Where's My VPN?
-
@garak0410 said:
Made the changes in the firewall tunneling and configured ROUTING AND REMOTE ACCESS on the services server (though had to use CUSTOM since this is a VM and only had one NIC.) Using Windows Authentication, MS-CHAP v2 only...tried a test VPN connection and it fails with ERROR 812...complaining about a policy on the RAS/VPN server and the authentication method used by the server to verify username and password.. Can't seem to find the solution yet but love OTJ training...
Still searching...Still trying to solve this problem. Do I need to set up NPS to configure NAP? As I've referred to Ad nauseam, the old server didn't have anything special set up.
-
More in depth details on the connection problem:
Error 812: THE CONNECTION WAS PREVENTED BECAUSE OF A POLICY CONFIGURED ON YOUR RAS/VPN SERVER. SPECIFICALLY, THE AUTHENTICATION METHOD USED BY THE SERVER TO VERIFY YOUR USERNAME AND PASSWORD MAY NOT MATCH THE AUTHENICATION METOHD CONFIGURED IN YOUR CONNECTION PROFILE.
In the properties under ROUTING AND REMOTE ACCESS for my server, under security tab, I have EAP and MS-CHAP V2 selected. on the client, it's security tab is set to Automatic VPN and Allow these protocols with MS-CHAP V2 selected.
-
@garak0410 I have never used Windows RAS before so cannot help ya there. Are you sure there was no 3rd party application running as a service on the old server?
-
@JaredBusch said:
@garak0410 I have never used Windows RAS before so cannot help ya there. Are you sure there was no 3rd party application running as a service on the old server?
Agreed and checked...nothing...after all the suggestions above, I only found the tunneling information in the firewall that pointed to this server.
-
Going to remove and reinstall the Remote Access role. Just waiting for people to get out of here...come on people...it is well after 5 on a Friday!
-
@garak0410 said:
Going to remove and reinstall the Remote Access role. Just waiting for people to get out of here...come on people...it is well after 5 on a Friday!
Can't work remotely?
-
@scottalanmiller said:
@garak0410 said:
Going to remove and reinstall the Remote Access role. Just waiting for people to get out of here...come on people...it is well after 5 on a Friday!
Can't work remotely?
Well, Scott...I fixed that issue we discussed with the IP address of the old server needed for pre-migration created projects...adding it as a secondary IP to the new file server works like a charm. Now if I can get this dang VPN working, I can officially shut down that old, blasted server.
-
Have you used telnet to verify that the server is responding on that port as expected?
-
Yes it responds...now, one thing I didn't know about is that there is a DIAL-IN tab for the users...it is not in the remote admin tools but I have to do it directly from the DC...I go into a remote user, go to the Dial-In tab and allow permission...bam...got in but then couldn't name resolve anything while on VPN and my network connection on my client went to limited...
So firing up the old server for now to just retain VPN and figure it out next week...
-
This problem bugged me so came into the office. I've made a successful VPN connection (woo) but cannot connect to desktop via Remote Desktop. The subnet mask should be 255.255.255.0 in my static address pool for VPN and it shows that subnet. When I VPN with a client, it shows 255.255.255.255 but with a good IP, good DNS server and no default gateway. Any way to fix that? If I can get that fixed, my work here is done and the old server is gone for good.
-
It helps to think "out loud" on here. OK. Problem solved. I resolved the problem by setting the static IP range at the higher end of my pool. Signed into VPN with no problem and remote desktop with NO problem.
Can you believe it? This server is going DOWN today. Wooo. Putting its old IP as a secondary IP on the new file server so those VBA projects will continue to work, doing the final demotion and we are done. Thanks for all your help!
-
@garak0410 said:
It helps to think "out loud" on here. OK. Problem solved. I resolved the problem by setting the static IP range at the higher end of my pool. Signed into VPN with no problem and remote desktop with NO problem.
Can you believe it? This server is going DOWN today. Wooo. Putting its old IP as a secondary IP on the new file server so those VBA projects will continue to work, doing the final demotion and we are done. Thanks for all your help!
Except after the demotion, VPN has gone back to not allowing me to ping IP addresses or remote desktop. Any clue?
-
i don't know why are you using Microsoft product for managing your VPN connection, me personally i have a site to site VPN connection using 2 pfSense boxes in each office, and everything work fine without issues, no need for authentication since the 2 offices connected 24/24, and even with dynamic ip, using dynDNS record
can't you change your current setup ???
-
@IT-ADMIN said:
i don't know why are you using Microsoft product for managing your VPN connection, me personally i have a site to site VPN connection using 2 pfSense boxes in each office, and everything work fine without issues, no need for authentication since the 2 offices connected 24/24, and even with dynamic ip, using dynDNS record
can't you change your current setup ???
Site-to-site VPNs don't help mobile users.
Outside of DirectAccess, I haven't used RRAS since Windows 2000. If needed, I could build out a test box in my lab.
-
Still having some quirks but this more or less worked over the weekend. Just had to use the FQDN when using remote desktop when on a VPN connection. Didn't have to before.
-
@garak0410 so it is working now?
-
@scottalanmiller said:
@garak0410 so it is working now?
Yes...still have to use the FQDN when using remote desktop VIA VPN but it is working.
-
@garak0410 said:
@scottalanmiller said:
@garak0410 so it is working now?
Yes...still have to use the FQDN when using remote desktop VIA VPN but it is working.
Sounds like your DNS suffix search order's screwy or not defined.
