User cannot connect through VPN (Windows 2008 R2)
Hello,
TechNet has been a major help for some resent server and network problems our office has been having.
There is one ongoing issue that no matter how much I try to fix, it wants to be stubborn and refuse to work properly.
We have a user who has the necessary permissions to VPN using our router's IP address. Just recently, she found that she was unable to VPN. This was the beginning of our technical issues as after rebooting the router, our main server, and our QuickBooks
server, we lost internet and access to the main server. Those issues have been resolved. However, the user is still unable to VPN.
I have looked up every error code that has been presented when trying to connect to VPN (807 and 800 are the most frequent), and unfortunately, none of the solutions suggested worked. These errors occur when connecting through the WAN Miniport. I am trying
to find out if I am overlooking something.
What has been tried:
Router rebooted
Created new user in Active Directory
Deleting VPN Users group and readding to user
Changing tunneling protocol to L2TP instead of PPTP. Then, created a rule in Windows Advanced Firewall to allow UDP 1701.
Creating new VPN connection.
Confirmed with ISP that there are no issues with router
I am not extremely familiar with Windows 2008 R2 and every fix I see online is extremely in depth with not much walkthrough information.
I greatly appreciate any support anyone might be able to provide.
Thank you!
Hi ,
According to your description, my understanding is that the client can’t access the VPN with error code 800 and 807.
I have noticed that it failed to ping the VPN server form the client. The VPN server should be connected from the client without VPN connection established. I suggest you to turn off firewall temporarily on both sides of client and VPN server, then
try to ping the IP address of the VPN server’s interface which is connected to extranet network.
If ping failed, there might be network connectivity problem. If ping successfully, check to see if the port is open for turning traffic. Detailed troubleshooting steps you may reference the link below:
I received error 800, which says the VPN server is unreachable:
http://technet.microsoft.com/en-us/library/cc772616(WS.10).aspx#BKMK_1
Troubleshooting commom VPN related errors:
http://blogs.technet.com/b/rrasblog/archive/2009/08/12/troubleshooting-common-vpn-related-errors.aspx
If this problem still exits, does other user successfully access the VPN? Or just specified device can’t access? Would you simply describe the deployment of the VPN, such TCP/IP settings, VPN type.
Best Regards,
Eve Wang
Similar Messages
-
Cannot connect to VPN through NetworkManager anymore.
I cannot connect to VPN through networkmanager anymore. Last time used it, it worked perfectly but I don't use it so often and last time was 2-3 months ago. So I don't know what went wrong, or which package upgrade broke it.
I switched to systemd a month ago, it may or may not be related.
I can still connect from the commandline using the vpn/vpn-disconnect tools.
All that happens is an alert windows saying: "The VPN connection '......' failed because there were no valid VPN secrets." And here is the journal:
NetworkManager[355]: <info> Starting VPN service 'vpnc'...
NetworkManager[356]: <info> VPN service 'vpnc' started (org.freedesktop.NetworkManager.vpnc), PID 9214
kernel: tun: Universal TUN/TAP device driver, 1.6
kernel: tun: (C) 1999-2004 Max Krasnyansky <[email protected]>
NetworkManager[356]: <info> VPN service 'vpnc' appeared; activating connections
NetworkManager[356]: <error> [1349687970.426748] [nm-vpn-connection.c:1405] get_secrets_cb(): Failed to request VPN secrets #3: (6) No agents were available for this request.
NetworkManager[356]: <info> Policy set 'MYSSIDOMITTED' (wifi0) as default for IPv4 routing and DNS.
NetworkManager[356]: <error> [1349687973.943758] [nm-vpn-connection.c:1405] get_secrets_cb(): Failed to request VPN secrets #3: (6) No agents were available for this request.
NetworkManager[356]: <info> Policy set 'MYSSIDOMITTED' (wifi0) as default for IPv4 routing and DNS.
NetworkManager[356]: <info> VPN service 'vpnc' disappeared
All neccessary vpn packages for networkmanager are installed.
Google did not turn up any useful info other than a few year old threads saying "upgrade your networkmanager".Well, I managed to get the auth dialog to show up reliably by applying a couple patches from this Bugzilla: https://bugzilla.gnome.org/show_bug.cgi?id=679212
Still getting breakage in that it's not properly authenticating:
Attempting to connect to redacted:443
Using client certificate '/CN=redacted'
Client certificate expires soon at: Dec 5 02:57:05 2012 GMT
SSL negotiation with somesite.somedomain.com
Connected to HTTPS on somesite.somedomain.com
GET https://somesite.somedomain.com/
Got HTTP response: HTTP/1.0 302 Object Moved
SSL negotiation with somesite.somedomain.com
Connected to HTTPS on somesite.somedomain.com
GET https://somesite.somedomain.com/+webvpn+/index.html
GET https://somesite.somedomain.com/CACHE/sdesktop/install/binaries/sfinst
GET https://somesite.somedomain.com/+CSCOE+/sdesktop/wait.html
Refreshing +CSCOE+/sdesktop/wait.html after 1 second...
