XP to 2003 RRAS VPN Fails Curiously

I have a Win XP SP2 client that is external to our LAN. When I try to
connect via VPN to a member server joined to the AD domain running Win 2003
& RRAS, I get "verifying username and password" on the client machine, and
then finally it disconnects with error code "721 (Remote computer did not
respond)". If I try to connect again, it just sits at the "connecting to
<IP address>" screen and then fails. (I'm in the VPN_Users group as well as
am a domain admin.)

Looking in the Win2003 event logs, I see Event ID 20049: "The user connected
to port VPN4-127 has been disconnected because the authentication process
did not complete within the required amount of time."

I followed the MS tutorial on configuring the VPN Server. The Internal NIC
has Client for MS Networks, a static IP address of 10.0.0.103, no gateway,
and points to our DNS server at 10.0.0.102, points to our WINS server at
10.0.0.102 and has NetBIOS enabled. The External NIC *isn't* using Client
for MS Networks, has a static IP address of 24.123.130.x, a gateway of
24.123.130.y (as assigned by our ISP), points to the ISP provided external
DNS servers, and has NetBIOS disabled. I selected the External NIC as the
one which connects to the Internet on the Win2003 Server during the initial
configuration of RRAS.

I've authorized the Win2003 to be a valid RRAS server for the domain from
the DC. I have only 1 Remote Access Policy: to grant access if the NAS Port
Type = VPN and if the user is a member of the domain\VPN_Users group.

Any ideas???

Thanks,
Rob

it could be IP Protocol 47 (GRE) issue. quoted from
http://www.ChicagoTech.net

Error 721: Remote PPP peer or computer is not responding. If you have tried
many thing other people suggest like rebooting, reloading hardware and
re-installing the VPN or dial in connection, you still get the same problem.
I will suggest to check the router settings and make sure TCP Port 1723, IP
Protocol 47 (GRE) are opened. Also make sure that the router has the PPTP
enabled and not firewall block the traffic. On the RAS server, check the
DHCP settings.

--
For more and other information, go to http://www.ChicagoTech.net

Don't send e-mail or reply to me except you need consulting services.
Posting on MS newsgroup will benefit all readers and you may get more help.

Robert Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on
http://www.ChicagoTech.net
This posting is provided "AS IS" with no warranties.

"Rob" <rbergerATtrmcomDOTcom> wrote in message
news:%(E-Mail Removed)...
>I have a Win XP SP2 client that is external to our LAN. When I try to
>connect via VPN to a member server joined to the AD domain running Win 2003
>& RRAS, I get "verifying username and password" on the client machine, and
>then finally it disconnects with error code "721 (Remote computer did not
>respond)". If I try to connect again, it just sits at the "connecting to
><IP address>" screen and then fails. (I'm in the VPN_Users group as well
>as am a domain admin.)
>
> Looking in the Win2003 event logs, I see Event ID 20049: "The user
> connected to port VPN4-127 has been disconnected because the
> authentication process did not complete within the required amount of
> time."
>
> I followed the MS tutorial on configuring the VPN Server. The Internal
> NIC has Client for MS Networks, a static IP address of 10.0.0.103, no
> gateway, and points to our DNS server at 10.0.0.102, points to our WINS
> server at 10.0.0.102 and has NetBIOS enabled. The External NIC *isn't*
> using Client for MS Networks, has a static IP address of 24.123.130.x, a
> gateway of 24.123.130.y (as assigned by our ISP), points to the ISP
> provided external DNS servers, and has NetBIOS disabled. I selected the
> External NIC as the one which connects to the Internet on the Win2003
> Server during the initial configuration of RRAS.
>
> I've authorized the Win2003 to be a valid RRAS server for the domain from
> the DC. I have only 1 Remote Access Policy: to grant access if the NAS
> Port Type = VPN and if the user is a member of the domain\VPN_Users group.
>
> Any ideas???
>
> Thanks,
> Rob
>

There is no router to block TCP port 1723 or IP Protocol 47. It's just my
Win2003 server with 2 NICs. Do I need to make any changes to it? I'm not
doing DHCP on the RAS, I'm trying to use the relay for another DHCP server
on my LAN.

