VPN error 721 with Windows 2003 server

I have a network with a Windows 2000 server which has happily been operating
as a remote access server for years. I now have a Windows 2003 server on
the network which I wish to become the Remote Access server instead of the
old Windows 2000 server. Unfortunately, any attempt to connect remotely
gets error 721. The failed attempt is logged in the server's System Log,
with some suggestions about changing the router config.

I know this is not a problem with the router (a Netgear DG834) because all
I've changed on it is the LAN server IP address for the incoming PPTP
connections. If I point it back to the "old" server, it continues to work
fine.

The new (2003) server has 2 NIC's, and I can VPN to it just fine from the
internal network.

So, in summary:

Windows 2003 Server with 2 NIC'S
Remote Access VPN works fine from internal LAN
Remote Access VPN over internet gives error 721
The router setup is not the problem.

Any suggestions gratefully received.

This article might help you solve your problem:

http://support.microsoft.com/kb/271731

--
----------------------------------------------------------------------------------------------------------------------------
Johan Engdahl
CCSA, CCSE, CCA, MCP | johan AT firewall1 DOT nu | http://www.firewall1.nu

"Baz" <(E-Mail Removed)> wrote in message
news:45e2e00e$0$22127$(E-Mail Removed)...
>I have a network with a Windows 2000 server which has happily been
>operating
> as a remote access server for years. I now have a Windows 2003 server on
> the network which I wish to become the Remote Access server instead of the
> old Windows 2000 server. Unfortunately, any attempt to connect remotely
> gets error 721. The failed attempt is logged in the server's System Log,
> with some suggestions about changing the router config.
>
> I know this is not a problem with the router (a Netgear DG834) because all
> I've changed on it is the LAN server IP address for the incoming PPTP
> connections. If I point it back to the "old" server, it continues to work
> fine.
>
> The new (2003) server has 2 NIC's, and I can VPN to it just fine from the
> internal network.
>
> So, in summary:
>
> Windows 2003 Server with 2 NIC'S
> Remote Access VPN works fine from internal LAN
> Remote Access VPN over internet gives error 721
> The router setup is not the problem.
>
> Any suggestions gratefully received.
>
>

Hi Johan

Thanks for the reply.

I checked that out, no luck unfortunately. I even tried turning off address
validation, as described at the end of the article.


"Johan Engdahl" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> This article might help you solve your problem:
>
> http://support.microsoft.com/kb/271731
>
> --
> --------------------------------------------------------------------------
--------------------------------------------------
> Johan Engdahl
> CCSA, CCSE, CCA, MCP | johan AT firewall1 DOT nu | http://www.firewall1.nu
>
> "Baz" <(E-Mail Removed)> wrote in message
> news:45e2e00e$0$22127$(E-Mail Removed)...
> >I have a network with a Windows 2000 server which has happily been
> >operating
> > as a remote access server for years. I now have a Windows 2003 server
on
> > the network which I wish to become the Remote Access server instead of
the
> > old Windows 2000 server. Unfortunately, any attempt to connect remotely
> > gets error 721. The failed attempt is logged in the server's System
Log,
> > with some suggestions about changing the router config.
> >
> > I know this is not a problem with the router (a Netgear DG834) because
all
> > I've changed on it is the LAN server IP address for the incoming PPTP
> > connections. If I point it back to the "old" server, it continues to
work
> > fine.
> >
> > The new (2003) server has 2 NIC's, and I can VPN to it just fine from
the
> > internal network.
> >
> > So, in summary:
> >
> > Windows 2003 Server with 2 NIC'S
> > Remote Access VPN works fine from internal LAN
> > Remote Access VPN over internet gives error 721
> > The router setup is not the problem.
> >
> > Any suggestions gratefully received.
> >
> >
>
>

Do a simple test. Can you telnet port 1723 from internet?

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"Baz" <(E-Mail Removed)> wrote in message news:45e2e00e$0$22127$(E-Mail Removed)...
I have a network with a Windows 2000 server which has happily been operating
as a remote access server for years. I now have a Windows 2003 server on
the network which I wish to become the Remote Access server instead of the
old Windows 2000 server. Unfortunately, any attempt to connect remotely
gets error 721. The failed attempt is logged in the server's System Log,
with some suggestions about changing the router config.

I know this is not a problem with the router (a Netgear DG834) because all
I've changed on it is the LAN server IP address for the incoming PPTP
connections. If I point it back to the "old" server, it continues to work
fine.

The new (2003) server has 2 NIC's, and I can VPN to it just fine from the
internal network.

So, in summary:

Windows 2003 Server with 2 NIC'S
Remote Access VPN works fine from internal LAN
Remote Access VPN over internet gives error 721
The router setup is not the problem.

Any suggestions gratefully received.

Thanks for your reply.

Yes I can. There is nothing wrong with the router configuration, the correct ports are open, it works fine (as it always has done) if I point it back at the "old" server (by simply changing the destination LAN IP address in the relevant firewall rule). The problem, whatever it is, is with the configuration of the new server.

"Robert L [MVP - Networking]" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
Do a simple test. Can you telnet port 1723 from internet?