GET https://somesite.somedomain.com/+CSCOE+/sdesktop/wait.html
Refreshing +CSCOE+/sdesktop/wait.html after 1 second...
GET https://somesite.somedomain.com/+CSCOE+/sdesktop/wait.html
Refreshing +CSCOE+/sdesktop/wait.html after 1 second...
GET https://somesite.somedomain.com/+CSCOE+/sdesktop/wait.html
Refreshing +CSCOE+/sdesktop/wait.html after 1 second...
GET https://somesite.somedomain.com/+CSCOE+/sdesktop/wait.html
Refreshing +CSCOE+/sdesktop/wait.html after 1 second...
GET https://somesite.somedomain.com/+CSCOE+/sdesktop/wait.html
Refreshing +CSCOE+/sdesktop/wait.html after 1 second...
GET https://somesite.somedomain.com/+CSCOE+/sdesktop/wait.html
Refreshing +CSCOE+/sdesktop/wait.html after 1 second...
GET https://somesite.somedomain.com/+CSCOE+/sdesktop/wait.html
Refreshing +CSCOE+/sdesktop/wait.html after 1 second...
GET https://somesite.somedomain.com/+CSCOE+/sdesktop/wait.html
Refreshing +CSCOE+/sdesktop/wait.html after 1 second...
GET https://somesite.somedomain.com/+CSCOE+/sdesktop/wait.html
Refreshing +CSCOE+/sdesktop/wait.html after 1 second...
GET https://somesite.somedomain.com/+CSCOE+/sdesktop/wait.html
Refreshing +CSCOE+/sdesktop/wait.html after 1 second...
GET https://somesite.somedomain.com/+CSCOE+/sdesktop/wait.html
Refreshing +CSCOE+/sdesktop/wait.html after 1 second...
GET https://somesite.somedomain.com/+CSCOE+/sdesktop/wait.html
Refreshing +CSCOE+/sdesktop/wait.html after 1 second...
GET https://somesite.somedomain.com/+CSCOE+/sdesktop/wait.html
Refreshing +CSCOE+/sdesktop/wait.html after 1 second...
GET https://somesite.somedomain.com/+CSCOE+/sdesktop/wait.html
Refreshing +CSCOE+/sdesktop/wait.html after 1 second...
GET https://somesite.somedomain.com/+CSCOE+/sdesktop/wait.html
Refreshing +CSCOE+/sdesktop/wait.html after 1 second...
GET https://somesite.somedomain.com/+CSCOE+/sdesktop/wait.html
Refreshing +CSCOE+/sdesktop/wait.html after 1 second...
GET https://somesite.somedomain.com/+CSCOE+/sdesktop/wait.html
Refreshing +CSCOE+/sdesktop/wait.html after 1 second...
GET https://somesite.somedomain.com/+CSCOE+/sdesktop/wait.html
Refreshing +CSCOE+/sdesktop/wait.html after 1 second...
GET https://somesite.somedomain.com/+CSCOE+/sdesktop/wait.html
Refreshing +CSCOE+/sdesktop/wait.html after 1 second...
GET https://somesite.somedomain.com/+CSCOE+/sdesktop/wait.html
Refreshing +CSCOE+/sdesktop/wait.html after 1 second...
GET https://somesite.somedomain.com/+CSCOE+/sdesktop/wait.html
Refreshing +CSCOE+/sdesktop/wait.html after 1 second...
GET https://somesite.somedomain.com/+CSCOE+/sdesktop/wait.html
Refreshing +CSCOE+/sdesktop/wait.html after 1 second...
GET https://somesite.somedomain.com/+CSCOE+/sdesktop/wait.html
Refreshing +CSCOE+/sdesktop/wait.html after 1 second...
GET https://somesite.somedomain.com/+CSCOE+/sdesktop/wait.html
Refreshing +CSCOE+/sdesktop/wait.html after 1 second...
GET https://somesite.somedomain.com/+CSCOE+/sdesktop/wait.html
Refreshing +CSCOE+/sdesktop/wait.html after 1 second...
GET https://somesite.somedomain.com/+CSCOE+/sdesktop/wait.html
Refreshing +CSCOE+/sdesktop/wait.html after 1 second...
