Solved

Microsoft SBS 2008 PPTP VPN problem

Posted on 2013-12-17
10
1,109 Views
Last Modified: 2014-10-25
Hey Experts,

We are experience problems with our Microsoft SBS 2008 server, suddenly clients cannot connect through PPTP VPN, and we have tried anything, but nothing seems to be working (but it worked a month ago).

The error says:
Error 628: The Connection was terminated by the remote computer before it could be completed…

I found some additional information from activating logging from the client it receives the following error:
There could not be established connection on port VPN3-1. This is because the selected authentication protocol. Check if the operating system on the client and server support the selected authentication protocol(The message is translated from Danish).

I find it to hard track any error regarding this following problem from the EventViewer…
The VPN Is configured through the Windows SBS console. I have tried to reinstall the VPN connection, and restart have been performed. Windows firewall is off and i have tried to disable anitvirus..
0
Comment
Question by:perspektiva
10 Comments
 
LVL 14

Expert Comment

by:BlueCompute
ID: 39724103
What's the OS of the client computers that are connecting? I've seen this on Windows 8 clients but not on Windows XP/Vista/7. Is the problem the same for all users, and are have you changed any network hardware at the server end recently?
0
 

Author Comment

by:perspektiva
ID: 39726282
Hello there,
The problem occurs on Windows 7 clients, we have tried multiple computers from different locations. Nothing network related has been changed.

I got my college to test from a Windows XP client and he received following error: Error 732 Your computer and the remote computer could not agree on PPP control protocols.

I’m not receiving any error when I’m trying to telnet on port 1723 to the given VPN address, so I guess I’m able to connect.
0
 
LVL 14

Expert Comment

by:BlueCompute
ID: 39726357
Yes the fact that it's getting as far as protocol negotiation tells us there's end-to-end connectivity on the relevant ports.
I'd enable logging on the server (as described here via the routing and remote access administrative tool) and go through those; at the same time I'd check the "Authentication Methods" under the security tab on the same page; compare the enabled protocols there with those that are available on your client computers.
0
 
LVL 14

Expert Comment

by:BlueCompute
ID: 39726363
Also, as it's SBS, I'd suggest running all 5 of the "Connect to the internet" wizards on the Home Page of the Windows SBS Console; it certainly won't hurt.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 

Author Comment

by:perspektiva
ID: 39731507
I have tried enabling some logging but I can’t find any useful information..

I will upload the log file and Screenshot of our Network policy constraint to this case, maybe you can see what’s happening.

The network test "Connect to the internet" is completet, but im getting the same error...
Virtual-Private-Network--VPN--Ac.PNG
PPP.txt
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 39772654
Your NPS policy is not a default configuration for SBS.  Someone has manually 'tweaked' it so there may be incorrect settings elsewhere.  CHAP and PAP should not be selected, though they will not stop the VPN from working.

Make sure the protocol is selected in RRAS under server name | properties | security | authentication | and only MS-Chap v2 is selected.  No protocols are specified in the NPS policy.

If correct I would disable the VPN by opening the RRAS console, right click on the server name and choose disable.  Then run the VPN wizard under SBS console | Network | Connectivity.

I don't know if that will recreate the VPN policy.  If not I would suggest comparing the configuration in the following SBS 2011 Essentials article, which is the same as your SBS 2008.  2011 Essentials did not have a wizard so you had to do it manually and this article was written to match the SBS 2008/2011 method of configuring.
http://blog.lan-tech.ca/2012/01/28/sbs-2011-essentials-configuring-vpn-access/
0
 
LVL 22

Expert Comment

by:Olaf De Ceuster
ID: 39772948
Try running the SBS BPA for guidance?
http://www.microsoft.com/en-us/download/details.aspx?id=6231
Hope that helps
Olaf
0
 

Accepted Solution

by:
perspektiva earned 0 total points
ID: 40370129
We found that the problem was not windows related. It is a bug in VMware ESXi 5.5.

Changing the nic from e1000 to VMXNET3 solved our problem.

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2061834
1

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now