Help! RRAS on SBS2003

I have a SBS2003 Std (patched) with one NIC which I am trying to set up as a
VPN server. On another SBS2003 Std (patched), I followed the instructions,
set it up as remote access and VPN demand-dial, configured 5 PPTP ports, set
up a bank of static IP's. I did all this after running the Remote Access
Wizard. It works fine.

This time, when I disabled and reenabled RRAS, when I selected option 1 (VPN
and remote access), I got a warning about only 1 NIC and that I need to do a
custom configuration. I did a custom configuration selecting VPN and
demand-dial. I configured the ports and static IP's. This time I cannot
connect. RRAS is running. As I'm looking at RRAS status, the first thing I
notice is that under IP Routing, General, the Internal interface does not
have an IP address assigned and status is Non-operational. Under Network
Interfaces, however, it shows as Enabled. When I do ipconfig, the working
server shows the PPP adapter and the local connection, the problem server
shows only the local connection.

I've tried various combinations of settings and searching the kb, nothing
talks about this issue. I have been able to connect to this box before, but
was having problems with authenticating which is why I disabled/reenabled
RRAS.

I have an identical setup running with the first box. Both rely on an
external router (same brand/model) for DHCP. The only difference is that the
first box is a Gateway and the second is HP. Another strange thing - as I
was checking the state of the RRAS service on both servers, I noticed that
the description of RRAS (on top left, where the hyperlinks for
stop/start/restart are) was different on the Gateway (verbose) vs. on the HP
(brief). I patched the GW with SP1, and bought the HP with SP1 installed
(supposedly). MS Update shows both being patched, but it seems like the two
machines are running different versions of RRAS.

Hopefully someone on this list can help - I appreciate it.

First up, the internal interface not having an IP address is a symptom,
not a cause. It does not get an IP address until the first remote client
connects. It doesn't need one until that happens.

Can you connect from a local machine using the server's local IP
address? This is a good way to check the server config. If that works, you
can start checking why it doesn't work from the outside.


Alexis wrote:
> I have a SBS2003 Std (patched) with one NIC which I am trying to set
> up as a VPN server. On another SBS2003 Std (patched), I followed the
> instructions, set it up as remote access and VPN demand-dial,
> configured 5 PPTP ports, set up a bank of static IP's. I did all
> this after running the Remote Access Wizard. It works fine.
>
> This time, when I disabled and reenabled RRAS, when I selected option
> 1 (VPN and remote access), I got a warning about only 1 NIC and that
> I need to do a custom configuration. I did a custom configuration
> selecting VPN and demand-dial. I configured the ports and static
> IP's. This time I cannot connect. RRAS is running. As I'm looking
> at RRAS status, the first thing I notice is that under IP Routing,
> General, the Internal interface does not have an IP address assigned
> and status is Non-operational. Under Network Interfaces, however, it
> shows as Enabled. When I do ipconfig, the working server shows the
> PPP adapter and the local connection, the problem server shows only
> the local connection.
>
> I've tried various combinations of settings and searching the kb,
> nothing talks about this issue. I have been able to connect to this
> box before, but was having problems with authenticating which is why
> I disabled/reenabled RRAS.
>
> I have an identical setup running with the first box. Both rely on an
> external router (same brand/model) for DHCP. The only difference is
> that the first box is a Gateway and the second is HP. Another
> strange thing - as I was checking the state of the RRAS service on
> both servers, I noticed that the description of RRAS (on top left,
> where the hyperlinks for stop/start/restart are) was different on the
> Gateway (verbose) vs. on the HP (brief). I patched the GW with SP1,
> and bought the HP with SP1 installed (supposedly). MS Update shows
> both being patched, but it seems like the two machines are running
> different versions of RRAS.
>
> Hopefully someone on this list can help - I appreciate it.

Thanks Bill. I can connect from a local machine. While it does seem that it
would be the firewall, I monitor the firewall and it does allow VPN through.
I was able to connect today from the outside, but after about 30 min it
reverted back and I started getting the same behavior (connects, then hangs
when verifying credentials). When I was connected from the outside, I was
not able to see other clients on the network, and also was not able to ping
local clients from the outside - so a route is not being established. On the
remote client, I alternately get error 721 (the 'GRE' fault), and error 732
(inability to agree on protocols). My feeling is that this is a routing or
DNS issue. Do you have any other ideas on what this could be?