GET https://somesite.somedomain.com/+CSCOE+/sdesktop/wait.html
Refreshing +CSCOE+/sdesktop/wait.html after 1 second...
GET https://somesite.somedomain.com/+CSCOE+/sdesktop/wait.html
Refreshing +CSCOE+/sdesktop/wait.html after 1 second...
GET https://somesite.somedomain.com/+CSCOE+/sdesktop/wait.html
Refreshing +CSCOE+/sdesktop/wait.html after 1 second...
GET https://somesite.somedomain.com/+CSCOE+/sdesktop/wait.html
Failed to read from SSL socket
Error fetching HTTPS response
This behavior is not what I'm getting from the command-line client, of course, so... still digging. -
VPN Connected Users cannot connect to the internet or send email
I just upgraded to Xserve G5 Dual 2.3 GHz 2GB SDRAM and a 3.5 TB Xserve RAID Running OSX Server 10.4.7.
Used to run G5 Tower running OSX Server 10.3.9.
Running as a Standalone Server.
Everything seems to be running smoothly other that the fact that users connecting through VPN can no longer connect to the internet while connected through VPN nor can they send email. (I assume it's the same issue).
Wondering if password type is the issue. In 10.3.9 Workgroup Manager User password types were Open Directory for my vpn users. Previous Server was Standalone Server with Open Directory running, but not setup (weird I know.) 10.4.7, Open Directory for password is not an option... only shadowed password.
Not running any Open Directory services other than Lookup Server: Running and NetInfo Server: Local Only.
Any help is greatly appreciated.
-EdUnless otherwise informed, a connecting client will send ALL traffic via the vpn. Ideally you only want to route traffic applicable to the VPN and for any other traffic (browsing and external email) to go via your local 'normal' router. You can configure the VPN server to inform connecting clients about applicable VPN traffic...
Example: the network you are vpn'ing into is 192.168.0.0/24
In Client Information-> Network Routing Definition, add 2 routes:
Address: 192.168.0.0
Mask: 255.255.255.0
Type: Private
Address: 0.0.0.0
Mask: 0.0.0.0
Type: Public
A connecting client will incorporate this routing information when connecting and thereafter send all traffic for the 192 network through the VPN (private) but send all other traffic (the catchall 0.0.0.0) to their local default router (public). Make sure you have them in that order (catchall at bottom).
-david -
Connect to SSTP Windows 2008 VPN
How can we connect to a Windows 2008 Server SSTP based VPN? Is there an option in the Internet Connect builtin VPN setup or we need a third party client/tool?
Thanks
K.I am also having the same problem. All other clients can connect with the exception of my Android devices. The same devices connect immediately to our RRAS server running on Server 2003. Any info or help would be appreciated.
-
Sharing only users cannot connect to Lion Server
Dear all,
I stumbled across a funny problem, that I tried to resolve all day. I just wanted to add a sharing only user for my girlfriends new MacBook that she could use to connect to a shared Time Machine Volume.
If I add a new standard user, this user can connect to my server via finder (connect as...) and see the shared drives. If the same user tries to connect to the Time Machine Backup Volume via the settings dialog, it receives an error message (OSStatus-error 5).
If I add a sharing only user, this user cannot connect via finder or Time Machine (same error). The clients console states the following error message:
/System/Library/CoreServices/NetAuthAgent.app/Contents/MacOS/NetAuthAgent[2471] AFP error -5018 mapped to EIO
Does anybody have an Idea?That is my point. Yes, Apple still lets you add users via users and groups in system preferences but that is not how you should be adding users. I've seen nothing but trouble when that option is used to add users and I believe that the Lion server docs say to not use that. If you are using lion server why not use it the way it was meant to be. Just create a account in OD and only give her access to the Time Machine Service and none of the others.
-
Users cannot connect over SMB 10.10.1 server.app 4.0 and 4.0.3
Hello,
I have an issue where users cannot connect to a server for files sharing over SMB.
Info:
All users on 10.10.1
2 Servers on 10.10.1
Server.app 4.0.3 but issue was also present using 4.0
SMB connection works when connecting to the OD Master
SMB does not work when connecting to the OD Replica ServerBut AFP works fine when connecting to the OD Replica Server.
