

Cliff Galiher earned 500 total points
ID: 38785481
PPTP uses GRE as part of the tunnel. Many consumer or lower end NAT devices will not handle more than a few GRE tunnels. After all, how many VPN sessions would the average home user have? So I suspect you are hitting a hard limit of the NAT device. 5 is a nice even number and not uncommon on Linksys and Netgear home/consumer routers.

I usually don't recommend using the provider's equipment as a router. Comcast should be able to provide you just a basic bridge device that does not do NAT and passes all traffic to another router/NAT device. Then you can use whatever you want and not be tied to the provider. For businesses, a basic UTM device is usually the most appropriate. Something like a SonicWall, Watchguard, Calyptix, etc. They will handle the NAT duties, routing duties, and provide *far* better security as well. Additionally they won't have a problem with more PPTP tunnels.

I should also mention that PPTP is really not secure anymore by modern standards. There are tools that can capture the keys and break them down relatively quickly. You should look at using a different VPN protocol if at all possible. I don't think you need to move from using SBS as the termination device so those Cisco's shouldn't be necessary. The RV series isn't exactly robust either, and I've had problems with them, but even if they did work they wouldn't be as secure as a good security device. The RVs are routers and NAT isn't a reliable security boundary. Cisco makes the ASA series for that. So with that in mind, I don't think deploying the routers would be an adequate solution. It may solve the *immediate* problem but it is ignoring the larger issue.

Author Comment

ID: 38787176
After chasing my tail a bit, I learned that the 5 user ceiling I was hitting on my VPN clients was indeed a setting on my SBS 2011 server.  By default the VPN wizard on sbs2011 limits you to 5 ports.

here is a link to the answer:

Thanks for your effort cgaligher

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Backup application that will backup to google cloud 12 130
Remote desktop connection frequent connection lost 5 102
Exchange Calendars 8 59
Exchange server take over 4 57
Some time ago I faced the need to use a uniform folder structure that spanned across numerous sites of an enterprise to be used as a common repository for the Software packages of the Configuration Manager 2007 infrastructure. Because the procedu…
Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question