How setup Windows 2003 VPN server?

[ljCharlie]

I have the followed the instruction on how to setup a Windows 2003 VPN server from this link:

http://www.microsoft.com/windowsserver2003/techinfo/overview/connectremote.mspx

and still I'm having problems. Here's the error I got from the client side when trying to connect to the VPN server:

Checking network protocol connections…

TCP/IP reporter error 733: A connection to the remote computer could not be completed. You might need to adjust the protocols on this computer. For further assistance, click More Info or search Help and Support Center for this error number.

And here is the Warning and Error from the VPN Server System event log:

Event Type: Warning
Event Source: RemoteAccess
Event Category: None
Event ID: 20167
Date: 2/7/2005
Time: 8:30:43 AM
User: N/A
Computer: myComputer
Description:
No IP address is available to hand out to the dial-in client.

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: RemoteAccess
Event Category: None
Event ID: 20050
Date: 2/7/2005
Time: 8:30:43 AM
User: N/A
Computer: myComputer
Description:
The user myDomain\myself connected to port VPN4-127 has been disconnected because no network protocols were successfully negotiated.

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

Will anyone tell me what's going on and how to solve this problem?

Any help is appreciated.

ljCharlie

 

[MoobyCow]

When you set up Routing and Remote Access on your server did you choose to assign IP addresses automatically or from a pool of addresses?

If automatically it looks like your DHCP server has no addresses left to lease.

If you chose from a pool, then you need to make sure you actually setup this pool so there are addresses available, and they they don't conflict with addresses already on your network.

 

[ljCharlie]

Many thanks for your response. When you said, "your DHCP server has no addresses left to lease, you are reffering to the DHCP on the VPN server and not the domain controller, correct? In the properties of the server under the IP tab, there is an option in there about DHCP server. The DHCP radio button is selected. However, I don't understand why there is no address left when there is no client computer connected to the VPN server.

ljCharlie

 

[ljCharlie]

I think I got it working by using the Pool option. However, I'm still not sure why it's not working by using DHCP.

Well, many thanks for your help.

ljCharlie

 

[ljCharlie]

Okay, now that I got client connected to the VPN server, how do I get the client or server to automatically run a script to connect all the network drivers and printers? Is this possible? If so, how?

ljCharlie

 

[MoobyCow]

It could be that your DHCP server only had a limited scope available and the local machines on your network had taken all of the IP addresses (there is not a different range for your VPN clients).

It could also be that your VPN server had taken all the open addreses:

http://www.tek-tips.com/viewthread.cfm?qid=999719&page=2

I don't know that it is possible to have it automatically run a script on connecting. It probably is, but I don't know how. I just have a .bat file I have the users run when they connect.

 

[ljCharlie]

I took the laptop home to my network. I tried to connect to VPN to my work place and I was connected but I couldn't map any drives nor can I access the Internet. I am able to access Internet and map to any network drives when the laptop is on the same network as the domain controller but using VPN.

Any other suggestions?

ljCharlie

 

[aftertaf]

check this link..

http://www.chicagotech.net/nameresolutionpnvpn.htm

Aftertaf
__________________
squiggle squiggle

 

[ljCharlie]

Okay, here's something I found out. When I click on the Details tab of the VPN connection, WAN Miniport(PPTP), I see that the VPN server's IP address is now a local address with 192.168.0.2 instead of the public IP address. I am able to ping and map to the VPN server's shared folders. However, I am unable to map to our file server. I tried the server name and also the file server's public IP and still not working. Obviously there is something I need to configure..but I'm not sure what it is. But I did find out that maping the VPN server shared drives works if using the private IP address. There is something fishy about this but I'm not sure what it is yet.

ljCharlie

 

[MoobyCow]

You should check your WINS settings. When connecting by VPN you client will use WINS to browse the network. If your WINS server has some bad values (which can be pretty common because if you're not using a VPN you wouldn't notice a problem) then you'll have network issues.

