Home | Site Map | Cisco How To Net How To | Wireless | Search | Forums | Services | Setup Guide | Chicagotech MVP | About Us | Contact Us|
Bob Lin Photography services

Real Estate Photography services 
 RAS Error Code

Cisco VPN Client Error/Reason Messages

Troubleshooting VPN/PPP problem by using the log of VPN server
Error 619
 Receiving RAS error 619 while connecting to a VPN via SBC
 VPN error 619 - Case Study
 Error 624
 Error 628
Error 629
 Error 630 - The port was disconnected due to hardware failure
 Error 633 Modem Is Already in Use
Error 638: The request has timed out
Error 645
 Error 649
 VPN Error 649 - The account does not have permission to dial-in - Case Study
 Error 650
 Error 678
 Error 682
 Error 691
 Error 711
 Error 720
 Error 721
 VPN Error 732: The PPP negotiation is not converging
 Error 733
Error 734 - The PPP link control protocol terminated.
 Error 735 - The requested address was rejected by server.
 Error 736 - The remote computer terminated the control protocol.
Error 741 - The local computer does not support the required encryption type.
 Error 769 The specific destination is not reachable.
Error 792 - The L2TP Connection Attempt failed because security negotiation timed out.
 Error 797
 Error 781
 Error 783
Error 800
 Error 806 - the VPN connection cannot be completed
 Error 913
 Error 930
 Error 937: Because another connection of your type is in use.

 

Troubleshooting VPN/PPP problem by using the log of VPN server

MS windows event viewer and log are very useful tools in troubleshooting VPN/PPP. If you have a difficulty to access the VPN/RAS server, you may go to the event viewer of the VPN/RAS server to check any errors. Alternatively, you can go to %SystemRoot%\system32\LogFiles to view any possible causes. To enable the PPP log on w2k server, go to Routing and Remote Access Services (RRAS)>properties>Event Logging, Check the Enable Point-to-Point Protocol (PPP) logging box.

To enable PPP Logging on a Computer Running Windows 2000 Professional Using Netsh.exe. To do this, at command prompt, type

netsh
 ras
 set tracing PPP enable

NOTE: The Netsh.exe utility is the only option to enable PPP logging in Win 2000 Pro. After you enable logging, the computer logs all PPP activity to the xxx.log file in the %SystemRoot%\LogFiles. Since PPP logging uses system resources and hard disk space, you should turn off it when you are finished troubleshooting.

Error 619: 1. The port was disconnected (or Error 645, Dial-Up Networking could not complete the connection to the server and Error 930, The authentication server did not respond to authentication requests in a timely fashion. The Event Viewer shows: Event id: 20073, Description: The following error occurred in the Point to Point Protocol module on port: port number, UserName: user name. The authentication server did not respond to authentication requests in a timely fashion). When using VPN to access a remote network, W2K clients mat get above errors but not win9x and ME clients. This issue occurs because the VPN server hasn't registered in Active Directory.


2.You get this message when connecting via cable modems, dial up DOESN'T have any issues.

Resolution: 1) This problem most likely is secure issue such as unsecured password. So, check the settings.
2) It could be the hardware issue. Try to re-setup the device or download the new driver or just reset the devices such as modem and router.
3) Reapply the service pack
4) If the RRAS is in a domain network, add the VPN to the appropriate group. To do this, go to Active Directory Users and Computers>domain name>Users, double-click the RAS and IAS Servers security group. Select the members and add the VPN server to this group. 2) Type netsh ras add registeredserver at a command prompt (registeredserver is vpn server name), and then press ENTER.

Re: RAS/VPN Event ID 20049, Event ID 20073 and Error 619

VPN error 619 - Case Study

Receiving RAS error 619 while connecting to a VPN via SBC

Resolution: Uninstall the self support tool form SBC and refresh the settings of your VPN

Error 624:  Cannot update the phonebook file.

Resolutions: 1)  Make sure that RASPHONE.PBK is located in system32\RAS\.  If so, rename the file to RASPHONE.OLD and run RASPHONE.EXE.  If not, just run RASPHONE.EXE. 2) Uninstall and reinstall DUN/RAS.

Error 628:  The port is disconnected or The conenction was terminated by the remote computer before it could be completed.. This is most likely a modem or phone line noise issue or blocking port issue.

Resolutions:
1) make sure you have good phone line.
2) Upgrade the modem/router firmware
3) Make sure you logon using the correct username or password or try different username.
4) Reinstall the modem.
5) Re-enable RAS
6) Check the router/firewall settings.
7) Make sure the router is VPN pass through or GRE is enabled.