I have destroyed and re-added the OD replica but that did not seem to help
This is what I see in the logs each time I try to connect(logs have been cleaned to remove client details:
Jan 9 14:37:12 server.pretendco.com digest-service[9961]: label: default
Jan 9 14:37:12 server.pretendco.com digest-service[9961]: dbname: od:/Local/Default
Jan 9 14:37:12 server.pretendco.com digest-service[9961]: mkey_file: /var/db/krb5kdc/m-key
Jan 9 14:37:12 server.pretendco.com digest-service[9961]: acl_file: /var/db/krb5kdc/kadmind.acl
Jan 9 14:37:12 server.pretendco.com digest-service[9961]: digest-request: uid=0
Jan 9 14:37:12 server.pretendco.com digest-service[9961]: digest-request: netr probe 0
Jan 9 14:37:12 server.pretendco.com digest-service[9961]: digest-request: init request
Jan 9 14:37:12 server.pretendco.com digest-service[9961]: digest-request: init return domain: SERVER2 server: SERVER2 indomain was: <NULL>
Jan 9 14:37:13 server.pretendco.com digest-service[9961]: digest-request: uid=0
Jan 9 14:37:13 server.pretendco.com digest-service[9961]: digest-request: init request
Jan 9 14:37:13 server.pretendco.com digest-service[9961]: digest-request: init return domain: SERVER2 server: SERVER2 indomain was: <NULL>
Jan 9 14:37:13 server.pretendco.com kdc[4802]: Got a canonicalize request for a LKDC realm from local-ipc
Jan 9 14:37:13 server.pretendco.com kdc[4802]: Asked for LKDC, but there is none
Jan 9 14:37:13 server.pretendco.com sandboxd[395] ([4802]): kdc(4802) deny file-read-data /private/etc/krb5.conf
Jan 9 14:37:22 server.pretendco.com kdc[4802]: Got a canonicalize request for a LKDC realm from local-ipc
Jan 9 14:37:22 server.pretendco.com kdc[4802]: Asked for LKDC, but there is none
Jan 9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: uid=0
Jan 9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: init request
Jan 9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: init return domain: SERVER2 server: SERVER2 indomain was: <NULL>
Jan 9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: uid=0
Jan 9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: init request
Jan 9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: init return domain: SERVER2 server: SERVER2 indomain was: <NULL>
Jan 9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: uid=0
Jan 9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: od failed with 2 proto=ntlmv2
Jan 9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: user=SERVER2\\username
Jan 9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: kdc failed with 36150275 proto=unknown
Jan 9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: guest failed with -1561745590 proto=ntlmv2
Jan 9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: uid=0
Jan 9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: init request
Jan 9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: init return domain: SERVER2 server: SERVER2 indomain was: <NULL>
Jan 9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: uid=0
Jan 9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: init request
Jan 9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: init return domain: SERVER2 server: SERVER2 indomain was: <NULL>
Jan 9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: uid=0
Jan 9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: od failed with 2 proto=ntlmv2
Jan 9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: user=SERVER2\\codywood
Jan 9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: kdc failed with 36150275 proto=unknown
Jan 9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: guest failed with -1561745590 proto=ntlmv2
I suspect the problem is to do with Kerberos and in relation to this server being an OD Replica.
I would really appreciate anyone's insight into this.
Thanks
MorgsI have the same problem although I upgraded from Lion Server to Mountain Lion Server. The error appears to go hand in hand with this error.
userInit: CFPreferences: user home directory for user kCFPreferencesCurrentUser at /Network/Servers/fullyqualifieddomainname/Users/user is unavailable. User domains will be volatile.
I've read a number of things to try. A lot of people point to DNS being a problem, but I'm confident this is correct in my environment. -
Post Moved Cannot-connect-through-anonymous-prox...
Post moved to Other BB Queries http://community.bt.com/t5/Other-BB-Queries/Cannot-connect-through-anonymous-proxy/td-p/650446
If you want to say thanks for a helpful answer,please click on the Ratings star on the left-hand side If the reply answers your question then please mark as ’Mark as Accepted Solution’You could try reading about wingates, socks and proxies (oh before i forget, turn off java, javascript, cookies, what's related, and smart update ... if you are using IE you're not very smart). Also try installing a firewall, or DHCP or you can learn from me!Here is the info of best 10 proxy software, from which you may try: http://www.techyv.com/article/top-10-free-proxy-software
-
Equium L40 - cannot connect through wifi or the ubs lead plugged in
Hi
I have a Equium L40. I cannot connect through wifi or the ubs lead plugged in.
It comes up " Internet Explorer has stopped working. a problem caused the program to stop working correctly"
It is saying in am connected to my hub and have a strong signal.
Can you help
Thanks
SteveHello Steve
Have you tried to use some other browser?
Do you use Skype or some other messenger? Can any of them connect properly?
I dont know what the real problem is. Non working Internet explorer or WLAN connection in general? -
User cannot connect to backend system with user J2EE_ADMIN.