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"Baz" <(E-Mail Removed)> wrote in message news:45e2e00e$0$22127$(E-Mail Removed)...
I have a network with a Windows 2000 server which has happily been operating
as a remote access server for years. I now have a Windows 2003 server on
the network which I wish to become the Remote Access server instead of the
old Windows 2000 server. Unfortunately, any attempt to connect remotely
gets error 721. The failed attempt is logged in the server's System Log,
with some suggestions about changing the router config.

I know this is not a problem with the router (a Netgear DG834) because all
I've changed on it is the LAN server IP address for the incoming PPTP
connections. If I point it back to the "old" server, it continues to work
fine.

The new (2003) server has 2 NIC's, and I can VPN to it just fine from the
internal network.

So, in summary:

Windows 2003 Server with 2 NIC'S
Remote Access VPN works fine from internal LAN
Remote Access VPN over internet gives error 721
The router setup is not the problem.

Any suggestions gratefully received.

If the route forward traffic the server, then the event viewer should have an error. Check Event viewer for any errors.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"Baz" <(E-Mail Removed)> wrote in message news:45e3f2d9$0$28983$(E-Mail Removed)...
Thanks for your reply.

Yes I can. There is nothing wrong with the router configuration, the correct ports are open, it works fine (as it always has done) if I point it back at the "old" server (by simply changing the destination LAN IP address in the relevant firewall rule). The problem, whatever it is, is with the configuration of the new server.

"Robert L [MVP - Networking]" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
Do a simple test. Can you telnet port 1723 from internet?

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"Baz" <(E-Mail Removed)> wrote in message news:45e2e00e$0$22127$(E-Mail Removed)...
I have a network with a Windows 2000 server which has happily been operating
as a remote access server for years. I now have a Windows 2003 server on
the network which I wish to become the Remote Access server instead of the
old Windows 2000 server. Unfortunately, any attempt to connect remotely
gets error 721. The failed attempt is logged in the server's System Log,
with some suggestions about changing the router config.

I know this is not a problem with the router (a Netgear DG834) because all
I've changed on it is the LAN server IP address for the incoming PPTP
connections. If I point it back to the "old" server, it continues to work
fine.

The new (2003) server has 2 NIC's, and I can VPN to it just fine from the
internal network.

So, in summary:

Windows 2003 Server with 2 NIC'S
Remote Access VPN works fine from internal LAN
Remote Access VPN over internet gives error 721
The router setup is not the problem.

Any suggestions gratefully received.

As i said in my first post, it does log an error: it tells me to open the ports on my router (which I know is not the problem)
"Robert L [MVP - Networking]" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
If the route forward traffic the server, then the event viewer should have an error. Check Event viewer for any errors.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"Baz" <(E-Mail Removed)> wrote in message news:45e3f2d9$0$28983$(E-Mail Removed)...
Thanks for your reply.

Yes I can. There is nothing wrong with the router configuration, the correct ports are open, it works fine (as it always has done) if I point it back at the "old" server (by simply changing the destination LAN IP address in the relevant firewall rule). The problem, whatever it is, is with the configuration of the new server.

"Robert L [MVP - Networking]" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
Do a simple test. Can you telnet port 1723 from internet?

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"Baz" <(E-Mail Removed)> wrote in message news:45e2e00e$0$22127$(E-Mail Removed)...
I have a network with a Windows 2000 server which has happily been operating
as a remote access server for years. I now have a Windows 2003 server on
the network which I wish to become the Remote Access server instead of the
old Windows 2000 server. Unfortunately, any attempt to connect remotely
gets error 721. The failed attempt is logged in the server's System Log,
with some suggestions about changing the router config.

I know this is not a problem with the router (a Netgear DG834) because all
I've changed on it is the LAN server IP address for the incoming PPTP
connections. If I point it back to the "old" server, it continues to work
fine.

The new (2003) server has 2 NIC's, and I can VPN to it just fine from the
internal network.

So, in summary:

Windows 2003 Server with 2 NIC'S
Remote Access VPN works fine from internal LAN
Remote Access VPN over internet gives error 721
The router setup is not the problem.

Any suggestions gratefully received.

Hello everyone,
I am having the similar issue. And I could even telnet vpn-server-ip 1723
without any problem. By using Ethereal, I could see that several pptp and one
tcp request coming in, but RAS(VPN Server) logged nothing.
If I shut down RAS, I can ping VPN server box, access web server that
running on that box.
What might be the problem?

Hi Baz,

You are correct, it cannot be the router. IIRC you have to
edit the inbound and outbound filters in the properties of
the VPN Nic using RRAS admin tool. Have a look:

http://support.microsoft.com/kb/324262/en-us


"Baz" <(E-Mail Removed)> wrote in message news:.
As i said in my first post, it does log an error: it tells me to open the
ports on my router (which I know is not the problem)

See my reply to the OP. Check to be sure inbound and
outbound filters are configured properly on the external
NIC.

"Jeff" <(E-Mail Removed)> wrote in message
news:1FB292DA-2F87-4555-AECB-(E-Mail Removed)...
> Hello everyone,
> I am having the similar issue. And I could even telnet vpn-server-ip 1723
> without any problem. By using Ethereal, I could see that several pptp and
> one
> tcp request coming in, but RAS(VPN Server) logged nothing.
> If I shut down RAS, I can ping VPN server box, access web server that
> running on that box.
> What might be the problem?
>
>