none
Windows 7 VPN problems

    Question

  • I have a windows 2003 R2 server running a PPTP VPN that supports MS CHAP V2.  All non-windows 7 clients connect successfully and are able to access both domain local resources such as file server and public websites e.g bbc.co.uk

    Windows 7 machines connect successfully to the VPN. They are assigned a Ip within the range of 169.254.x.x. 

    I can access local resources e.g file servers. only via Start run \\fileservername. If I use the fully qualified domain name e.g \\fileserver.domainname.com this fails. I can preform a nslookup and resolve the hostname to a IP number successfully. Trying to access the server via it's IP also works.  

    I am unable to access public websites such as the bbc website. 
    • If I try and ping  the default gateway IP I get a response. 
    • If I ping local servers via their IPs this works
    • If I ping local servers via their fully qualified hostnames this fails. e.g ping fileserver.domainname.com
    • nslookup works for any hostname
    • If I try to ping say the BBC website this fails. 
    • If I try to ping -4 any host name (force it to use IPv4) this works.

    Looks like their is some sort of issue with DNS and/or IPv6?

    I've disabled IPV6 on the Clients VPN, the client still connects successfully but the problem persists. Any idea how I can resolve this issue?


    Wednesday, March 10, 2010 11:46 AM

Answers

All replies

  • The 169... addresses that you say are assigned, have you assigned them yourself, or are they auto assigned? It strikes me that if these are autoassigned you are not in contact with a dhcp server that gives you the address of a dns server to use. If so you should check if the dhcp relay is set up correctly in routing and remote access.
    Wednesday, March 10, 2010 2:08 PM
  • The 169 numbers are assigned by the VPN server.  So I have set in routing and remote access > Properties > IP, "IP address assignment, the server can assign IP address by using DHCP". So the VPN is setup to give out private IPs and does NAT.

    All the computers that connect to the VPN get a IP in this range, the non-windows 7 computers e.g XP don't seem to have the same connectivity problem. The one difference in the IP settings between the clients is that the Default gate way on windows 7 computers is set to 0.0.0.0. As far as I can tell from google this is the correct default behaviour for windows 7 clients connecting to a VPN. 
    Wednesday, March 10, 2010 2:24 PM
  • Regarding this, please try the following method on the Windows 7 client:

     

    You may be unable to access the network when name resolution is performed through a VPN connection on a Windows XP-based or on a Windows Server 2003-based client computer

     

    Hope this helps. Thanks.


    Nicholas Li - MSFT
    Friday, March 12, 2010 3:28 AM
    Moderator
  • I don't know if it's relevant to your case, but 169 addresses should not be assigned using dhcp as they are reserved for automatic addressing. Any standard computer with a nic, but with no connection to a dhcp server, will get an address in the 169 range.
    Addresses that are reserved for private use are:
    10.0.0.0 - 10.255.255.255
    172.16.0.0 - 172.31.255.255
    192.168.0.0 - 192.168.255.255


    Maybe Windows 7 sees a 169 address and assumes there is no dhcp available? Just a guess... When you use netbios name instead of fqdn the request is broadcasted on the network, which means you don't rely on a dns server.
    Saturday, March 13, 2010 11:26 PM
  •   Not really. The 169.254.x.x/16 addresses are APIPA addresses. http://www.petri.co.il/whats_apipa.htm They are assigned by the OS itself if the machine is set to get its network config from DHCP but no DHCP server can be found. This system allows a simple network to function without a DHCP server. APIPA addresses are not routable (as no default gateway is configured).

      To get back to the original problem. If a RRAS VPN server cannot get any addresses from DHCP to use as its address pool, configure a static address pool in RRAS. 

    Bill
    Sunday, March 14, 2010 1:17 AM
  • For Windows 7 and Vista

    Install the VPN client in administrator account. Then on desktop icon of vpn client right click->properties-> Competiblity-> Windows XP SP3 and Run as administrative privileges. Yo will find successful logon to VPN

    • Proposed as answer by Ashif Tadvi Tuesday, June 07, 2011 10:08 AM
    Tuesday, June 07, 2011 10:07 AM