XP SP2 VPN and Home Edition

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

SP2 appears to have broken the ability of my XP Home Edition PC to
VPN to our Windows Server 2003 Enterprise Edition host accross the Internet.
1. It worked prior to installing SP2
2. It does not appear to be a client firewall issue. The same problem occurs
if the firewall is enabled or not. I have no other firewall than the
one provided with XP.
3. My co-workers tell me they can still establish a VPN using their XP home
edition computers.
4. Symptoms sre: I get a "connecting..." popup message, it immediatley
changes to a "verifying username and password" where it times out.
5. The Home Edition PC runs ICS. I have an XP Pro (SP1) that cannot
establish a VPN connection while using the Home Edition as an Internet
Gateway. However, when directly connected to the Internet the Internet,
the XP Pro can establish a VPN connection
6. I am seeing _no_ messages in the Event Viewer that coincide with
VPN attempts on either the clients or the server.
7. RRAS logging is set to "errors and warnings" and nothing appears to be
written in them either.
8. The symtoms I am seeing are similar to ones I had earlier with Home
Edition that was fixed by changing the RRAS server -> IP properties to
"enable broadcast name resolution" and Use Local Area Connection to obtain
DHCP, DNS, and WINS addresses for dial-up connections.

Any help will be appreciated.

Thanks,
--
Matt Hickman
..there is nothing that makes a man feel so helpless as taking his pants
away from him.
Robert A. Heinlein (1907 - 1988)
"If This Goes On--" ASF c.1940
8 answers Last reply
More about home edition
  1. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    Are you doing a PPTP or a L2TP VPN connection?

    Jeffrey Randow (Windows Networking & Smart Display MVP)
    jeffreyr-support@remotenetworktechnology.com

    Please post all responses to the newsgroups for the benefit
    of all USENET users. Messages sent via email may or may not
    be answered depending on time availability....

    Remote Networking Technology Support Site -
    http://www.remotenetworktechnology.com
    Windows XP Expert Zone - http://www.microsoft.com/windowsxp/expertzone

    On 23 Aug 2004 08:41:11 -0700, hemo_jr@space.com (Matt Hickman) wrote:

    >SP2 appears to have broken the ability of my XP Home Edition PC to
    >VPN to our Windows Server 2003 Enterprise Edition host accross the Internet.
    >1. It worked prior to installing SP2
    >2. It does not appear to be a client firewall issue. The same problem occurs
    >if the firewall is enabled or not. I have no other firewall than the
    >one provided with XP.
    >3. My co-workers tell me they can still establish a VPN using their XP home
    >edition computers.
    >4. Symptoms sre: I get a "connecting..." popup message, it immediatley
    >changes to a "verifying username and password" where it times out.
    >5. The Home Edition PC runs ICS. I have an XP Pro (SP1) that cannot
    >establish a VPN connection while using the Home Edition as an Internet
    >Gateway. However, when directly connected to the Internet the Internet,
    >the XP Pro can establish a VPN connection
    >6. I am seeing _no_ messages in the Event Viewer that coincide with
    >VPN attempts on either the clients or the server.
    >7. RRAS logging is set to "errors and warnings" and nothing appears to be
    >written in them either.
    >8. The symtoms I am seeing are similar to ones I had earlier with Home
    >Edition that was fixed by changing the RRAS server -> IP properties to
    >"enable broadcast name resolution" and Use Local Area Connection to obtain
    >DHCP, DNS, and WINS addresses for dial-up connections.
    >
    >Any help will be appreciated.
    >
    >Thanks,
  2. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    "Jeffrey Randow (MVP)" <jeffreyr-support@remotenetworktechnology.com> wrote in message news:<hv7li0d5il6it78210j5l0iql6vk8vie4d@4ax.com>...
    > Are you doing a PPTP or a L2TP VPN connection?

    PPTP

    --
    Matt Hickman
    ...anyone who can't use a slide rule is a cultural illiterate ...
    Robert A. Heinlein (1907 - 1988)
    _Have Space Suit Will Travel_ c. 1958
  3. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    If it is L2PT, I understand that SP2 introduced a problem with VPN's where
    there is NAT involved.

    Here's one such message concerning it: http://tinyurl.com/6alc7

    However, something I don't understand is that I hear this problem is
    concerned with NAT. I would think our company's setup is like the problem
    described. For example, my computer is behind my NAT linksys router which
    assigns me a IP using DHCP. At my company, the windows 2003 server is
    behind a symantec router. The server has a fixed IP. We only use L2PT.
    However, my computer has SP2 on it, and I connect perfectly! Does mine
    work because I have setup the symantec router to forward the appropriate
    ports to the server? I would think that'd be necessary in any scenario.
  4. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    "Knox" <thornNOSPAM99@hotmail.com> wrote in message news:<enhGiKiiEHA.712@TK2MSFTNGP09.phx.gbl>...
    > If it is L2PT, I understand that SP2 introduced a problem with VPN's where
    > there is NAT involved.

    Unfortunately, I am using PPTP and the registry hack from the link you posted
    has no effect on my problem.

    Thanks

    --
    Matt Hickman
    When it is time to railroad, people start railroading.
    Robert A. Heinlein (1907 - 1988)
    _The Door Into Summer_ 1956
  5. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    NAT-Traversal has been available client-side for a while now,
    fortunately.. :)

    Jeffrey Randow (Windows Networking & Smart Display MVP)
    jeffreyr-support@remotenetworktechnology.com

    Please post all responses to the newsgroups for the benefit
    of all USENET users. Messages sent via email may or may not
    be answered depending on time availability....

    Remote Networking Technology Support Site -
    http://www.remotenetworktechnology.com
    Windows XP Expert Zone - http://www.microsoft.com/windowsxp/expertzone

    On Tue, 24 Aug 2004 17:37:56 -0400, "Knox" <thornNOSPAM99@hotmail.com>
    wrote:

    >If it is L2PT, I understand that SP2 introduced a problem with VPN's where
    >there is NAT involved.
    >
    >Here's one such message concerning it: http://tinyurl.com/6alc7
    >
    >However, something I don't understand is that I hear this problem is
    >concerned with NAT. I would think our company's setup is like the problem
    >described. For example, my computer is behind my NAT linksys router which
    >assigns me a IP using DHCP. At my company, the windows 2003 server is
    >behind a symantec router. The server has a fixed IP. We only use L2PT.
    >However, my computer has SP2 on it, and I connect perfectly! Does mine
    >work because I have setup the symantec router to forward the appropriate
    >ports to the server? I would think that'd be necessary in any scenario.
    >
  6. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    The hang at this point typically involves errors in PPTP Passthrough
    (GRE)... You haven't happened to install a new router on your home
    system, have you?

    Also, try setting up a L2TP tunnel.. It is fairly easy to configure -
    (on the server side, setup a preshard key in RRAS and then configure
    the same preshared key on your client system). L2TP VPNs need TCP/UDP
    1701, UDP 4500, UDP 500 forwarded...

    Jeffrey Randow (Windows Networking & Smart Display MVP)
    jeffreyr-support@remotenetworktechnology.com

    Please post all responses to the newsgroups for the benefit
    of all USENET users. Messages sent via email may or may not
    be answered depending on time availability....

    Remote Networking Technology Support Site -
    http://www.remotenetworktechnology.com
    Windows XP Expert Zone - http://www.microsoft.com/windowsxp/expertzone

    On 23 Aug 2004 08:41:11 -0700, hemo_jr@space.com (Matt Hickman) wrote:

