Windows Server - Error 868 on windows 7 VPN connection to SBS 2003. DNS error unable to resolve......

Asked By jeremy johnson on 24-Mar-10 09:32 AM

In windows 7 I manually created a vpn connection to my work computer using the information from another tech dock to connect through the RWW wepage being https://company.com/remote or remote.companyname.com either way does not work it resolved a DNS error. 

The VPN connection states that it has opened the port to the server but it is unable to resolve the DNS server name and gives it with error 868.  I have re-checked the information on the server's dns settings as well as the servers vpn / routing and remote access / as well as the dhcp settings.  I know server's internally in a company but i am not at all versed with remote conections or VPN connections.  I am needing to get a VPN solution in place for 3 remote people one of which is in a different state to be able to get shared drive resources. 

Any and all information would be very helpful whereas i am completely lost and need to get this setup relatively soon.


Sincerely,

Jeremy

jeremy johnson replied to jeremy johnson on 24-Mar-10 11:13 AM

EDIT: Ok i have tried through DMZ with the server on the router and i can authenticate and connect to the server ok, however, now i have another issue.  While connected the remote computer through the vpn cannot access any of the shared folders on the server. any ideas why the router blocks the vpn connection refering to dns issues and why even on dmz and properly authenticated the remote system cannot access shared resources?  I have a port range setup for the vpn connections on the router setup with port 47 for the authentication and ports 1645-1813 just for now to make it simple on the port scopes for the router to be able to route all that traffic to the server with the vpn connection or routing/remote access server.

I am slightly confused on why it work son dmz but not working through the firewall/router with the ports opened as well why even on dmz the shared drives are not accessible.  What am i doing wrong?  Thanks again in advance. if you have any information you can email me as well as post replys here ((tiggertx70 AT yahoo.com))

jeremy johnson replied to jeremy johnson on 24-Mar-10 12:02 PM
second edit.

finally got the connection to connect from inside through another VPN connection through the FQDN but the connections ip through ipconfig looks like

PPP/VPN  (IPv4)
IP: 192.168.1.* (*=the assigned dhcp number)
Subnet: 255.255.255.255
Gateway: 0.0.0.0

WiFi   (IPv6)
IP: 192.168.1.* (*=assigned by dhcp server always different than the ppp/vpn one)
Subnet: 255.255.255.0
Gateway: 192.168.1.1

Not sure if this will help any but i cannot figure out how to change the subnet / gateway address for the vpn connection to reflect the servers subnet and gateway information so that it will be able to connect to the server's resources. I have looked at or had a remote person testing this connection remotely with me and thiers looks the same only difference is thier WiFi connection is a wired connection to thier internet provider. and the only way they can authenticate and connect to the VPN server is if i put the server on DMZ??  figured i would have had a response of some sort or been able to find more information on the technet or online about these issues and snags i am running into than i have. any and all information would be greatly appreciated.  i am at a loss at the moment.

Thanks again
Andy Steadman replied to jeremy johnson on 24-Mar-10 02:16 PM
Hi Jeremy,

I have recently setup a SBS2008 box and had a nightmare with VPN. Every different OS needed a slightly tailored configuration.

Are the external machines joined to the domain?

If it is authenticating but you cannot see the shares using the FQDN i.e. \\server.domain.local then try specifying the IP address of the DNS server in the VPN settings, usually in the networking tab then in the IP V4 protocol settings.

I am sure that it will be a VPN config\settings issue, especially as you have other clients connected and working.
jeremy johnson replied to Andy Steadman on 24-Mar-10 07:24 PM
ok noobie me, I didnt think to try the full server.fqdn.local address. i am able to access from outside on the VPN connection. however, i am posed with another issue however.

I not able to access the vpn from outside without the server being on DMZ with the router.  I have proper ports setup though i get errors 868 a dns error, 800 some sort of a user error and 812 some other kind of vpn tunneling error no matter what i do to configure the firewall/router.  All of the ports are configured both as passthroughs as well as forwards to the server.  Everything works very wonderfully if i setup the server's private IP address on the DMZ, however, no VPN can connect when i put it back behind the firewall.

Although, behind the firewall, the server is accessible through https://fqdn.com/remote, https://fqdn.com/exchange, https://fqdn.com, http://fqdn.com ?? so all the secure and normal http ports are open.  i also have a mail.fqdn.com setup for pop and the pop/smtp works wonderfully also behind the firewall. this is just a vpn thing. 

Any other ideas? maybe its the router, i am sure i am missing something within the router thats still blocking or a port that i dont seem to have open or something not sure.

here is a list of ports and ranges that i have opened/forwarding:

http: 80~80
IMAP: 143~143
NNTP: 119~119
POP3: 110~110
SNMP: 25~25
DHCP: 67~67
IPSec: 500~500
Personal: 5~5
RAP: 56~56
MCP: 57~57
RNSS: 384~384
Exch: 563~593
Exchrout: 691~691
VPN1: 1194~1194
Cisco: 465~465
Personal: 3899~3899
Personal: 4125~4125
HTTPS: 443~443
BB: 3443~3443
Radius: 1645~1813
VPNauth: 47~47


All of them pointed to the servers private IP address. a few of the ports opened were to try and diagnose the VPN stuff and see how to make it work. some of these will be re-closed as soon as i figure out or get a resolution answer on what VPN should be using and how to make it work with the router and the server behind the firewall.

The router is a linksys firewall router that is completely configurable and the firmware in the router is completely up to date.

Thanks so much again in advance for all of the information given.