Go Premium for a chance to win a PS4. Enter to Win


SERVER 2012 VPN ISSUE connects but can't access resources

Posted on 2013-06-19
Medium Priority
Last Modified: 2013-11-21
Hi. I have setup VPN on server 2012 at a remote location.  The remote modem/router has been assigned a static ip from ISP. Port forward has been done to router which has ip I am able to connect to the vpn server using a pptp vpn client setup on win7 or win 8 but cannot rdp to the server. It says cant find the server. The local computer has been assigned a address, but I can't even ping the server ip. The wierd part about this is that I was able to rdp yesterday but not now???  I went to the remote location and restarted the server but that hasn't worked.  

I would be most grateful for any suggestions.

Thanks.   Michael M.
Question by:mjmacklin
  • 4
  • 3
  • 2
LVL 77

Expert Comment

by:Rob Williams
ID: 39263856
>>"Port forward has been done to router which has ip"
Is that a typo, i.e. should it be; Port forward has been done to server, or is there a modem/router unit and a separate router?

If you have both, the modem needs to be put in bridge mode effectively making it a basic modem and removing the NAT feature which gives the inner router a public IP.

Most often when you can connect a VPN but not access any resources it is due to a duplicate network ID in the path between client and server.  In other words two network segments are using the same subnet such as server site and client site, or one in between, both using 10.0.0.x  Is that a possibility?  The VPN/PPP adapter can be the same as the server, but not the client site's local network.

Also when you enable a service on a server or PC, it "usually" enables a firewall exception but only from the local network/domain.  When connecting by VPN you usually have to add "public" to the firewall exception.  Is it possible to turn of the Windows, or any 3rd part, firewall just for testing?

To verify if it is a routing issue and not a VPN misconfiguration, try connecting the VPN from the LAN using the server's LAN IP, not the public IP.

Let us know how you make out.
LVL 22

Expert Comment

by:Larry Struckmeyer MVP
ID: 39263894
My suggestion is to first get RWA working as it provides a much more secure connection to the internal LAN from outside.  Once that works you will have complete access to every station on the network from outside and can then more easily troubleshoot what is causing your current issue.  

BTW, we discourage VPN directly to servers, or RDP from outside directly to servers because forwarding ("opening") the required ports is a security risk from several standpoints.

Having said that, check on RobWills suggestion that the home router and the LAN router both have the same IP subnet.
LVL 77

Expert Comment

by:Rob Williams
ID: 39263935
Hi fl_flyfishing I would agree if SBS/Essentials, but was there mention of either?   I may have missed it, it wouldn't be the first time  :-)
 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

LVL 22

Expert Comment

by:Larry Struckmeyer MVP
ID: 39264004
@RobWill... my bad.  SBS on the brain today.

@ mjmacklin.  Sorry, under-caffinated brain somehow added SBS to your subject.  RWA will not work unless you have some version of SBS/Server Essentials/Storage Server Essentials or Windows Home Server inside your network.

Author Comment

ID: 39265109
Hi, Thanks very much for your reply.

1. Yes, i have forwarded port 1723 to
2. It is just the NB5 modem/router
3. As for the duplicate id,  the local ip address is and when it connects the ppp adapter address is which ofcourse is on the same subnet as the remote LAN.
4. I will go to the remote site tommorow, but I think the firewall exception for remote access does enable public. ( but i will check that)
5. I havent tried to VPN from the LAN yet so i will also try that.

If it is a routing issue, could it be the RRAS?  Would i perhaps need to remove that role and reinstall it?

One thing worth mentioning is that when I set this up the other day it did work and I was able to remote to the server access the shares and RDP.

I also tried access the remote site from another network also, just to make sure it wasnt anything on the local network that was a problem.

Thanks again for your assistance.  Michael M

Author Comment

ID: 39267420
Hi, I went to the remote site today and this is what i did:

1.  At the remote site I connected from the LAN to the servers address and was able to access the resources and RDP.
2. I disabled the firewalls
3. I also removed the remote access role and reinstalled.

Still cant access from outside keeps saying the network path is not found.


Thanks ... Michael
LVL 77

Accepted Solution

Rob Williams earned 2000 total points
ID: 39269311
Since you were able to function properly from the LAN, the VPN connects when on a public network, and you only have a single routing device, the NB5, I'm sorry but it still sounds like a firewall issue on the server.

However there are some other possibilities:
-The first phase of the VPN makes the connection and the second, GRE, completes the authentication.  It is possible the router is still blocking GRE, however that usually results in a 721 or 691 error when you connect
-some routers will not support PPTP VPN's despite what the manual says.
-non firewall software such as A/V can sometimes block VPN traffic

Author Closing Comment

ID: 39274927
Yes!  Thank You very much for your help.  I finally changed the modem/router and now it works!!  Much gratitude for your suggestions.

Michael M.
LVL 77

Expert Comment

by:Rob Williams
ID: 39276743
Glad to hear you were able to resolve.
Thanks Michael.

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

783 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question