VPN Stopped working

[LonnieSmith]

I had a working PPTP VPN hosted on a Windows Server 2012 R2 Domain Controller, which is also running DHCP and DNS.

Last night I enabled PAP Security protocol as well as IKEv2, in an attempt to make it more Win10 friendly. This immediately broke the VPN.

Now when users connect they are able to connect to the VPN they receive an IP from the server but cannot ping or unc to hostname OR IP anything in the network.

This morning, I naturally rolled back those two settings in an attempt to get things running again, but still no go.

I have changed from DHCP to static pool for IP, and confirmed it does hand out IPs properly, but no change in access.

I am getting desperate here, as my remote users are about ready to string me up. Any thoughts?

 

[gbb0330]

I had a working PPTP VPN hosted on a Windows Server 2012 R2 Domain Controller, which is also running DHCP and DNS.

Last night I enabled PAP Security protocol as well as IKEv2, in an attempt to make it more Win10 friendly. This immediately broke the VPN.

Now when users connect they are able to connect to the VPN they receive an IP from the server but cannot ping or unc to hostname OR IP anything in the network.

This morning, I naturally rolled back those two settings in an attempt to get things running again, but still no go.

I have changed from DHCP to static pool for IP, and confirmed it does hand out IPs properly, but no change in access.

I am getting desperate here, as my remote users are about ready to string me up. Any thoughts?

on the windows server disable routing and remote access, then enable it again. when you enable it it will go through the setup wizard again, go through all the steps, hopefully this will resolve your problem.

 

[LonnieSmith]

I did that as well, and chose all of the defaults as I remember doing it originally. No luck, goes right back to where it was before.

 

[LonnieSmith]

Also point of interest, checked and RAS And VPN are set to be allowed through windows firewall on the server. I don't think the software or hardware firewalls can be at fault as no changes have been made to them and it was working before I changed the security protocols in RRAS settings.

 

[gbb0330]

Also point of interest, checked and RAS And VPN are set to be allowed through windows firewall on the server. I don't think the software or hardware firewalls can be at fault as no changes have been made to them and it was working before I changed the security protocols in RRAS settings.

you can temporarily disable the windows firewall on the server to test.

another way to test access is to telnet from outside on port 1723

like this
telnet public ip 1723
if you are able to connect you can rule out issues with firewall and port forwarding.
check the event logs for errors, usually when there is a VPN issue you will find something in the logs.

 

[LonnieSmith]

Telnet was successful.

I checked the logs from when I made the change:

Warning: RoutingDomainID- {: No IP address is available to hand out to the dial-in client.

Error: RoutingDomainID- {00000000-0000-0000-0000-000000000000}: CoId={E3E3FB2F-A2E5-4DF3-969E-5F403B9F6C4B}: The user MICRONET\lsmith connected to port VPN3-127 has been disconnected because no network protocols were successfully negotiated.

Error: The server could not bind to the transport \Device\NetBT_Tcpip_{6E06F030-7526-11D2-BAF4-00600815A4BD} because another computer on the network has the same name. The server could not start.

None of those lead me any where 🙁

 

[gbb0330]

Telnet was successful.

I checked the logs from when I made the change:

Warning: RoutingDomainID- {: No IP address is available to hand out to the dial-in client.

Error: RoutingDomainID- {00000000-0000-0000-0000-000000000000}: CoId={E3E3FB2F-A2E5-4DF3-969E-5F403B9F6C4B}: The user MICRONET\lsmith connected to port VPN3-127 has been disconnected because no network protocols were successfully negotiated.

Error: The server could not bind to the transport \Device\NetBT_Tcpip_{6E06F030-7526-11D2-BAF4-00600815A4BD} because another computer on the network has the same name. The server could not start.

None of those lead me any where 🙁

go to DHCP manager, right click the server, display statistics. make sure you have available IPs.

google the second error message you will find several articles.

third error message points to a issue that occurs sometimes when you have 2 NICs enabled on the server. most likely 1 is configured with a static IP the other one gets an IP address from DHCP. disable the second one if its not being used and run RRAS wizard again.

 

[LonnieSmith]

DHCP shows 50 available now I did increase this by 20 after the issue ensued.

regarding third error: Only one NIC on the server (it is a virtual server hosted on Hyper V), and it is set to use a Static IP.

I will look further into the second error.

 

[LonnieSmith]

going to try ipstack and winsock repair on the vpn server and a reboot after everyone leaves, see where that takes us.

 

[LonnieSmith]

In the end, reboot fixed it. Might have been winsock or ipstack reset, but my bet is that RRAS has jacked up communication with DHCP or some other integral service on the server and wouldn't restore till a reboot took place.

Thanks for your advice gbb0330

 

[gbb0330]

In the end, reboot fixed it. Might have been winsock or ipstack reset, but my bet is that RRAS has jacked up communication with DHCP or some other integral service on the server and wouldn't restore till a reboot took place.

Thanks for your advice gbb0330

you are welcome, glad you got it working again.