JSI Tip 3942. Earlier-version PPTP clients can NOT connect to a Windows 2000 Server?

W9x and Windows NT 4.0 VPN clients may be unable to establish a PPTP connection to a Windows 2000 or Windows NT 4.0 VPN server. Windows 2000 VPN clients can establish the PPTP or L2TP connection. The clients may display the following error message:

Error 629 : The port was disconnected by the remote machine.

These older clients send their PPTP connection requests to the server's IP address. If the server responds with a different address, which can happen if it is multi-homed with a default gateway on another interface, or has multiple IP addresses on a single NIC, the client assumes it is a protocol violation and terminates the connection.

To workaround this issue, configure the earlier clients to establish the connection to the first IP address that is bound to the server's network interface, and that the default gateway on the server is configured on the interface that receives the connection attempt.

NOTE: Windows 2000 clients can also have a problem if the client has ICS or NAT enabled.

NOTE: Windows NT Load Balancing Service (WLBS) or Network Load Balancing cluster servers also have this problem if the interface that receives the connection has the dedicated IP address bound first, instead of the IP address that the client is attempting to connect to. In this case, the dedicated IP address needs to be removed. Since a VPN server requires two network adapters, you can still administer a WLBS or Network Load Balancing cluster server by using the IP address that is assigned to the non-cluster network adapter.


Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish