Announcement

Collapse
No announcement yet.

VPN Connection failed with error 800

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • VPN Connection failed with error 800

    I have a Windows 2003 server DC and several other workgroup computers on the same local physical network connected to a router and then to an ISP with a dynamic address. I am trying to connect to the server via VPN and RDP. For testing I am connecting from within the same physical network using a free domain name for dynamic ISP IP address. I get the above error. I try the ISP IP address at the time and I get the same error.

    Do I need to forward some port in the router in order to get to the server? If I do, what port number I need to forward and what else I need to change on the server? At present I have the specific RDP port forwarded to the server.

    The client computer does not belong to the domain while the user name trying to connect does.
    Last edited by healer; 16th November 2011, 07:27.

  • #2
    Re: VPN Connection failed with error 800

    VPN ports are 1702 (L2TP) and 1723(PPTP), plus 443 for a newer VPN over SSL protocol
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: VPN Connection failed with error 800

      I bet you meant that VPN port for L2TP is 1701...

      Forward the required ports to the server that is running IAS/RADIUS and which authenticates you. If you use RADIUS accounting etc then you also need to forward those ports to the relevant server:

      RADIUS Authentication 1812
      RADIUS Accounting 1813
      PPTP 1723
      L2TP 1701

      You might also need to enable 'VPN Passthrough' which allows traffic from GRE 47 (TCP and UDP) through. Some routers will automatically do this if you create an open port for TCP 1723 and direct it to the relevant server.

      Make sure that RADIUS is correctly configured on your router as well as your server.
      A recent poll suggests that 6 out of 7 dwarfs are not happy

      Comment


      • #4
        Re: VPN Connection failed with error 800


        Can I claim it was a typo
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Re: VPN Connection failed with error 800

          Thanks guys! I have to re-install the Routing and Remote Access Server and try again. I shall let you know how I go.

          Comment


          • #6
            Re: VPN Connection failed with error 800

            Thanks to both of you.

            I have re-installed the Routing and Remote Access server.

            Having forwarded port 1723 and 1701 to the appropriate computer after the router, I tried again but I still got the same error. What could be wrong? I am new to it. Please step me through it.

            I believe I use Windows Authentication and PPTP. I have tried both Internet domain name and internal server name. I use the internal server name as they are all on one local network. Doing so I suppose it could eliminate any possible problem with the router. The router did not have the function which allows me to enable VPN Passthrough GRE 47.

            When trouble-shooting using Windows Network Diagnostics, it found no problem while connecting using the internal server name. Using the Internet domain name the diagnostics said the server did not respond.

            I forwarded the port 443 for VPN SSL as well and tried both again. However the error was the same.

            Comment


            • #7
              Re: VPN Connection failed with error 800

              I take it you have IAS installed.

              Have you made sure that you have correctly set up the shared secret between the server and your router? Unless you have this set up on the router and the destination server, the server will not accept any traffic from the router because it will not trust it.

              Are you using any software on the router? I ask because we use a Draytek 2820 and the VPN software on that proved to be flakey. It rarely worked, and when it did the connection procedure took up to 30 seconds to complete. When I turned it all off, and just used NAT to forward the ports to the server, connections were completed within a second or two.

              I normally use the IP address of the router when setting up the connection and specify the (AD) domain too.

              The best thing would be for you tell us exactly how you have set this up and we can move on from there.

              In the meantime, check this out and see if it helps:

              http://www.tech-faq.com/implementing-ias.html

              [Edit]
              You should also try disabling security software on the client just in case the traffic is being blocked.
              Last edited by Blood; 19th November 2011, 10:09.
              A recent poll suggests that 6 out of 7 dwarfs are not happy

              Comment


              • #8
                Re: VPN Connection failed with error 800

                This is not a production system. I set it up for the purpose of academic exercise. So no IAS is installed. I try to go through every possible scenario at the minimum cost. So it doesn't hurt if I have to wipe everything out and do all over again.

                The router is just a NETGEAR Wireless Cable Voice Gateway EMTA CVG824Gv3. There is no special software but its basic firmware that comes with the router. Certainly the firmware might have been updated. Could you please tell me more about the shared secret between the server and the router?

                I have tried both the IP address and the domain name. Of course either the IP address or the domain name only refers to the ISP router above. At the private side of the router is a local network where there is one workgroup with several PCs and the server which is set as a domain DC. That was why I asked about the port numbers for forwarding.

                I remember the domain name was optional on the interface. I am trying to connect using Window 7.

                I have turned off the Windows Firewall on the clent Windows 7 system and tried again. The same error showed up.

                There is no ISA/TMG on the server though there is the basic firewall that comes with the RRAS server. I suppose such firewall would not by default stop the VPN from working. If not, I do not know how and where to change it. Could you please help?
                Last edited by healer; 20th November 2011, 03:34.

                Comment


                • #9
                  Re: VPN Connection failed with error 800

                  You have to have IAS installed otherwise your remote connections will not be authenticated. It comes with W2k3 - it does not cost anything. Read the article I linked to. It explains how to set up IAS and explains how the shared secret is set up and how it is used.

                  I just had a quick search for information on your router and while I could find reference manuals etc, I could not see anything about setting up a shared secret for RADIUS communication. Check your manual for reference to 'shared secret'. If it does not exist then you may need to get a router with that capability.

                  Are you trying to connect from outside your network? It is not clear from your explanation exactly how you are trying to connect, nor what steps you have taken to set this up on the DC.
                  A recent poll suggests that 6 out of 7 dwarfs are not happy

                  Comment


                  • #10
                    Re: VPN Connection failed with error 800

                    I beleive you stated in the first post, that you're trying to connect to the VPN service, on your internal server.
                    You are trying to connect to this, using your external hostname, from another computer on the internal network, and it is failing.