The best best is to hard code your WINS server information for the NIC that you use when connecting via VPN.

The good news if that your IP is correct and you can map your VPN servers drive then your are connected and your VPN is setup correctly.

 

[ljCharlie]

You're referring to the WINS settings in the VPN client, correct? What should the WINS settings be? Are the WINS addresses be my domain controller, vpn server, or my ISP DNS ip?

ljCharlie

 

[MoobyCow]

The WINS settings are for your WINS server on your local network.

Your have a DHCP server which issues IP addresses for clients, you have a DNS server which acts as a lookup for the clients so it can resolve IP addresses to names, and you have a WINS server which does the same thing as your DNS server except using a different protocol.

Normally the DHCP, DNS and WINS server are all the same machine.

If you have a new network (all W2K and XP) you may not have a WINS server running, in which case you'll have to set it up for your network. It's fairly straight forward and I would recommend putting it on the same machine that is running DNS.

Then just put the IP address of that machine in your clients settings.

 

[ljCharlie]

All our computers and servers are Widnows XP and Windows 2003 server including all the client computers and that's why I didn't configure the WINS on our domain controller. Are you saying that configure the WINS still needed eventhough my client computer is also Windows XP?

 

[MoobyCow]

Yes. DNS does not work properly with VPN clients, I'm not sure of the why, it just is. I read someplace the explanation but I forget what it was.

If you want to use VPN you have to have a WINS server. For some reason most tutorials on setting up a VPN leave this out.

It took me days to figure out what was wrong with my VPN when I forst set it up.

 

[ljCharlie]

Okay, so how do I configure the WINS? I mean what IP address should I put in? Do I put in the IP address of the domain server or the IP address of the ISP's DNS? Our domain controller is setup to be a forest but it does gets it's IP from the ISP.

I did try putting the IP address of the domain controller on the domain server's WINS tab and also put it on the vpn client but it's not working either. Unless that is not correct.

ljCharlie

 

[MoobyCow]

You have to install the service WINS on some server in your domain. In the WINS service on that machine you have to set up the IP mappings you need for your VPN client (IP addresses of the servers).

Then you have to put the IP address of the computer running WINS into the WINS tab of the client.

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/serverroles/winsserver/default.mspx

 

[ljCharlie]

I have isntalled the WINS service now. However, there thing in any of the Active Regration and Replication Partner. I saw Static mapping but I'm not sure if that's what I want. Right now, all the vpn clients are using a pool of IP address from 192.168.0.2 to 192.168.0.5. So is that mean I should use static maping?

ljCharlie

 

[MoobyCow]

The only thing you should have to do is put the static IP addresses of the servers you want your clients to map in WINS under active registrations. Your clients will automatically register themselves in WINS so you don't need to add any of them to WINS.

The servers should add themselves as well, but you're better off adding them manually at setup to make sure everything you need is in there. These will be your static records.

 

[ljCharlie]

Still not working. Here's what have so far. The Routing and Remote Access is on a separate server than the domain controller. Routing and Remote Access server (local)'s Property/IP tab is configured to use Static Address Pool:

192.168.0.2 to 192.168.0.5

Now the WINS server is setup on the domain controller. Right now in the Active Registration, it showed the following Type:

Other
Domain Master Browser
Workgroup
Domain Controller
Normal Group Name
WorkStation
File Server

The IP Address and Owner address are the same and they are both public IP address.

The vpn client can not ping the WINS server IP address nor the domain controller IP address. The only thing the vpn client can ping is the server that host Routing and Remote Access which I believed is the VPN server. And this vpn client and map to this VPN server and that is it. And yes, it is able to access the Internet too. But why is it not able to map the File Server for all my network drives?

ljCharlie

 

[MoobyCow]

OK, let's start with the clients then.

After you connect via VPN run ipconfig \all and see if the settings are correct.

You should have an IP address in the correct range, the correct DNS server and the correct WINS settings.