For the consultants, refer to case 830-100804

Error 629 - The port was disconnected by the remote machine (also re: error 913).

Check lists:
1)  Make sure the username and password you have entered for the DUNS connection is correct.
2) Also make sure the phone number is correct.
3) if calling a server set for 128-bit encryption when you don't have 128-bit encryption installed on client.
4) if all the entries for RAS are not correct, you may get this error. This would include incorrect settings for the Basic, Server, Script, Security and X.25.
5)  The settings for authentication and encryption on the security tab must match what your ISP requires.
6) if a new account logs on using PPTP and change password on first logon is enabled.
7) may be caused if the modem port speed is set below 19,200.
8) Can be caused by software or modem not being configured properly or being damaged.

For the consultants, refer to case 091304EC

Error 630 - The port was disconnected due to hardware failure

1. Check that the modem is plugged in, and if necessary, turn the modem off, and then turn it back on.
2. Check  if your modem is being given a bad init string - with a command that it does not support.
3. Check if another program is already using the modem, or, if the modem or serial port's resources configuration is incorrect.
4. Reboot your computer and try it again.
5. If that doesn’t work, go to Start -> Settings -> Control Panel -> Modems -> Diagnostics and get More Info from your modem. If it fails, your modem driver is corrupt and needs to be re-installed.
6. Update the modem drivers.

Error 633 Modem Is Already in Use

Symptoms: When you try to use your modem on a Windows computer, you may receive an error message similar to the following: Error 633 Modem is already in use, or is not configured for Remote Access dial out or The port is in use.
 
Resolutions: 1. Verify  no other applications that are using the modem. You can open  Task Manager to check that by press  CTRL+ALT+DEL.  Another way to test it is reboot the computer.
2. This behavior may occur when another device with a driver,  for example outdated Palm Pilot software, conflicts with the modem. 
3. Telephone.ini or unimdm.tsp is missing or damaged.
4. Make sure the modem is setup correctly and may apply SP.
5. Removing and reinstalling it, or  apply the new drive may fix the problem.
6. Make sure no two ISDN installed on the same machine and attempt to connect to the same server.

Error 638: The request has timed out

Refer to Error 721

 

Error 645: Internal authentication error (also re: error 913), or Dial-Up Networking could not complete the connection to the server.

Resolutions:
1) uncheck require encrypted password under the Server Types tab.
2) Make sure you are entering your correct username and password when connecting.
3) Uninstall and reinstall the Dial Up adapter. 4) Refer to error 619 resolution - add the vpn to the appropriate group.

Error 649. The account does not have permission to dial-in.

Resolution:
1) This error can occur if the user name is the same as the domain name.  
2) This error can occur if the username is 'system'.
3) This error can occur if dialing in to a Windows NT Remote Access Server and your password has expired.
4) Make sure the user is allowed to dial-in.
5) Check PPTP filtering. For the test, disable PPTP filtering on the server (Net Stop RASPPTPF), and see if you can establish a non-filtered connection.

VPN Error 649 - The account does not have permission to dial-in - Case Study

Error 649 - Login failed: username, password, or domain was incorrect

Error 650: The Remote Access server is not responding.

Resolution:
1) Proxy or firewall block like port 1723 and IP GRE 74.
2) Check the server type and uncheck most of them.
3) Make sure you type correct information in logon screen.
4) Check PPTP filtering. For the test, disable PPTP filtering on the server (Net Stop RASPPTPF), and see if you can establish a non-filtered connection.

Error 678: There was not answer.

Resolution:
1) you are dialing the wrong number.
2) make sure you have good connection.
3) If using VPN, make sure the port 1723 and IP Protocol 47 (GRE) are opened.

Error 682: When VPN clients try to remotely log on to your network, they may be denied access. Users may receive one of the following error messages: Error 628: The connection was closed, and see the Verifying Username and Password dialog box. This issue may occur if your VPN server is located behind a Linksys BEFSR41 router, Proxy or ISA.

Resolution: To resolve Linksys BEFSR41 router issue, update the firmware for your Linksys BEFSR41 router. To resolve Proxy or ISA issue, obtain the latest service pack for ISA Server 2000.

Error 691: Access denied because username and/or password is invalid on the domain.

Resolution:
1) Verify the logon ID and password are correct.
2) Make sure the Include Windows logon domain check box is unchecked in the Options tab of the dial-up connection's Properties dialog box.
3) Make sure the dial-up connection's security option is correctly configured to use the Require secured password setting.
4) Delete all of the *.pwl files and reboot if you are using win9x.
5) Try another logon ID or create a new Logon ID because the profile may be damaged.

