Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
No VPN-connection
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
No VPN-connection - 8.Jul.2005 7:00:00 AM
|
|
|
Venice
Posts: 73
Joined: 8.Jul.2005
From: Belgium
Status: offline
|
I'm trying to enable 'basic' VPN-conenction to our ISA 2004 SP1 server on a WIN2003 server. On the client-side I get TCP/IP error 733: A connection to the remote computer could not be completed... In the event-log on the ISA-server I can see a succesfull logon and logoff for the user I'm trying, the event-log mentions "The user mydomain\myuser connected to port VPN5-9 has been disconnected because no network protocols were successfully negotiated." Can anyone help with this one ? Tried everything (even "THE" book !["[Wink]"](/image/smiles/wink.gif "\"\"") )
[ July 08, 2005, 08:13 AM: Message edited by: Venice ]
|
|
|
|
|
RE: No VPN-connection - 8.Jul.2005 9:29:00 AM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Dennis,
Is the ISA firewall using the ISA firewall best practice of being a domain member? If not, join that ISA firewall to the domain and see what happens.
HTH,
Tom
|
|
|
|
|
RE: No VPN-connection - 8.Jul.2005 10:17:00 AM
|
|
|
Venice
Posts: 73
Joined: 8.Jul.2005
From: Belgium
Status: offline
|
Thanks Tom, but the server is a domain-member already (always has been).
In the ISA alerts I found "An attempt to log on to the VPN server was rejected during the authentication phase. The client session was disconnected." referring to 0xC0040021 which is FWX_E_CONNECTION_REQUEST_REJECTED. It obviously has to be tracked down to an authentication issue, but it really puzzles me. It must be something very simple though. It can't be that a very basic VPN-connection does not work at all.
|
|
|
|
|
RE: No VPN-connection - 11.Jul.2005 4:06:00 AM
|
|
|
Venice
Posts: 73
Joined: 8.Jul.2005
From: Belgium
Status: offline
|
Just tried with a local ISA-server account, but no use, VPN won't work. The authentication part seems to work though, disabling Dial-in for the user results in 'The account does not have permission to dial-in', a invalid password or user results in 'Windows was unable to connect to the network using the user name and password you provided. Please re-enter...', removing the users group in the VPN Clients properties also results in 'The account does not have permission to dial-in'.
1.Isa-server is a member server of our local domain
2.User and password provided are OK
3.User has the right to dial-in
4.Users group is added to the list that allows remote access in Isa-server console
5.Giving the user 'Allow access' or 'Control Access through Remote Access Policy' makes no difference
6.The domain functional level is Windows server 2003
Can't think of other things to check ?
[ July 11, 2005, 04:07 AM: Message edited by: Venice ]
|
|
|
|
|
RE: No VPN-connection - 11.Jul.2005 9:55:00 AM
|
|
|
chrigi-ch
Posts: 24
Joined: 3.Jun.2005
From: Zurich/Switzerland
Status: offline
|
Hey Venice
are there on both sides the MS-CHAPv2 authentication protocolls enabled?
Maybe you should add the MS-CHAP protocoll as well.
regards
Chrigi-ch
|
|
|
|
|
RE: No VPN-connection - 11.Jul.2005 10:10:00 AM
|
|
|
Venice
Posts: 73
Joined: 8.Jul.2005
From: Belgium
Status: offline
|
Yes, both MS-CHAP2 was enabled by default, I tried adding CHAP and even PAP, but no use.
Authentication works, I can see that in the event-logs of the ISA-server and the AD domain-controller. Very strange, lost a couple of days already searching for this problem. Thanks for your help.
|
|
|
|
|
RE: No VPN-connection - 13.Jul.2005 3:58:00 AM
|
|
|
Venice
Posts: 73
Joined: 8.Jul.2005
From: Belgium
Status: offline
|
Hello, I already saw this post a few days ago, but it does not help. I keep getting The user mydomain\myuser connected to port VPN5-9 has been disconnected because no network protocols were successfully negotiated. event 20050 ???
Frustrating !
|
|
|
|
|
RE: No VPN-connection - 13.Jul.2005 5:10:00 PM
|
|
|
chrigi-ch
Posts: 24
Joined: 3.Jun.2005
From: Zurich/Switzerland
Status: offline
|
hey Venice
one more chance: Http://www.eventid.net then type
20050 in the box and klick go.
