locked
Cannot establish VPN RRS feed

  • Question

  • Strange problem - customer's XP Pro (SP3) laptop cannot establish a VPN connection (to his office's SBS2008 server). It connects, then times out on verifying U/N and P/W (Error 721). I have tried creating a VPN to another router - it does the same. I have disabled all A/V (Eset) and created an exception in the Windows Firewall - nothing! I also crested an exception in his [home] router - still nothing.

    Odd thing is, it was working perfectly one day, then failed the next! There are other users with identical laptops (and VPN setups) that do not have any problems.

    Does anybody have any ideas?


    Dominic
    Monday, March 14, 2011 3:44 PM

Answers

  • Well - fixed it!

    Alas, the pptpclnt.exe tool reported that all was fine, which gave me more head scratching. However, I nmanaged to find this article - http://support.microsoft.com/kb/892199/en-us - which talks about an error in the security descriptor for the Firewall.

    I ran this command to restore the default security descriptor and Hey Presto! Hope the fix helps someone else.

    SC sdset SharedAccess D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)

    Dominic
    • Marked as answer by domquark Wednesday, March 16, 2011 2:54 PM
    Wednesday, March 16, 2011 2:53 PM

All replies

  • Have you read here:

    You receive an "Error 721" error message when you try to establish a VPN connection through your Windows Server-based remote access server

    Make sure that the router is also configured to allow the same protocol and port.

    John

     

    Monday, March 14, 2011 11:46 PM
  • Thanks John, but alas that article does not apply to an XP/SBS2008 combination. Moreover the VPN was working without the GRE port open and the Event ID 20073 is not being logged on either the Laptop or the Server.

    There are other laptops (with an identical set up - same model, OS etc.) which work perfectly - that's why it's got me stumped! 


    Dominic
    Tuesday, March 15, 2011 9:50 AM
  • Disable the firewall and try again.  Make sure that there are no third party firewalls running.

    John

    Tuesday, March 15, 2011 10:41 AM
  • You can also use the pptpclnt.exe tool from the Windows XP Service Pack 2 Support Tools and test the client connectivity.

    John

    Tuesday, March 15, 2011 10:53 AM
  • I have tried disabling all Firewalls (including the Router firewall at client location, so all ports open) and A/V - no difference.
    Dominic
    Tuesday, March 15, 2011 10:53 AM
  • Thanks John, I will try this and keep you posted.
    Dominic
    Tuesday, March 15, 2011 11:11 AM
  • Well - fixed it!

    Alas, the pptpclnt.exe tool reported that all was fine, which gave me more head scratching. However, I nmanaged to find this article - http://support.microsoft.com/kb/892199/en-us - which talks about an error in the security descriptor for the Firewall.

    I ran this command to restore the default security descriptor and Hey Presto! Hope the fix helps someone else.

    SC sdset SharedAccess D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)

    Dominic
    • Marked as answer by domquark Wednesday, March 16, 2011 2:54 PM
    Wednesday, March 16, 2011 2:53 PM
  • Well done!  Thanks for letting us know how you got it fixed.

    John

    Wednesday, March 16, 2011 4:35 PM