Losing my mind,
Rob

"Robert L [MS-MVP]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> it could be IP Protocol 47 (GRE) issue. quoted from
> http://www.ChicagoTech.net
>
> Error 721: Remote PPP peer or computer is not responding. If you have
> tried many thing other people suggest like rebooting, reloading hardware
> and re-installing the VPN or dial in connection, you still get the same
> problem. I will suggest to check the router settings and make sure TCP
> Port 1723, IP Protocol 47 (GRE) are opened. Also make sure that the router
> has the PPTP enabled and not firewall block the traffic. On the RAS
> server, check the DHCP settings.
>
> --
> For more and other information, go to http://www.ChicagoTech.net
>
> Don't send e-mail or reply to me except you need consulting services.
> Posting on MS newsgroup will benefit all readers and you may get more
> help.
>
> Robert Lin, MS-MVP, MCSE & CNE
> Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on
> http://www.ChicagoTech.net
> This posting is provided "AS IS" with no warranties.
>
> "Rob" <rbergerATtrmcomDOTcom> wrote in message
> news:%(E-Mail Removed)...
>>I have a Win XP SP2 client that is external to our LAN. When I try to
>>connect via VPN to a member server joined to the AD domain running Win
>>2003 & RRAS, I get "verifying username and password" on the client
>>machine, and then finally it disconnects with error code "721 (Remote
>>computer did not respond)". If I try to connect again, it just sits at
>>the "connecting to <IP address>" screen and then fails. (I'm in the
>>VPN_Users group as well as am a domain admin.)
>>
>> Looking in the Win2003 event logs, I see Event ID 20049: "The user
>> connected to port VPN4-127 has been disconnected because the
>> authentication process did not complete within the required amount of
>> time."
>>
>> I followed the MS tutorial on configuring the VPN Server. The Internal
>> NIC has Client for MS Networks, a static IP address of 10.0.0.103, no
>> gateway, and points to our DNS server at 10.0.0.102, points to our WINS
>> server at 10.0.0.102 and has NetBIOS enabled. The External NIC *isn't*
>> using Client for MS Networks, has a static IP address of 24.123.130.x, a
>> gateway of 24.123.130.y (as assigned by our ISP), points to the ISP
>> provided external DNS servers, and has NetBIOS disabled. I selected the
>> External NIC as the one which connects to the Internet on the Win2003
>> Server during the initial configuration of RRAS.
>>
>> I've authorized the Win2003 to be a valid RRAS server for the domain from
>> the DC. I have only 1 Remote Access Policy: to grant access if the NAS
>> Port Type = VPN and if the user is a member of the domain\VPN_Users
>> group.
>>
>> Any ideas???
>>
>> Thanks,
>> Rob
>>
>
>

Nevermind, I fixed it.

"Rob" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> There is no router to block TCP port 1723 or IP Protocol 47. It's just my
> Win2003 server with 2 NICs. Do I need to make any changes to it? I'm not
> doing DHCP on the RAS, I'm trying to use the relay for another DHCP server
> on my LAN.
>
> Losing my mind,
> Rob
>
> "Robert L [MS-MVP]" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> it could be IP Protocol 47 (GRE) issue. quoted from
>> http://www.ChicagoTech.net
>>
>> Error 721: Remote PPP peer or computer is not responding. If you have
>> tried many thing other people suggest like rebooting, reloading hardware
>> and re-installing the VPN or dial in connection, you still get the same
>> problem. I will suggest to check the router settings and make sure TCP
>> Port 1723, IP Protocol 47 (GRE) are opened. Also make sure that the
>> router has the PPTP enabled and not firewall block the traffic. On the
>> RAS server, check the DHCP settings.
>>
>> --
>> For more and other information, go to http://www.ChicagoTech.net
>>
>> Don't send e-mail or reply to me except you need consulting services.
>> Posting on MS newsgroup will benefit all readers and you may get more
>> help.
>>
>> Robert Lin, MS-MVP, MCSE & CNE
>> Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on
>> http://www.ChicagoTech.net
>> This posting is provided "AS IS" with no warranties.
>>
>> "Rob" <rbergerATtrmcomDOTcom> wrote in message
>> news:%(E-Mail Removed)...
>>>I have a Win XP SP2 client that is external to our LAN. When I try to
>>>connect via VPN to a member server joined to the AD domain running Win
>>>2003 & RRAS, I get "verifying username and password" on the client
>>>machine, and then finally it disconnects with error code "721 (Remote
>>>computer did not respond)". If I try to connect again, it just sits at
>>>the "connecting to <IP address>" screen and then fails. (I'm in the
>>>VPN_Users group as well as am a domain admin.)
>>>
>>> Looking in the Win2003 event logs, I see Event ID 20049: "The user
>>> connected to port VPN4-127 has been disconnected because the
>>> authentication process did not complete within the required amount of
>>> time."
>>>
>>> I followed the MS tutorial on configuring the VPN Server. The Internal
>>> NIC has Client for MS Networks, a static IP address of 10.0.0.103, no
>>> gateway, and points to our DNS server at 10.0.0.102, points to our WINS
>>> server at 10.0.0.102 and has NetBIOS enabled. The External NIC *isn't*
>>> using Client for MS Networks, has a static IP address of 24.123.130.x, a
>>> gateway of 24.123.130.y (as assigned by our ISP), points to the ISP
>>> provided external DNS servers, and has NetBIOS disabled. I selected the
>>> External NIC as the one which connects to the Internet on the Win2003
>>> Server during the initial configuration of RRAS.
>>>
>>> I've authorized the Win2003 to be a valid RRAS server for the domain
>>> from the DC. I have only 1 Remote Access Policy: to grant access if the
>>> NAS Port Type = VPN and if the user is a member of the domain\VPN_Users
>>> group.
>>>
>>> Any ideas???
>>>
>>> Thanks,
>>> Rob
>>>
>>
>>
>
>

Dear Rob,

I'm facing the same exact ptoblem can you please tell me what you did to fix the problem?

Thanks

Kevin