vpn error 800 when accessing sbs 2011

Posted on 2013-01-16
Last Modified: 2013-12-02
I have a remote office with 10 users that are VPNing to our main office sbs2011 server.   the first 5 users have connected  fine.  When I attempt to connect the 6th remote client they get an error 800.  this laptop connected successfully yesterday, when I was setting the office up.  I haven't made any changes to it.  
Is there some setting on the sbs2011 server that has maxed out?  some setting I need to bump up to allow additional vpn tunnels?
Question by:TIGUETX
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
LVL 58

Expert Comment

by:Cliff Galiher
ID: 38785124
Did you set up the VPN service on SBS 2011 or are you using one provided by your router? Are you doing PPTP, L2TP, or SSTP? What kind of equipment is at your network's edge?

Author Comment

ID: 38785345
Yes, I set up the VPN on SBS2011.  I brought the laptop home that was failing to connect Now that 3-4 off the other users have disconnected for the night. I can successfully vpn into the server.  got to be a limit setting on the server
LVL 58

Expert Comment

by:Cliff Galiher
ID: 38785394
You did not answer any of my other questions...
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.


Author Comment

ID: 38785461
Sorry. PPTP and Comcast Business Class Routers at both ends running 27 down and 7 up  (Not at office, so I can't tell you the brand)

I was hoping to keep this simple, but some of the post on the subject seem to indicate that Multiple VPNs can put a major drain on the network and dedicated VPN routers at both ends creating the tunnel might be the way to go.

I have 2 Cisco rvs4000s gigabit routers with VPN ready to roll if i need them.

Author Comment

ID: 38785462
also have avail static IPs at both ends
LVL 58

Accepted Solution

Cliff Galiher earned 500 total points
ID: 38785481
PPTP uses GRE as part of the tunnel. Many consumer or lower end NAT devices will not handle more than a few GRE tunnels. After all, how many VPN sessions would the average home user have? So I suspect you are hitting a hard limit of the NAT device. 5 is a nice even number and not uncommon on Linksys and Netgear home/consumer routers.

I usually don't recommend using the provider's equipment as a router. Comcast should be able to provide you just a basic bridge device that does not do NAT and passes all traffic to another router/NAT device. Then you can use whatever you want and not be tied to the provider. For businesses, a basic UTM device is usually the most appropriate. Something like a SonicWall, Watchguard, Calyptix, etc. They will handle the NAT duties, routing duties, and provide *far* better security as well. Additionally they won't have a problem with more PPTP tunnels.

I should also mention that PPTP is really not secure anymore by modern standards. There are tools that can capture the keys and break them down relatively quickly. You should look at using a different VPN protocol if at all possible. I don't think you need to move from using SBS as the termination device so those Cisco's shouldn't be necessary. The RV series isn't exactly robust either, and I've had problems with them, but even if they did work they wouldn't be as secure as a good security device. The RVs are routers and NAT isn't a reliable security boundary. Cisco makes the ASA series for that. So with that in mind, I don't think deploying the routers would be an adequate solution. It may solve the *immediate* problem but it is ignoring the larger issue.

Author Comment

ID: 38787176
After chasing my tail a bit, I learned that the 5 user ceiling I was hitting on my VPN clients was indeed a setting on my SBS 2011 server.  By default the VPN wizard on sbs2011 limits you to 5 ports.

here is a link to the answer:

Thanks for your effort cgaligher

Featured Post

10 Questions to Ask when Buying Backup Software

Choosing the right backup solution for your organization can be a daunting task. To make the selection process easier, ask solution providers these 10 key questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip is around source server preparation. No migration is an easy migration, there is a…
Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : All lightning effects with instructions : http://www.mediaf…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question