I am using Rapid Installer to initiate the second part of the installtion "ERP 6.0 EhP 3 Self-Service Scenarios and Automatic Roles". When I get to the J2EE User section to enter the parameters, the user is defaulted to "Administrator" and I enter my password. I click next and get this message "User cannot connect to backend system with user J2EE_ADMIN." Any ideas?
If this is a double stack installation, you need to enter J2EE_ADMIN as user, NOT administrator.
Markus -
Windows 2008 R2 Standard Remote Desktop Users cannot Connect
I have a windows 2008 R2 Standard Terminal Server and some users aren't able to connect even though they are in groups that are in Remote Desktop Users on the local computer. I checked the local security policy setting "Allow log on through Remote
Desktop Services" and I see that Remote Desktop Users is a member of this group. Inside of Remote Desktop Users we have DOMAIN\Domain Users and DOMAIN\Terminal Users. Most of our users are in both groups, but there are still some people that
aren't able to connect via Remote Desktop to this computer. There are no users in "Deny logon through Terminal Services."
Thanks!Hi,
Thank you for posting in Windows Server Forum.
Is it happens to all users or any particular group of users?
Please check by creating new user add them to “Remote Desktop Users” group and then see whether that test user can remote desktop to the server.
It also might happens that you may be limited in number of users or some connection issue or may be firewall setting issue. Please go through beneath article for information.
Remote Desktop disconnected or can’t connect to remote computer or to Remote Desktop server (Terminal Server) that is running Windows Server 2008 R2
http://support.microsoft.com/kb/2477176
Hope it helps!
Thanks.
Dharmesh Solanki -
VPN users cannot connect to LAN
I have to users down in australia, they can connect via vpn but cannot ping any of the LAN ip address
PLease help URGENT!Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use thI e posting's information even if Author has been advised of the possibility of such damage.
Posting
Are the VPN clients in a different subnet from your LAN? If so, I would suspect a routing issue, either your VPN clients either don't know how to get to the LAN subnet and/or the LAN clients don't know how to get to the VPN client subnet. -
Windows SMB users cannot connect to 10.5.4 server
Hi all,
Have a server running 10.5.4 bound to AD and running an OD to provide management of the Macs. Pretty standard setup and haven't had any problems elsewhere with the same deployment. However we're having a problem with XP users connecting to SMB shares. Mac users can connect over AFP or SMB fine, XP users are getting a "Network path could not be found" error. What's more the errors in the SMB log on the server aren't too descriptive. We're getting a few broken pipe errors, but no indication of what's causing that. XP machines don't appear to be getting to the authentication stage.
Server is an Xserve with a Promise RAID, shares are on a 4TB partition, bound to AD (OD not running Kerberos). SMB setup seems to be correctly aware of the AD.
Anyone any ideas?
ThanksIs your SMB a Standalone or Domain Member?
I have a similar problem and noticed that if I change SMB from "Domain Member" to Standalone Windows users can connect. Now every so often Leopard Server will change SMB back to a Domain Member (automatically).
I have the Server bound to AD. AFP works for the Macs no matter what. Mac Users authenticate to AD and mount the share. However if they try to use SMB, it fails for the Macs as well if SMB is a Domain Member.
I would like to stop Leopard from not reverting back or fix the "domain member" problem.
The fact that I can connect while it's a Standalone suggests, to me, that it's not a permissions problem. As well the failure carries to the Mac side means it's not a Windows issue. -
Cannot connect to VPN through Time Capsule.
I have setup a VPN but my buddy cannot connect to it unless he bypasses his Time Capsule (2011 model) and connects his Mac directly to his cable modem.
The Time Capsule is setup with DHCP to lease out a different IP range than my VPN.
We have looked over all of the Time Capsule settings and cannot seem to find anything wrong.
My brother has a similar setup except using just a nornal Air Port Extreme and has no problems connecting to my VPN.
Any suggestions would be appreciated.
Thanks.
-Jeff-Port forward using the v5 utility.. I have strong suspicions about the v6 for port forwarding.
It does depend on what particular VPN you are talking about.
Check what ports are required.
You can load v5 utility even into Mountain Lion .. as well as later Lion versions thus and so.
How to load 5.6 into ML.
1. Download 5.6 for Lion.
http://support.apple.com/kb/DL1482
Click to open the dmg but do not attempt to install the pkg.. it won't work anyway.
Leave the package open on the desktop so you can see the file. AirportUtility56.pkg
2. Download and install unpkg.
http://www.timdoug.com/unpkg/
Run unpkg on the desktop.. If your Mac refuses to run the software, because it wasn’t downloaded from the Apple store, go to security in preferences and allow other software to work.. this is limitation of trade methinks. You can set back later if you like.
