VPN on SBS 2008 not working

Posted on 2014-01-23
Medium Priority
Last Modified: 2014-01-29

Got a SBS 2008 server. VPN is used pretty well daily. No hardware/software has been added to the network/server and nothing has been configured on the server - I'm the only one with access.

external VPN users can get to the server shares by using \\server.domain.local.
The other day, they could only get access by using the IP address. Figured some sort of DNS issue.

Rebooted server.

After reboot, client's connect to VPN but get no IP (automatic IP address). DHCP is up and running fine and internal clients obtain IP ok.

I had a look at the settings in RRAS MMC and I changed from DHCP to static address pool. This works, however I can still only access server via IP UNC path and not with hostnames.

I cross checked settings with another client who has SBS 2008 and a working VPN. - All settings looked the same.

Any suggestions? Thanks

Server error log
No IP address is available to hand out to the dial-in client.

CoId={AC68E7BA-8718-4EEA-92D9-2C52ACD9116C}: The user domain\user connected to port VPN2-4 has been disconnected because no network protocols were successfully negotiated.
Question by:Talds_Alouds
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 5
  • 2
  • +1
LVL 22

Expert Comment

by:Olaf De Ceuster
ID: 39802488
Did you run out of vpn connections it can hand out?

LVL 22

Expert Comment

by:Olaf De Ceuster
ID: 39802496
SBS is not using your DHCP but are issuing IPs from the RA server. If you open up the properties of the VPN the IP range being used should be listed and can be changed.

Author Comment

ID: 39802516
Well from what I understand, RRAS can use DHCP but only when DHCP is on another server (via the DCHP relay protocol).

However, if I look at the DHCP list, I can see DHCP leases for internal and VPN clients, thus indicating that it comes out of DHCP.

As stated, another client's SBS 2008 uses the DHCP and not static addresses.

Also as stated, it connects with the static pool, but doesn't resolve hostnames.
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

LVL 22

Expert Comment

by:David Atkin
ID: 39804216
Any errors in the DHCP logs?

How have you configured the remote clients DNS?

Add an entry into the client machines host files with the servers IP address.

Have you tried clearing a couple of the old DHCP leases of the VPN clients to see if they re-obtain them?

Author Comment

ID: 39804612

So there is two network adapters in the server. 1 was disabled and the other is the adapter that is actually used on the server. Because it's an IBM server, it has another USB over Ethernet adapter. I disabled this and it now gets an IP from the DHCP (which I can see in the DHCP leases).

When I run an IPconfig /all on the client, I see the IP address and DNS server...however, the client doesn't receive a default gateway address and I can't ping anything on the server network.
LVL 22

Accepted Solution

David Atkin earned 1500 total points
ID: 39804831
Having two NICs is common.  SBS will only want to use one though.  They aren't designed for dual NIC's really.  Trunking two NICs etc can upset them.

Are you running the ipconfig on the remote vpn client?  You wouldn't want the remote client using the office default gateway anyway, it wants to go out of the sites gateway.

Not sure about the USB over Ethernet adaptor :S.

Can you ping IPs? Could you previously?

Author Comment

ID: 39805017

Well last night I was mucking around and was able to ping the server's internal IP via the VPN.

Since then, I don't know what's happened and now I can't ping anything.
IPconfig attached of the client attached as well as the server.

Now, I get an IP, minus the gateway - which seems to be correct. But there's no traffic flowing to the office network.

Tried disabling firewall on server and client - not that.
Any help would be great!

The USB over Ethernet is just an IBM thing and shouldn't be anything to worry about as it's been disabled now anyway - there's only one enabled adapter.
LVL 22

Expert Comment

by:David Atkin
ID: 39805804
Thanks for that.

The ipconfig looks ok.  I can see its getting an address successfully.

Can you confirm - Are you still able to access shares or is this also causing a problem as well?

Author Comment

ID: 39805850
No so get no traffic through at all.
UNC path to IP of server - nothing
Ping server IP - nothing.

Previously I could ping the server's IP and get a response.

It's out of hours now and I can reboot/do whatever with the server so I'm open to more suggestions. Just installing a few updates then going to do a reboot.
LVL 22

Expert Comment

by:David Atkin
ID: 39805901
Let us know the outcome of the reboot.

Can you do a route print from the client as well?

Any AV on the client that would be preventing traffic to the main site?  BullGuard is bad for this.

Assisted Solution

Talds_Alouds earned 0 total points
ID: 39805934
I've fixed it but not entirely sure how.
I ran some Windows updates, rebooted.
Tested - Computers were getting automatic private address
Changed IP allocations from DHCP to static range (I think that's what it was called).
Tested, IP assigned, can ping server, can access shares via hostnames.

I don't trust making changes and only restarting the service. Reboots seemed to be far more effective for me. Either that or there were just coincidences.

I'm not going to touch it again. But a default config for SBS 2008 RRAS is DHCP. Doesn't explain to me either why prior to the reboot, when set to DHCP, it was actually assigning addresses fine.

I'm done.

Author Comment

ID: 39805935
Thanks for everyone's input.
LVL 22

Expert Comment

by:David Atkin
ID: 39805951
Thanks for letting us know.  You are right about the reboot as it restarts all dependencies etc.
LVL 11

Expert Comment

ID: 39806630
Sorry I'm kind of late for this comment but hope it helps...

By restarting the server, you restart your main services... DNS, DHCP and RAS connections.

This mean you have no issues, but you will have then again soon.

Here are the facts, if you do not assign your RAS with a static IP pool that is out of your DHCP scope you will run out of IPs to hand out by your DHCP as it will keep them alive for some time to allow them to renew but when users connects using VPN they will get another.  Using a scope only for the RAS will prevent this as when the user disconnect the IP is released automatically.

Also, DNS errors could be caused by this as the server will have several names for the same IP.  Remember to keep servers with static IP and leave those IPs out of the DHCP scope.  In the same issue if the remote user remove or change the options to use DHCP and DNS from the connection settings; they will not be able to ping anything to the LAN they just connect to.

Author Comment

ID: 39808025
Thanks Hecgomrec,

Great in depth info! SBS VPN was running fine for years with these guys and they were being allocated out of the main DHCP server's pool. I just enabled VPN on another server via the SBS console and the default options as my last sentence.

I notice in the DHCP leases, that I can see about 5/6 that are allocated under the server's name and they have a yellow phone on it to symbolise that it's for a VPN connection.

There's only around 10 users in total and only about 70 addresses in the lease list companywide and around 200 addresses in the total available pool.

I'm just curious on how that works because it doesn't make sense to me - but I'm sure you're right. Either way, the static pool is working for me now.

Author Closing Comment

ID: 39817266
Partly self solved.

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question