Maybe this will help you, there a five different replys
By the way, it's a site, which helped me alot at troubleshooting, because the solutions are from
the real "user field".
regards
Chrigi-ch
|
|
|
|
|
RE: No VPN-connection - 1.Mar.2006 8:44:40 AM
|
|
|
denizyalcin
Posts: 122
Joined: 19.Jan.2005
From: Turkey
Status: offline
|
Hi Venice,
Did you find any solution to your problem ? I have the same problem and my configuration is same as yours. The difference is that some of my VPN clients do have this problem, not all of them. They all were functioning last week and now some of them aren't since two days.
|
|
|
|
|
RE: No VPN-connection - 23.Jun.2006 1:16:19 PM
|
|
|
Venice
Posts: 73
Joined: 8.Jul.2005
From: Belgium
Status: offline
|
Hi
After a couple of months doiing other things, I finally found the time to experiment further with VPN-feature of ISA-server.
In the meantime I installed SP2 on the ISA-server.
Still having the same problem though (TCP/IP CP reported error 733: A connection to the remote ...)
Authentication works, I see succesfull logons and logoffs in the event-view.
When I try with a wrong password...
The user Administrator connected from [IP-address] but failed an authentication attempt due to the following reason: Authentication was not successful because an unknown user name or incorrect password was used.
In the system part of event view I found...
The user Domain\User connected to port VPN5-9 has been disconnected because no network protocols were successfully negotiated.
I have everything in place as it should (followed the book by the letter). Even restarted a whole new installation. Just can't seem to get this to work!
Tried with DNS-servers explicitely and with DHCP-relay.
Couple of questions ...
1) On the external NIC of the ISA-server multiple-IP addresses are configured (could this be the cause ?)
2) Is a WINS-server mandatory to get a connection ? I don't use a WINS-server now.
TIA
|
|
|
|
|
RE: No VPN-connection - 6.Jul.2006 3:38:03 PM
|
|
|
Venice
Posts: 73
Joined: 8.Jul.2005
From: Belgium
Status: offline
|
Hi denizyalcin
Thanks for the reply, better late then never :o)
I just activated WINS on the DC. But it still does not work.
In the ISA real-time log I get a PPTP 'initiated connection' on port 1723 from external to local host.
Then the same on port 0 and finally a PPTP 'closed connection' on port 1723.
That's it (in the event-log I see succesfull login of the user I'm using to logon at the VPN-client).
Error 733 on the client-side keeps on coming ?
For now a allowed all traffic between VPN-client and internal network and vice versa. But, I'm just nog getting there, the PC never becomes a VPN-client.
Rudy
|
|
|
|
|
RE: No VPN-connection - 6.Jul.2006 4:41:15 PM
|
|
|
Venice
Posts: 73
Joined: 8.Jul.2005
From: Belgium
Status: offline
|
Product:
Windows Operating System
Event ID:
20050
Source:
RemoteAccess
Version:
5.2
Symbolic Name:
ROUTERLOG_AUTH_NO_PROJECTIONS
Message:
The user %1 connected to port %2 has been disconnected because no network protocols were successfully negotiated.
In addition, this is what I see in the eventlog on the ISA-server
|
|
|
|
|
RE: No VPN-connection - 7.Jul.2006 5:51:03 PM
|
|
|
Venice
Posts: 73
Joined: 8.Jul.2005
From: Belgium
Status: offline
|
VPN-connection on a newly setup test ISA 2004 server works immediately !
So, seems I understand how to configure, probably something must have gone corrupt on my production server (733 error).
Can anyone suggest what to check, test or do ?
Thanks
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
RE: No VPN-connection - ![[Embarrassed]](/image/smiles/redface.gif)
). Last week I installed SP2, perhaps this helps, I will look back into this next week (hope to find some time). I'll keep you informed. 
). First of all , you really need to install the WINS service on your DC. You don't need to configure anything. It will automatically handle the "netbios name - IP address" mappings. This step is especially mandatory if your external clients aren't domain clients. The second thing is to open netbios datagram, netbios name service and netbios session ports (they are on the infrastructure section in the toolbox) between your VPN clients and the DC (it's necessary if you want to join the external clients to the domain). You don't need this second part if you don't want to join your VPN clients to the domain. 