                    I suspect, in this situation, that your router isn't correctly handling the traffic.

                    What you need to do, to determine where the issue lies, is try and connect directly to the vpn server from inside the network, using it's internal IP address.
                    Once that works, then you know the VPN server itself, is not the issue.

                    Then, you can connect from outside the network, and try the same thing.
                    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

                    Comment


                    • #11
                      Re: VPN Connection failed with error 800

                      Originally posted by Blood View Post
                      You have to have IAS installed otherwise your remote connections will not be authenticated. It comes with W2k3 - it does not cost anything. Read the article I linked to. It explains how to set up IAS and explains how the shared secret is set up and how it is used.
                      Sorry, I mistook IAS for Internet Security and Acceleration Server. I have installed the Internet Authentication Service since.

                      Before I proceed with trying to configure the IAS, could you please confirm me that using the Windows Authentication, I presume it means using AD users, I still need to set up the IAS? Having a glance, it seems to me IAS is more for RADIUS.

                      RADIUS, Remote Authentication Dial-In User Service, is it also for not dialling in via telephone but access via Internet?

                      I didn't do much apart from installing the Remote Access/VPN Server (Routing and Remote Access). I had a look and it seemed everything was in place. Certainly, I had also installed AD, DHCP, DNS and all the necessary server roles prior.

                      I he been avtrying to connect to the server using VPN both within the network and outside the network from the Internet. I have presumed if anything is not right with the router but the server setup is correct I should still be able to connect from inside.

                      Though I am not prepared to buy another router at this stage, please tell me what specifically the type of router I should be looking at? If router is really the show stopper I would be happy if I can connect from inside at this stage. I would just try to maxmize my VPN experience as far as possible with all my available resources.

                      I appreciate your help.

                      Comment


                      • #12
                        Re: VPN Connection failed with error 800

                        Originally posted by tehcamel View Post
                        I beleive you stated in the first post, that you're trying to connect to the VPN service, on your internal server.
                        Yes, that's what I meant.

                        Anyway I have tried both ways. I am expecting to be able to connect from inside, that is, from the same network where the server is. It should work if my server setup is correct as far as VPN goes. This is the first step or the first stage I hope to achieve.

                        Comment


                        • #13
                          Re: VPN Connection failed with error 800

                          Well, first of all, error 800 is a connection failure, so that must be fixed first.

                          Did you disable all security software on the connecting client and the server to make sure that the software is not blocking or otherwise interfering with the VPN traffic? Try uninstalling the security software from one client and then try and connect. That way we can be absolutely sure it is a configuration issue.

                          Go through your router's configuration pages and make sure that everything is set up as it should be - ensure the relevant ports are allowed and are forwarded, and that there are no special firewall rules that may be blocking the VPN traffic.

                          IAS will authenticate users against AD's database. So, you use your AD username/password when connecting via VPN.

                          When I had VPN set up on my W2k3 server I used IAS to authenticate and setup a shared secret in IAS and set up the same shared secret on the router using the router's 'RADIUS' page. The shared secret is used to encrypt VPN traffic and thus both devices must use the same 'secret' (string) otherwise the encryption cannot take place and be successful.

                          When connecting either from within or externally to the network via VPN, I set up a new network connection, Connect to my Office/Workplace, and specified the public IP address of the router as the address to connect to. When using this connection staff also have to enter their Windows (Active Directory) username and password, and they also have to specify the name of the Active Directory domain.
                          A recent poll suggests that 6 out of 7 dwarfs are not happy

                          Comment


                          • #14
                            Re: VPN Connection failed with error 800

                            The Windows 7 pro x32 has been the client I tried to connect to the server. I have once turned off the Windows Firewall and tried it without any success. I did not think the anti-virus software which was Microsoft Security Essentials would hold up the VPN. Perhaps you could tell me. There is no other security software I can think of.

                            Is there anyway I can insert image on my post so that I can show you the Firewall Rules setup. There is only Port Forwarding and Port Blocking. The Port Blocking is not set up at all.

                            I don't mind you look at my router setup. This router is supposed to allow remote management but I don't seem to be able to access using the public IP address with the appropriate port number. Perhaps the ISP has turned it off.

                            According to what you just said, there does not seem to be any way I can connect to the server using VPN without the appropriate router. Is my understanding correct?

                            Comment


                            • #15
                              Re: VPN Connection failed with error 800

                              Check this article for firewall settings:

                              http://www.windowsecurity.com/articl...-Networks.html

                              Regarding remote management of your router you should be able to specify a unique port (e.g. 123.123.123.123:8080) in your router configuration and it should work. I would not allow anyone except someone you trust or a professional company you have paid to check your router settings - go through your manual as everything you need to know should be documented.

                              Have you spoken to your ISP about this?

                              Regarding the type of router you can use my experience is limited to two Draytek routers and they both had the ability to setup a shared secret under a RADIUS page. I don't know if you can dispense with it. I assume you can't as the secret is usd to encrypt the traffic and decrypt the traffic. Without it there would be no encryption.

                              Check this for VPN setup on W2k3 just to make sure it is configured correctly:
                              http://technet.microsoft.com/en-us/l...06(WS.10).aspx

                              You can skip to IAS1.

                              You don't need to setup special groups at this stage (I never did when I used W2k3 RADIUS), but you might want to consider it at a later time once you have this sorted out. There is also a section on Windows firewall settings. Read the entire article anyway so that you understand how it works.
                              A recent poll suggests that 6 out of 7 dwarfs are not happy

                              Comment

                              Working...
                              X