Error 711: When attempting to start the Routing and Remote Access Service, you may receive "The Routing and Remote Access service terminated with service-specific error 711" and Event ID: 7024  in the System Event log of the server shows. This behavior may occur because the Routing and Remote Access Service is unable to start if the Remote Access Connection Manager service, Remote Access Auto Connection Manager, and the Telephony service are disabled.

RESOLUTION: to resolve this behavior, you must use the Services Administrative tool to set the Startup Type of all the Remote Access Connection Manager service, Remote Access Auto Connection Manager, and the Telephony service to Manual.. After you have made these settings, you can restart the Routing and Remote Access Service.

Error 720: No PPP control protocols configured.

Resolution:
1) make sure both RAS server and client have the correct protocol setup.
2) make sure the NetBIOS interface has being installed and the NetBIOS binding has being enabled. The NetBIOS interface is required for establishing logical names and sessions on the network for Windows NT/9x/ME.

 

Error 721: Remote PPP peer or computer is not responding. If you have tried many thing other people suggest like rebooting, reloading hardware and re-installing the VPN or dial in connection, you still get the same problem. I will suggest to check the router settings and make sure TCP Port 1723, IP Protocol 47 (GRE) are opened. Also make sure that the router has the PPTP enabled and not firewall block the traffic. On the RAS server, check the DHCP settings.

Case Studies – VPN error 721 and 800

Error 733: the PPP control protocol for this network protocol is not available on the server. 

Resolution:
1) Ensure that the TCP/IP protocol is installed on your RAS server and that the TCP/IP protocol is selected in the Server Settings of the Network Configuration option of the Remote Access Setup dialog.
2) If you have the "Use DHCP to assign remote TCP/IP client addresses" option selected for the TCP/IP protocol in the RAS Server Settings, then ensure that you have installed DHCP and that it is not disabled.
3) Ensure that all of the bindings for TCP/IP are enabled in the Bindings tab of the Network dialog of the Control Panel. Be sure to inspect the TCP/IP Protocol and WINS Client (TCP/IP) bindings for all adapters, all protocols, and all services. If the TCP/IP bindings are corrupt, you may have to reinstall TCP/IP and or RAS in order to clean up the bindings.
4) To fix this issue, you may setup a static pool of IP addresses for VPN clients.

Error 734 - The PPP link control protocol terminated.

Resolutions: 1. this is most like security issue, for example, you set to send encrypted passwords and your RAS server does not support encrypted passwords, or reverse situation. Check the security settings on both sides.
2. if multi-link negotiation is turned on for the single-link connection, disable it.
3. This error may occur if you are using user-defined callback in your DUNS setup.
4. Also refer to error 691.

Error 735 - The requested address was rejected by server.

Make sure you don't setup static IP on the VPN client and let the VPN server assign IP.

Error 736 - The remote computer terminated the control protocol.

1. This error indicated that the VPN server is out of available ports/IP addresses.
2. Or if the remote access server is unable to obtain an IP address from DHCP for the connection.
3. This is probably due to a glitch on the ISP's end.
4. If it is NT, try to disable PPP LCP extensions.

Error 741 - The local computer does not support the required encryption type.

1. Make sure you enter correct password.

2. Switch from L2TP to PPTP.

3. Enabling 128-bit Encryption for Routing and Remote Access

Error 769 The specific destination is not reachable.

Cause: 1. The network card in your computer is not turned on. 2. The dial-up connection is not listed in the 'dial-up' section

Error 792 - The L2TP Connection Attempt failed because security negotiation timed out.

Causes: 1. This behavior can occur because you have a preshared key that is configured on the client, but the key is not configured on the Routing and Remote Access Service server.
2. VPN server is not a valid machine certificate or is missing.
3. The IPSec Policy Agent service is stopped and started without stopping and starting the Routing and Remote Access service on the remote computer.
4.The IPSec Policy Agent service is not running when you start the Routing and Remote Access service.
5. The ISA Server computer is configured to block IP fragments.

Error 797 - The modem could not be found.

Resolutions:
1. Rebooting the machine that may solve the problem.
2. Remove and then re-install the modem.
3. Check to see if there is an upgrade driver for your modem.

Error 781 - Encryption Failed

Symptom: When connecting to a VPN server, you may receive this Error 781: The encryption attempt failed because no valid certificate was found.

Resolution: If your VPN client is trying to use L2TP/IPSec for the VPN connection, you may receive above message. What you need to do is switching to a PPTP VPN connection, which doesn't need a certificate.  To do this, open the properties of the VPN connection, choose the Networking tab, and change the "Type of VPN" to PPTP VPN (default is Automatic). Also make sure you have good connection. Sometimes, poor connection can cause this issue too.

Error 783 - