VPN setup - new

I am trying to setup a fairly simple (I hope) PPTP VPN - Server behind a NAT. The VPN server resides on the box with a secondary DC | Print server, with two NICS. No TS (another DC handles TS). Router is the gateway for the private subnet to WAN|internet

On the router I have TCP 1723 and GRP (IP 47) forwarded to the "internet" NIC on my VPN server, internal clients pointed at the "private" NIC. After configuring Routing and Remote Access this way,I find that the service won't start ... returns this error

"The Routing and Remote Access service terminated with service-specific error 711 (0x2C7).

I can't seem to find any pertinent info on this particular error. Any help that you can offer is sincerly appreciated

I have a sales rep moving out of the office to work from home so I need to get him connected ASAP

Thanks in advance

If it is an individual that dials in from outside and you are not connecting
two LANs together with it, then compare what you did so far with these
articles to see if you missed anything.

Virtual Private Networking with Windows 2000: Deploying Remote Access VPNs
http://www.microsoft.com/windows2000.../vpndeploy.asp

Microsoft Windows Server 2003 Remote Access/VPN Server Role
http://www.microsoft.com/technet/pro...r/default.mspx

Overview of Deploying Dial-up and VPN Remote Access Servers
http://www.microsoft.com/resources/d...f_vpn_mcnx.asp


--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com


"Medicine Man" <(E-Mail Removed)> wrote in message
news:9D5FD527-4499-42E2-AD98-(E-Mail Removed)...
> I am trying to setup a fairly simple (I hope) PPTP VPN - Server behind a
NAT. The VPN server resides on the box with a secondary DC | Print server,
with two NICS. No TS (another DC handles TS). Router is the gateway for the
private subnet to WAN|internet.
>
> On the router I have TCP 1723 and GRP (IP 47) forwarded to the "internet"
NIC on my VPN server, internal clients pointed at the "private" NIC. After
configuring Routing and Remote Access this way,I find that the service won't
start ... returns this error:
>
> "The Routing and Remote Access service terminated with service-specific
error 711 (0x2C7)."
>
> I can't seem to find any pertinent info on this particular error. Any help
that you can offer is sincerly appreciated.
>
> I have a sales rep moving out of the office to work from home so I need to
get him connected ASAP.
>
> Thanks in advance.
>

"Medicine Man" <(E-Mail Removed)> wrote in message
news:E3256854-89E9-47B4-BD61-(E-Mail Removed)...
> Question: the "Deploying..." article describes a test lab including IIS &
IAS, and
> RADIUS server. Can I not set this simple scenario without these? In this
particular
> application I don't have or need a web server.

No. Be careful of all their scenarios, you don't want to follow something
that doesn't apply to you. I have never touched RADIUS and IAS (don't even
know what they taste like). Now I've obviously used IIS, but not in the
context of RRAS.

> The only thing I need to do still, according to these articles is
configure DHCP
> Relay, but I can't do that until I can get R&RA service started!?! Needles
to say,
> this is more than just a little frustrating.
> Do you know where|how I can find out more about the 711 error in order to
> troubelshoot it?

This is the only thing I have found that even mentions 711 and RRAS in the
same breath.

201003 - RRAS Services Do Not Start Correctly with Kixtart
http://support.microsoft.com/default...b;en-us;201003

MS's toll-free support number is 1-800-936-4900,... if it gets to that
point.


--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

Nope, doesn'apply. I get the error when I try to start RRAS manually. No scripts involved.

I've never seen this error or anything like it before. Guess I'll call support

Thanks.

If they tell you anything useful, ...like a link to an article...post it
here so we know what it was for future use.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

"Medicine Man" <(E-Mail Removed)> wrote in message
news:3BB26E95-84C9-424C-9390-(E-Mail Removed)...
> Nope, doesn'apply. I get the error when I try to start RRAS manually. No
scripts involved.
>
> I've never seen this error or anything like it before. Guess I'll call
support.
>
> Thanks.

Sure thing ... I don't know if I'm just brain-dead this week (not at all outside the realm of possibility) or if this is truly as unique and strange as it appears to be ... either way I can't find ANYTHING pertaining to this issue.

I did continue attempting to install under diferent scenarios than my old standard "Custom" (choosing only VPN access), but with the same result no matter what ... after configuring RRAS manually it appears to accept the config, says that RRAS "has been successfully installed", but every time I try to start the service I get the 711 error. Then, if I close the console and try to reopen RRAS from Administrastive tools, I get "Access denied"?!?! I've never had this much trouble setting up a simple VPN. there's got to be something configured on the box that is related in some obscure way causing the "Access Denied" error, but I'm at aloss to track it down

As much as it pains me, I'll call support and let our Technet audience know if I get a solution there.

Regards..

Found that my problem was two-fold..

1> After implementing the Domain Controllers Baseline Policy (Global Policy), the policy kept disabling services that I need for VPN (including RRAS, Remote Access Connection Manager, Telephony), after I set them to manual as instructed in one of the many documents I've been perusing the last few days over this issue ... changed the RRAS to Automatic and adjusted the Global Policy and "apparently" it's all good now

BTW, thanks to http://www.chicagotech.com for addressing a multitude of error codes clearly and concisely. It's a highly recommended reference for a wide variety of networking issues

2> This issue is addressed in a new thread under the subject "Impersonation level". Seems that all accounts have now been disabled from Dial-in privileges, and Administrator is now locked out of the Dial-in page for Account properties!?!

As always, your helpful response is appreciated