    >SP2 appears to have broken the ability of my XP Home Edition PC to
    >VPN to our Windows Server 2003 Enterprise Edition host accross the Internet.
    >1. It worked prior to installing SP2
    >2. It does not appear to be a client firewall issue. The same problem occurs
    >if the firewall is enabled or not. I have no other firewall than the
    >one provided with XP.
    >3. My co-workers tell me they can still establish a VPN using their XP home
    >edition computers.
    >4. Symptoms sre: I get a "connecting..." popup message, it immediatley
    >changes to a "verifying username and password" where it times out.
    >5. The Home Edition PC runs ICS. I have an XP Pro (SP1) that cannot
    >establish a VPN connection while using the Home Edition as an Internet
    >Gateway. However, when directly connected to the Internet the Internet,
    >the XP Pro can establish a VPN connection
    >6. I am seeing _no_ messages in the Event Viewer that coincide with
    >VPN attempts on either the clients or the server.
    >7. RRAS logging is set to "errors and warnings" and nothing appears to be
    >written in them either.
    >8. The symtoms I am seeing are similar to ones I had earlier with Home
    >Edition that was fixed by changing the RRAS server -> IP properties to
    >"enable broadcast name resolution" and Use Local Area Connection to obtain
    >DHCP, DNS, and WINS addresses for dial-up connections.
    >
    >Any help will be appreciated.
    >
    >Thanks,
  7. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    "Jeffrey Randow (MVP)" <jeffreyr-support@remotenetworktechnology.com> wrote in message news:<j1tni0tga3oea8la75jop2220geb7flr4m@4ax.com>...
    > The hang at this point typically involves errors in PPTP Passthrough
    > (GRE)... You haven't happened to install a new router on your home
    > system, have you?

    Nope, I use dial-up and my XP Home computer is the one doing the dialing.
    It also run ICS, but I don't think that should have any effect on the
    dial-up interface.

    > Also, try setting up a L2TP tunnel.. It is fairly easy to configure -
    > (on the server side, setup a preshard key in RRAS and then configure
    > the same preshared key on your client system). L2TP VPNs need TCP/UDP
    > 1701, UDP 4500, UDP 500 forwarded...

    Something is wrong. I was under the imopression that RRAS set up
    a L2TP security policy when it stated up. But when I try to connect
    from either the XP pro on Home machines, I get an error 791 ... security
    policy for connection not found. If I turn on a policy at the RRAS server,
    "Server (request security)" or a custom policy using the preshared key, I
    get an error 788 .. security layer could not negotiate compatible
    parameters with the remote computer. "More info" tells me that my current
    configuration of L2TP parameters is not compatible with the microsoft
    implementation of L2TP.

    My client's IP address does show up in the IP security monitor's
    security associations for the rras server under Quick Mode, so something
    is getting through. Also, if the keys do not match, I get 792 security
    negotiation timeout error

    The router at the server site is set up to forward udp/tcp 1701; udp 500;
    udp 4500; and tcp 50 to the Windows 2003 RRAS server. It does not have
    the ability to filter on protocol. I also set up, in rras, the
    preshared key by checking the "allow custom IPSec policy for L2TP
    connection" under the security tab of the RRAS server properties.

    I obviously have something configured incorrectly -- probably on the
    rras server. Thanks for your help up to this point, and any further
    help is appreciated.


    --
    Matt Hickman
    We can't expect each man to be his own Tom Paine.
    Robert A. Heinlein (1907 - 1988)
    "If This Goes On--" ASF c.1940
  8. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    "Jeffrey Randow (MVP)" <jeffreyr-support@remotenetworktechnology.com> wrote in message news:<j1tni0tga3oea8la75jop2220geb7flr4m@4ax.com>...
    > The hang at this point typically involves errors in PPTP Passthrough
    > (GRE)... You haven't happened to install a new router on your home
    > system, have you?

    Update:
    Thanks for your help, everyone. The problem is resolved. It may have
    been an ISP/connection problem. Or a modem / driver issue. I got hooked
    up with cable today and now PPTP VPN works like a champ.

    --
    Matt Hickman
    People do not appreciate how precarious our ecology is. Even so, it
    shocks _me_. I know water runs down hill...but didn't dream how
    terribly soon it will reach bottom.
    Robert A. Heinlein (1907 - 1988)
    _The Moon Is a Harsh Mistress_ c 1966
Ask a new question

Read More

VPN Windows XP