Now drag the AirPortUtility56.pkg file over to unpkg.. and it will create a new directory of the same name on the desktop.. in finder, open the new directory, drill down.. applications, utilities .. there lo and behold is Airport utility 5.6 .. drag it to your main utilities directory or just run it from current location.
You cannot uninstall version 6 (now 6.3 if you updated) so don't try.. and you cannot or should not run them both at the same time.. although I have had no problems when doing so. -
I'm just about ready to ragequit for the day. I've been pouring through dozens of support pages, youtube videos, tutorials. The lack of true documentation on problems like this has me considering a start-up business that specifically deals with these frustrations. Clearly I could make millions!
I will detail everything about this problem as best as I can, to avoid confusion later with questions:
Here's what I have for hardware:
1) A Public IP Address. We'll just call it X.X.X.X.
2) A D-Link DI-604 router (yes they DO support VPN services, with a router address of 192.168.1.254.
This router is running Firmware Version 3.53, the last firmware released for it on Wed, 18 Apr 2007 (YES I AM AWARE THE ROUTER IS OLD, DEFLECTING THIS ISSUE BY TELLING ME TO GET A NEWER ROUTER WITHOUT FIRST READING THROUGH EVERYTHING BELOW IS NOT A HELPFUL CONTRIBUTION TO THE PROBLEM, D-LINK HAS CONFIRMED THIS ROUTER SUPPORTS VPN PASSTHROUGHS).
3) A Mac Mini Server running 10.6.8, router address of 192.168.1.10.
Here are the ports that I've allowed through the router, pointed directly at 192.168.1.10 (aka my Server):
UDP Port 500
UDP Port 1701
UDP Port 4500
TCP & UDP Port 1723
Here is how I have the VPN Service configured on my Server:
L2TP is Enabled.
Starting IP address range of 192.168.1.180
Ending IP Address range of 192.168.1.189
PPP Authentication: Directory Service with Authentication set to MS-CHAPv2
IPSec Authentication is set to Shared Secret, let's just say the secret is "derp" without quotes.
PPTP is Disabled.
Client Information:
DNS Servers point to my router: 192.168.1.254
Search Domains is empty.
Network Routing Definition is empty.
Logging:
Verbose logging is enabled.
VPN Service is: Running.
Server User Information
Access to VPN Services:
Allow only users and groups below:
(I have users dedicated to this, but for the sake of this topic let's just say one of them is "misterderp" without quotes)
The Hardware I'm Using to Connect to the VPN Server:
I have a Macbook Pro running 10.6.8, another laptop running Windows XP Professional Service Pack 3, and another laptop running Windows 7 Home Premium 64-bit Service Pack 1. All 3 laptops acquire an IP Address via DHCP from the Router (192.168.1.254). Below is what happens when I try to set up a VPN connection on all 3 machines:
Computer #1: MacBook Pro, running 10.6.8
Settings: (this is in System Preferences > Network, by the way):
New VPN Connection
Server Address: X.X.X.X. (this is our Public IP Address)
Account Name: misterderp (this is the account who has access granted to use VPN)
Authentication Settings > User Authentication:
Password: (password given to misterderp from server)
Authentication Settings > Machine Authentication:
Shared Secret: derp (as specified in the L2TP tab of the VPN Service on the Server)
At this point I will try to connect. I receive the following error message:
=========
VPN Connection
The L2TP-VPN server did not respond. Try reconnecting. If the problem persists, verify your settings and contact your Administrator.
=========
Computer #2: Laptop, running Windows XP Professional Service Pack 3
Settings: (this is in Control Panel > Network Connections, by the way):
Add a New Connection
VPN Server Selection: X.X.X.X. (this is our Public IP Address)
Smart Card
Do not use my Smart Card
New VPN Connection Properties
General Tab:
Host Name: X.X.X.X.
Security Tab:
Security Options:
Advanced Custom Settings
Data Encryption: Require encryption (disconnect if server declines)
Allow These Protocols: Microsoft CHAP Version 2 (MS-CHAP v2)
IPSec Settings
Use Preshared key for authentication: derp (as specified in the L2TP tab of the VPN Service on the Server)
At this point I will try to connect. I am using the Account Name misterderp, and the password given to this account from the server. I receive the following error message:
=========
Error 800: Unable to establish the VPN connection. The VPN server may be unreachable, or security parameters may not be configured properly for this connection.
=========
Computer #3: Laptop, running Windows 7 Home Premium x64 Service Pack 1
Settings: (this is in Control Panel > Network and Internet > Network and Sharing Center, by the way):
Set Up a Connection or Network:
Connect to a workplace
Use my Internet Connection
Internet Address: X.X.X.X. (this is our Public IP Address)
Type your username and password:
User name: misterderp (specified on the Server to have VPN access)
Password: password given to the misterderp account
VPN Connection Properties:
Security Tab:
Type of VPN: Layer 2 Tunneling Protocol with IPsec (L2TP/IPSec)
Advanced Settings: Use preshared key for authentication: derp (as specified in the L2TP tab of the VPN Service on the Server)
Data Encryption: Require encryption (disconnect if server declines)
Allow these protocols: Microsoft CHAP Version 2 (MS-CHAP v2)
At this point I will try to connect. The window hangs at "Connecting to X.X.X.X. using "WAN Miniport (L2TP)"". After about 30 seconds, I receive the following error message:
=========
Error 789: The L2TP connection attempt failed because the security layer encountered a processing error during intiial negotiations with the remote computer.
=========
So there you have it, 3 sources of unintelligible frustration.
You're probably wondering, HEY, WHAT ABOUT THE LOG ON YOUR SERVER ADMIN PAGE?
I've been looking at the log, and there's a whole lot of nothing. The only thing I have is this:
#Start-Date: 2012-02-17 14:01:46 CST
#Fields: date time s-comment
2012-02-17 14:01:46 CSTLoading plugin /System/Library/Extensions/L2TP.ppp
2012-02-17 14:01:46 CSTListening for connections. . .
So the Server's not getting ANYTHING, let alone spit out errors.
Now you might be wondering, ALRIGHT, WHAT ABOUT VPN-ING WITHIN YOUR OWN NETWORK, THAT PROBABLY WORKS RIGHT?
Yes it does. Without any question, my MacBook Pro will connect to the VPN Service so long as I'm connecting DIRECTLY to the Server through its local IP address, and not trying to reach it through a public IP address that's forwarding the requests through the ports I've assigned.
At this point I am at a complete loss. I believe I have done everything correctly, but it would appear that my router isn't playing nice with VPN requests. If there is/are any other ports I should be turning on to point to my server, I would like to know what ones those are.
If there are any tweaks or additional settings I should know about for the Windows computers (especially Windows 7), I would like to know what those are.
If at the end of this post that you've just read and know with irrefutable proof or a reasonably educated decision that this router magically will not serve my VPN needs AT ALL, I would like to know a reasonably-priced alternative, preferably something that is not an Extreme Base Station, Time Capsule, or other product because my ISP hates Apple-based routers for a reason even they do not understand
If at the end of htis post that you've just read and know with irrefutable proof or a reasonably educated decision that I would be better off attempting this with PPTP on this D-Link Router, and if you know how to set the correct settings on Server Admin, forward the correct ports on the router I have, I would like to know that
Thank you for reading this wall of text, anyone willing to help me with this is an amazing personHi Esther,
After 3 months, I was finally able to revisit this issue. Here are the results of my nmap TCP test using your code:
Gerchak$ nmap -T5 XX.XX.XXX.XX
Starting Nmap 6.00 ( http://nmap.org ) at 2012-05-22 17:50 CDT
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 1.68 seconds
And here are the results of my UDP test using your code:
Gerchak$ sudo nmap -sU -T5 -p 500,1701,4500,9999 XX.XX.XXX.XX
Starting Nmap 6.00 ( http://nmap.org ) at 2012-05-22 17:51 CDT
Nmap scan report for xxx-bb-xxx-3-ws-6.xxx.xxxxxxxxxxxx.net (XX.XX.XXX.XX)
Host is up (0.096s latency).
PORT STATE SERVICE
500/udp open isakmp
1701/udp open|filtered L2TP
4500/udp open|filtered nat-t-ike
9999/udp open|filtered distinct
Obviously there's something wrong since the TCP scan registered a major problem, so I redid the scan per nmap's recommendations:
Gerchak$ nmap -Pn XX.XX.XXX.XX
Starting Nmap 6.00 ( http://nmap.org ) at 2012-05-22 17:55 CDT
Nmap scan report for xxx-bb-xxx-3-ws-6.xxx.xxxxxxxxxxxx.net (XX.XX.XXX.XX)
Host is up (0.14s latency).
Not shown: 990 filtered ports
PORT STATE SERVICE
22/tcp closed ssh
427/tcp closed svrloc
500/tcp closed isakmp
548/tcp open afp
1723/tcp closed pptp
5002/tcp closed rfe
5003/tcp open fm
5004/tcp closed avt-profile-1
5222/tcp open xmpp-client
8080/tcp open http-proxy
So, where should I go from here? 1723 is closed off yet my router says it's open. I'm just about ready to throw my hands up in the air and just purchase a different router. -
Cannot connect to SQL Server 2008 R2 Express
I have a database application that connects to the Northwind sample db in MS Access and lets the user perform CRUD operations.
