Solved

VPN Error 800 - SBS 2008

Posted on 2014-10-24
14
235 Views
Last Modified: 2014-11-14
Trying to connect machine to network so I can join to domain.

Tried connecting and received Error 800 - The remote connection was not made because the attempeted VPN tunnels fialed. The VPN server might be unreachable. If this connection is attempting to use an L2TP/IPsec tunnel, the security parameters required for IPsec negotiation might not be configured properly.

Checked the Verizon router. Port 1723 is opened and forwarded to the server.

Checked the SBS Console and saw the VPN connection was turned off. Ran the "Configure a virtual private network" wizard. Received a green checkmark on the "Configure virtual private networking on the server." Received yellow warning on "Internet Router" - ports must be manually opened on the router - 1723 (which I did).

Checked canyouseeme.org for port 1723 and it failed with a connection time out.

Firewall on the server is turned off.

Not sure what I am missing.
0
Comment
Question by:SBSWIZARD
  • 7
  • 5
  • 2
14 Comments
 
LVL 35

Expert Comment

by:Kimputer
ID: 40403058
Just opening port 1723 isn't always enough since GRE protocol 47 is also needed. Sometimes it's not part of the port forwarding page, and it's described as "PPTP forwarding/tunneling enabled" on another page.
To know if it's a firewall/router issue, test the VPN locally first (use pc inside your network to connect to the server). If that's successful, it's either your router/firewall or your ISP might be interfering.
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40403541
Post up the model number of your router so we can see if it supports VPN.
0
 

Author Comment

by:SBSWIZARD
ID: 40409035
@Kimputer

GRE is also added to the Port Forwarding page.

@VB ITS

It's the normal red/black Actiontec Verizon router that is supplied. Not onsite to grab the model number.
0
 
LVL 35

Assisted Solution

by:Kimputer
Kimputer earned 166 total points
ID: 40411036
Did you already check the VPN inside your LAN? (If it doesn't work, we can rule out a modem/router problem, and we can focus on other areas)
0
 
LVL 24

Assisted Solution

by:VB ITS
VB ITS earned 334 total points
ID: 40412268
Yep, create a VPN connection to your server's LAN IP address from a computer on the network as outlined by Kimputer above. If it connects OK then we know your server is configured properly to accept VPN connections, which would then point to an issue with your router.
0
 

Author Comment

by:SBSWIZARD
ID: 40414453
Ok. Must have jumped over that comment earlier. Will test later tonight. Thanks.
0
 

Author Comment

by:SBSWIZARD
ID: 40420930
Ok. I tested from a machine inside the network and was able to establish a VPN connection using the server's internal IP address.

So next step is the router. What else do I need to look for since GRE and 1723 are opened and pointing towards the internal server?
0
Scale it in WD Gold

With up to ten times the workload capacity of desktop drives, WD Gold hard drives employ advanced technology to deliver among the best in reliability, capacity, power efficiency and performance.

 
LVL 24

Expert Comment

by:VB ITS
ID: 40420933
Are you able to get the model number of the router? That way we can have a look up the manual/specs to see if it natively supports PPTP port forwarding. You could also look at upgrading the firmware on the router as sometimes the manufacturer releases updates to address these sort of issues.

When you went to create the port forwarding rule, did you create a new rule for port 1723or did you use a pre-defined rule which is usually named PPTP or something along those lines?
0
 

Author Comment

by:SBSWIZARD
ID: 40422496
I used a pre-defined rule that set already called "VPN" that had a setting for TCP 1723 as the port.
0
 

Author Comment

by:SBSWIZARD
ID: 40423201
Model: A90-9100EM15-10
Firmware Version: 2.01.02.00
0
 
LVL 24

Accepted Solution

by:
VB ITS earned 334 total points
ID: 40423255
Alright, looks like it's a Westell modem that's been branded by Verizon. Does it look like this? http://my.verizon.com/micro/fiosrouters/images/9100em_router.jpg

If so, go to this link and see if this firmware version applies to you: http://my.verizon.com/micro/fiosrouters/?router=9100em
0
 

Author Comment

by:SBSWIZARD
ID: 40439103
Well after updating firmware it still didnt work but then a couple days later the modem took a dive anyway. Verizon replaced it with a new Actiontek router and after configuring, I was able to get the VPN working.
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40439106
My next suggestion would have been to replace the router with something else if possible. Either way glad to hear it's working now. Is the new router the same model as the old one or is it a different one?
0
 

Author Comment

by:SBSWIZARD
ID: 40442815
Different model. Thankfully.
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the event you manage a Small Business Server 2003, and you are audited for PCI compliance, there are several changes you must make in order to pass the audit. I can take no credit for discovering any of these fixes or workarounds, but there is no…
This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Small Business Server 2011. NOTE: This guide has been written using the preview version of SBS2011 therefore some of the screens may …
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now