Solved

Microsoft SBS 2008 PPTP VPN problem

Posted on 2013-12-17
10
1,095 Views
Last Modified: 2014-10-25
Hey Experts,

We are experience problems with our Microsoft SBS 2008 server, suddenly clients cannot connect through PPTP VPN, and we have tried anything, but nothing seems to be working (but it worked a month ago).

The error says:
Error 628: The Connection was terminated by the remote computer before it could be completed…

I found some additional information from activating logging from the client it receives the following error:
There could not be established connection on port VPN3-1. This is because the selected authentication protocol. Check if the operating system on the client and server support the selected authentication protocol(The message is translated from Danish).

I find it to hard track any error regarding this following problem from the EventViewer…
The VPN Is configured through the Windows SBS console. I have tried to reinstall the VPN connection, and restart have been performed. Windows firewall is off and i have tried to disable anitvirus..
0
Comment
Question by:perspektiva
10 Comments
 
LVL 14

Expert Comment

by:BlueCompute
Comment Utility
What's the OS of the client computers that are connecting? I've seen this on Windows 8 clients but not on Windows XP/Vista/7. Is the problem the same for all users, and are have you changed any network hardware at the server end recently?
0
 

Author Comment

by:perspektiva
Comment Utility
Hello there,
The problem occurs on Windows 7 clients, we have tried multiple computers from different locations. Nothing network related has been changed.

I got my college to test from a Windows XP client and he received following error: Error 732 Your computer and the remote computer could not agree on PPP control protocols.

I’m not receiving any error when I’m trying to telnet on port 1723 to the given VPN address, so I guess I’m able to connect.
0
 
LVL 14

Expert Comment

by:BlueCompute
Comment Utility
Yes the fact that it's getting as far as protocol negotiation tells us there's end-to-end connectivity on the relevant ports.
I'd enable logging on the server (as described here via the routing and remote access administrative tool) and go through those; at the same time I'd check the "Authentication Methods" under the security tab on the same page; compare the enabled protocols there with those that are available on your client computers.
0
 
LVL 14

Expert Comment

by:BlueCompute
Comment Utility
Also, as it's SBS, I'd suggest running all 5 of the "Connect to the internet" wizards on the Home Page of the Windows SBS Console; it certainly won't hurt.
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:perspektiva
Comment Utility
I have tried enabling some logging but I can’t find any useful information..

I will upload the log file and Screenshot of our Network policy constraint to this case, maybe you can see what’s happening.

The network test "Connect to the internet" is completet, but im getting the same error...
Virtual-Private-Network--VPN--Ac.PNG
PPP.txt
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
Your NPS policy is not a default configuration for SBS.  Someone has manually 'tweaked' it so there may be incorrect settings elsewhere.  CHAP and PAP should not be selected, though they will not stop the VPN from working.

Make sure the protocol is selected in RRAS under server name | properties | security | authentication | and only MS-Chap v2 is selected.  No protocols are specified in the NPS policy.

If correct I would disable the VPN by opening the RRAS console, right click on the server name and choose disable.  Then run the VPN wizard under SBS console | Network | Connectivity.

I don't know if that will recreate the VPN policy.  If not I would suggest comparing the configuration in the following SBS 2011 Essentials article, which is the same as your SBS 2008.  2011 Essentials did not have a wizard so you had to do it manually and this article was written to match the SBS 2008/2011 method of configuring.
http://blog.lan-tech.ca/2012/01/28/sbs-2011-essentials-configuring-vpn-access/
0
 
LVL 22

Expert Comment

by:Olaf De Ceuster
Comment Utility
Try running the SBS BPA for guidance?
http://www.microsoft.com/en-us/download/details.aspx?id=6231
Hope that helps
Olaf
0
 

Accepted Solution

by:
perspektiva earned 0 total points
Comment Utility
We found that the problem was not windows related. It is a bug in VMware ESXi 5.5.

Changing the nic from e1000 to VMXNET3 solved our problem.

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2061834
1

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
Resolve DNS query failed errors for Exchange
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now