mercuryt Posted July 27, 2005 Share Posted July 27, 2005 Can anyone please confirm for me that 2003 server with SP1 installed will NOT allow a vpn conection???I have been pulling my hair out a SP1 is the only thing left that could be stopping the connection.P.S. I have set up VPN's in the past, there is no 3d party fire wall and windows firewall is set for VPN ports to open.Oh one last thing, the VPN works from the lan, just not the wan. and the modem is setup as a pass through DMZ.PLEASE HELP,,,,ANYONE Link to comment Share on other sites More sharing options...
chilifrei64 Posted July 27, 2005 Share Posted July 27, 2005 If the VPN works from the LAN then it does work on Win2k3SP1 and with this being the case then it sounds like a firewall issueMore specifically.. when you say it doesnt work.. what do you mean.. can you connect but not see anything on the network.. can you not connect at all. Please give more information Link to comment Share on other sites More sharing options...
mercuryt Posted July 29, 2005 Author Share Posted July 29, 2005 Initially the RRAS Basic firewall blocked WAN access and resulted in "Error 800: No connection" from any computers trying to establish a VPN connection to the server.After the firewall was configured to run with VPN server, a calling PC will connect but then get an "Error 721" which seems to be an authentication issue. This Error only occurs when dialling in from outside the LAN. Internally there are no errors when pointing the VPN 'dialler' to 192.168.0.1. If however you try to dial from outside the LAN, or try to connect from inside the LAN using the WAN IP address of the server ie 203.xxx.xxx.xxx it results in Error 721... Link to comment Share on other sites More sharing options...
chilifrei64 Posted July 29, 2005 Share Posted July 29, 2005 Just trying to cover the basics... If you can connect from the lan but not from the lan. Is this RRAS server infront of or behind a firewall. If it is behind a firewall make sure you have port 1723 open to the RRAS server. Error 721 means the remote computer cannot see the server on port 1723. What is it that could be blocking it from the wan sideWhat firewall do you have in front of it. Link to comment Share on other sites More sharing options...
mercuryt Posted July 29, 2005 Author Share Posted July 29, 2005 The server is not running any 3rd party firewall, only the built in firewall. It has been configured to allow tcp port 1723 on 192.168.1.1 (the card the modem is connected to). The hardware firewall has been disabled and the modem is set to a pass through configuration (in other words i dont think its the modem).The thing that is anoying me is that this machine is only being bench tested before we roll over the actual server to sp1 and as far as i can tell, all RRAS and firewall settings are identical (obviously the existing non sp1 server is working fine as a vpn server). Its for that reason that im blaming a security update in sp1 that requires aditional setting in order to get the vpn running correctly. P.S I used a MS guide for configuring the VPN after the 'memory setup method' failed. Still no joy Link to comment Share on other sites More sharing options...
Nazgul Posted July 29, 2005 Share Posted July 29, 2005 Could you verify that the security option "Network security: LAN Manager authentication level" is set to "Send NTLMv2 response only\refuse LM".You can also verify this by looking at the following registry key:HKLM\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel=?Where the number at ? should be 4 (or lower) If it's 5, this could be your problem. Link to comment Share on other sites More sharing options...
mercuryt Posted July 31, 2005 Author Share Posted July 31, 2005 Just checked the reg, and the value is set to 4.any other possabilities?? Link to comment Share on other sites More sharing options...
scankurban Posted August 1, 2005 Share Posted August 1, 2005 If you have try one xp machine host for vpn with wan.I'm not sure which port using microsoft vpn.But if its works,problem about server.if not the problem is only modem settings Link to comment Share on other sites More sharing options...
mercuryt Posted August 2, 2005 Author Share Posted August 2, 2005 another thing that this server is not allowing is a remote desktop conection from the wan address.its a simular situation to the VPN problem, i can remote login from anywhere on the lan but as soon as i point the address to 203.xxx.xxx.xxx it times out with a unreachable message.I have tripple checked the modem settings (and even tried a backup modem). I am 100% sure the modem is not blocking ANY traffic from the internet to the server. The problem is defenately in the server and it seems to be caused by new security features in SP1. I'd really like someone to confirm this theory and then offer a workaround Link to comment Share on other sites More sharing options...
mercuryt Posted August 5, 2005 Author Share Posted August 5, 2005 anyone?? please,,, help Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now