Now I want to add the same for MS SQL Server, however, I have trouble connecting to it using this connection string:
I changed the server properties in SQL Server Management Studio to allow windows and SQL Server authentication, yet, I still get this exception when trying to open the connection:
A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections.
(provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server)
I thought it might be because the server is not allowing remote connections and followed this guide to allow remote connections:
http://www.linglom.com/2009/03/28/enable-remote-connection-on-sql-server-2008-express/
But the SQL Server windows service won't start. The Browser works fine, but the server doesn't do anything.
When trying to start it I get this error:
The request failed or the service did not respond in a timely fashion. Consult the event log or other applicable error logs for details.
The event log says:
2011-07-07 17:02:55.35 spid51 Starting up database 'Northwind'.
2011-07-07 17:02:59.98 spid51 Starting up database 'Northwind'.
2011-07-07 17:03:03.68 spid53 Starting up database 'Northwind'.
2011-07-07 17:03:07.01 spid55 Attempting to load library 'xpstar.dll' into memory. This is an informational message only. No user action is required.
2011-07-07 17:03:07.30 spid55 Using 'xpstar.dll' version '2009.100.1600' to execute extended stored procedure 'xp_instance_regread'. This is an informational message only; no user action is required.
2011-07-07 17:03:07.76 spid55 Starting up database 'pubs'.
2011-07-07 17:03:08.89 spid55 Starting up database 'pubs'.
2011-07-07 17:03:09.30 spid55 Starting up database 'pubs'.
2011-07-07 17:04:11.37 spid55 Starting up database 'pubs'.
2011-07-07 17:08:17.28 spid52 Attempting to load library 'xplog70.dll' into memory. This is an informational message only. No user action is required.
2011-07-07 17:08:17.35 spid52 Using 'xplog70.dll' version '2009.100.1600' to execute extended stored procedure 'xp_msver'. This is an informational message only; no user action is required.
However, when starting SQL Server Management Studio, I can normally work with the databases, perform CRUD operations, etc.
I was wondering if it might be a connection string issue.
I'm using this string:
@"Server=lolcalhost;Database=Northwind;User ID=BEN-A350C47E32F;Password=;Trusted_Connection=False;";
I added the Northwind database as data source to the project and the connection string is in the app.config:
<connectionStrings>
<add name="NwindConnectionString" connectionString="Provider=Microsoft.Jet.OLEDB.4.0;Data Source=|DataDirectory|\Nwind.mdb" providerName="System.Data.OleDb"/>
</connectionStrings>
using this code to access it:
constringServer = ConfigurationManager.ConnectionStrings["NwindConnectionString"].ToString();
but when using this string I get an ArgumentException:
Keyword not supported: 'provider'.
I'd appreciate any help that would let me connect to the server from a program.Here is an active Sql connection string we use currently from our app.config file:
<connectionStrings>
<clear/>
<add name="ServerConnectionString" connectionString="Data Source=SqlBox;Initial Catalog=YourCatalog;User Id=Username; Password=password;" providerName="System.Data.SqlClient"/><br/> </connectionStrings>
here is one for Sql Express:
<add name="LocalConnectionString" connectionString="Data Source=MachineName\SqlExpress;Initial Catalog=YourCatalog;Integrated Security= true;" providerName="System.Data.SqlClient"/>
Maybe you are looking for
-
Daily Stock Report for a trading industry
Hi, I want a daily stock report for a trading industry. In this i want date wise opening stock, closing stock, outward quantity and inward quantity. How to get it? Thanks, Niranjan
-
How to handle long lines in a JAD file?
Hi all, setting MIDlet permissions in a JAD file easily expands the length of one line so that they need to get wrapped into 2 or more lines. AFAIK JADs actually are manifest files and the manifest file spec says that a line continuation is marked by
-
I have been getting the MSVCR80.dll missing message. Been on the Apple site and following instruction. Going down the list has instructed I have Deleted I Tunes. Deleted Apple Software Update But when I try to delete Apple Mobile device it wouldn't d
-
At work i have to deal with a lot of excels in which i have to save the file as .txt and then .xls, I will then upload the .txt file to SAP In the txt files, the numbers are being saved with "." (dot) and not with a ","(Comma) in the decimals, even t
-
Dear all, when i use object filter in IDoc deployment, i find a special part in BD64. Normally just some fields in a filter group but sometimes a special part called 'Dependent on class membership' in it. It seems like a table but i don't know an