none
Error 718: did not respond in a timely manner

    Question

  • Hi

    We have had a VPN solution in place for many years. We have a Windows Server 2012 Standard edition member server on our domain with NPS/RRAS setup on it. Routing and remote access has always worked fine. There is just one NPS policy which is setup to allow connections and authentication is determined on whether the connecting user account is a member of a 'VPN' security group. Our office router, a Draytek 2830 acts as the gateway and is configured to forward the relevant VPN port traffic to the NPS server. The Draytek uses port forwarding for a variety of things (IMAP, SMPT etc), and these continue to work fine.

    Late on Friday, one of our remote staff rang up and said she could not connect via VPN from her Windows 7 Professional laptop. When she tried to connect she said that error 718 was displayed stating the remote computer did not respond in a timely manner. Today, I have tried connecting from home and I am seeing the same error on my Windows 8.1 Pro desktop.

    I made some configuration changes to the Draytek router in our office last week and had configured it to accept a LAN to LAN VPN connection from a remote Draytek router. This is configured between the routers themselves - additional configuration of our Windows server is not required.

    Please note that the LAN to LAN VPN connection has not yet been tested as the remote Draytek router is not in place. Configuration of our office router (the receiving router) is straight forward - you configure a 'profile' (which you select from a numbered list), to accept incoming VPN connections, and the profile can be 'on' or 'off'. Today, after I received the 718 error I turned this profile off and rebooted the router but am still seeing the same error. Also, please be aware that I had configured this router to accept incoming VPN connections from a remote Draytek in the middle of the week and that remote staff were still able to create 'traditional VPN' connections without any problems.

    I have a backup of the configuration of our office Draytek before I made the changes but cannot apply it until I return to work tomorrow. However, I am not convinced this is the cause of the problem so if anyone has any experience with error 718 while trying to establish a VPN connection I would be extremely grateful if you could share any tips I might use to troubleshoot it.

    Many thanks.


    • Edited by Mark-Blood Sunday, November 23, 2014 11:41 AM
    Sunday, November 23, 2014 11:39 AM

Answers

  • Hi, Tina

    Thanks for your response. The problem was due to me not fully understanding the implications of the router configuration. Under the VPN and Remote Access settings for Remote Access Control you choose which protocols are going to be used for the LAN to LAN connection. I had blindly followed the guide which used PPTP.

    What I had not realised was that the guide issued by Draytek assumed there were no other incoming VPN connections.

    Because the router already used NAT to redirect port traffic, selecting PPTP for LAN to LAN disabled the NAT settings for PPTP and staff using 'on-demand' VPN connections were unable to connect because the PPTP was being treated as a LAN to LAN connection. Authentication for the connection was failing because the router did not recognise the users' Windows domain account. Also, the there is a small explanatory note stating this will happen on that setting but I had not read it properly.

    Once I changed the LAN to LAN protocol to L2TP and unchecked the PPTP option staff were again able to use 'on-demand' VPN connections.

    Tuesday, November 25, 2014 5:23 PM

All replies

  • Further to the above:

    I have checked the logs on the RRAS/NPS server and there is nothing relating to remote clients' connectivity. I restored the router's configuration to the state it was in before the changes were made and the person who was having the issues has said she connected this morning without any problems. She added that when she was having the problem she found connectivity intermittent, with failures typified by the 718 error.

    I will raise this with Draytek and see if there is anything else that I need to do.

    Monday, November 24, 2014 9:33 AM
  • Hi,

    Based on your description, users received error 718 when they connect to LAN via VPN. And you made some changes in the Draytek router, not in the Windows server. Also there is not any related logs in the RRAS/NPS server.

    Error 718 occurs when a PPP connection was initiated but could not be completed because the remote computer did not respond in a timely manner or it did not give a valid response.

    One possible reason is that the VPN server didn’t receive the connection request after changing the configuration of the router. If you want to verify this issue, when the VPN client initialize a remote access VPN connection after deploying site-to-site VPN, you could try to capture packets in the VPN server.

    If you have any updates with this issue, please don’t hesitate to let us know.

    Best Regards,

    Tina

    Tuesday, November 25, 2014 2:39 PM
    Moderator
  • Hi, Tina

    Thanks for your response. The problem was due to me not fully understanding the implications of the router configuration. Under the VPN and Remote Access settings for Remote Access Control you choose which protocols are going to be used for the LAN to LAN connection. I had blindly followed the guide which used PPTP.

    What I had not realised was that the guide issued by Draytek assumed there were no other incoming VPN connections.

    Because the router already used NAT to redirect port traffic, selecting PPTP for LAN to LAN disabled the NAT settings for PPTP and staff using 'on-demand' VPN connections were unable to connect because the PPTP was being treated as a LAN to LAN connection. Authentication for the connection was failing because the router did not recognise the users' Windows domain account. Also, the there is a small explanatory note stating this will happen on that setting but I had not read it properly.

    Once I changed the LAN to LAN protocol to L2TP and unchecked the PPTP option staff were again able to use 'on-demand' VPN connections.

    Tuesday, November 25, 2014 5:23 PM
  • Hi,

    I’m glad to hear that you found the reason and solved the problem. Thanks for sharing your solution.

    Best Regards,

    Tina

    Thursday, November 27, 2014 1:45 AM
    Moderator