"Bill Grant" wrote:

> First up, the internal interface not having an IP address is a symptom,
> not a cause. It does not get an IP address until the first remote client
> connects. It doesn't need one until that happens.
>
> Can you connect from a local machine using the server's local IP
> address? This is a good way to check the server config. If that works, you
> can start checking why it doesn't work from the outside.
>
>
> Alexis wrote:
> > I have a SBS2003 Std (patched) with one NIC which I am trying to set
> > up as a VPN server. On another SBS2003 Std (patched), I followed the
> > instructions, set it up as remote access and VPN demand-dial,
> > configured 5 PPTP ports, set up a bank of static IP's. I did all
> > this after running the Remote Access Wizard. It works fine.
> >
> > This time, when I disabled and reenabled RRAS, when I selected option
> > 1 (VPN and remote access), I got a warning about only 1 NIC and that
> > I need to do a custom configuration. I did a custom configuration
> > selecting VPN and demand-dial. I configured the ports and static
> > IP's. This time I cannot connect. RRAS is running. As I'm looking
> > at RRAS status, the first thing I notice is that under IP Routing,
> > General, the Internal interface does not have an IP address assigned
> > and status is Non-operational. Under Network Interfaces, however, it
> > shows as Enabled. When I do ipconfig, the working server shows the
> > PPP adapter and the local connection, the problem server shows only
> > the local connection.
> >
> > I've tried various combinations of settings and searching the kb,
> > nothing talks about this issue. I have been able to connect to this
> > box before, but was having problems with authenticating which is why
> > I disabled/reenabled RRAS.
> >
> > I have an identical setup running with the first box. Both rely on an
> > external router (same brand/model) for DHCP. The only difference is
> > that the first box is a Gateway and the second is HP. Another
> > strange thing - as I was checking the state of the RRAS service on
> > both servers, I noticed that the description of RRAS (on top left,
> > where the hyperlinks for stop/start/restart are) was different on the
> > Gateway (verbose) vs. on the HP (brief). I patched the GW with SP1,
> > and bought the HP with SP1 installed (supposedly). MS Update shows
> > both being patched, but it seems like the two machines are running
> > different versions of RRAS.
> >
> > Hopefully someone on this list can help - I appreciate it.
>
>
>

There is one more thing that's confusing to me. I reconfigured RRAS in the
following manner:
1. Run repair internet settings wizard (just to make sure settings are
correct, and that enable VPN etc. is checked)
2. Run configure remote access wizard (again to make sure settings are
correct and that VPN and remote access are enabled). In this dialog, I do
get a choice between DHCP and static IP for clients. If I do select static
and input a range, this is not reflected in the RRAS settings in 3. Am I not
actually changing the same settings through the wizard as if I configured
RRAS directly???
3. Configure RRAS for demand-dial, PPTP, and the static IP range (which did
not get set in 2).

"Alexis" wrote:

> Thanks Bill. I can connect from a local machine. While it does seem that it
> would be the firewall, I monitor the firewall and it does allow VPN through.
> I was able to connect today from the outside, but after about 30 min it
> reverted back and I started getting the same behavior (connects, then hangs
> when verifying credentials). When I was connected from the outside, I was
> not able to see other clients on the network, and also was not able to ping
> local clients from the outside - so a route is not being established. On the
> remote client, I alternately get error 721 (the 'GRE' fault), and error 732
> (inability to agree on protocols). My feeling is that this is a routing or
> DNS issue. Do you have any other ideas on what this could be?
>
> "Bill Grant" wrote:
>
> > First up, the internal interface not having an IP address is a symptom,
> > not a cause. It does not get an IP address until the first remote client
> > connects. It doesn't need one until that happens.
> >
> > Can you connect from a local machine using the server's local IP
> > address? This is a good way to check the server config. If that works, you
> > can start checking why it doesn't work from the outside.
> >
> >
> > Alexis wrote:
> > > I have a SBS2003 Std (patched) with one NIC which I am trying to set
> > > up as a VPN server. On another SBS2003 Std (patched), I followed the
> > > instructions, set it up as remote access and VPN demand-dial,
> > > configured 5 PPTP ports, set up a bank of static IP's. I did all
> > > this after running the Remote Access Wizard. It works fine.
> > >
> > > This time, when I disabled and reenabled RRAS, when I selected option
> > > 1 (VPN and remote access), I got a warning about only 1 NIC and that
> > > I need to do a custom configuration. I did a custom configuration
> > > selecting VPN and demand-dial. I configured the ports and static
> > > IP's. This time I cannot connect. RRAS is running. As I'm looking
> > > at RRAS status, the first thing I notice is that under IP Routing,
> > > General, the Internal interface does not have an IP address assigned
> > > and status is Non-operational. Under Network Interfaces, however, it
> > > shows as Enabled. When I do ipconfig, the working server shows the
> > > PPP adapter and the local connection, the problem server shows only
> > > the local connection.
> > >
> > > I've tried various combinations of settings and searching the kb,
> > > nothing talks about this issue. I have been able to connect to this
> > > box before, but was having problems with authenticating which is why
> > > I disabled/reenabled RRAS.
> > >
> > > I have an identical setup running with the first box. Both rely on an
> > > external router (same brand/model) for DHCP. The only difference is
> > > that the first box is a Gateway and the second is HP. Another
> > > strange thing - as I was checking the state of the RRAS service on
> > > both servers, I noticed that the description of RRAS (on top left,
> > > where the hyperlinks for stop/start/restart are) was different on the
> > > Gateway (verbose) vs. on the HP (brief). I patched the GW with SP1,
> > > and bought the HP with SP1 installed (supposedly). MS Update shows
> > > both being patched, but it seems like the two machines are running
> > > different versions of RRAS.
> > >
> > > Hopefully someone on this list can help - I appreciate it.
> >
> >
> >