none
Error Connecting To VPN On Dedicated Hyper-V Server 2008 R2 VPN Server Using Domain Authentication RRS feed

  • Question

  • I created a dedicated VPN Hyper-V server for remote
    connectivity running Windows Server 2008 R2 and using domain authentication.  The IP address is set in the range of defined
    IP addresses and the subnet mask is in the same range as the domain server
    255.255.255.0.  Once the server was
    running, I enabled the VPN service and the related remote access services as
    prescribed. The VPN client is using PPTP protocols and the VPN server is using
    domain authentication for the login. Once the server was running and the
    service enabled, I opened the firewall to allow inbound access to port 1723 on
    both the Hyper-V server as well as the Cisco router.  From my Windows 7 client, I use the Windows
    VPN connector.   Once connected to the public
    static IP address, the Windows 7 client negotiates with the host and displays an
    error 720, stating that server cannot validate the client permissions.  The error log on the VPN server displays the
    login attempt and confirms that the domain controller cannot validate the
    security credentials of the client (the client login is correctly reflected and
    supported when logging into the network via a LAN connection).   I have changed several of the client settings
    to no avail.  The issue appears to be on
    the server side settings.

    The VPN server log shows the following error:

    Thanks in advance for your tips!!!!


    Sunday, March 18, 2012 3:56 PM

All replies

  • I also find this warning in the VPN server log:


    Sunday, March 18, 2012 3:59 PM
  • >I opened the firewall to allow inbound access to port 1582 on
    >both the Hyper-V server as well as the Cisco router.
     Maybe I'm missing something in your description, but what about port
    1723?  That's the default port for VPN pptp access.
     

    Bob Comer - Microsoft MVP Virtual Machine
    Monday, March 19, 2012 4:13 PM
  • Hello Bob,

    Thank you for your response.  I do have port 1723 open on both the Cisco router and the VPN server:

    Thank you for your input...any other thoughts? 

     

    Monday, March 19, 2012 4:38 PM
  • It's possible you might need to forward GRE packets as well, I have to
    open it on my router at home.
     
    I don't know your router, but there's probably something in the
    documentation that mentions GRE.
     

    Bob Comer - Microsoft MVP Virtual Machine
    Monday, March 19, 2012 4:48 PM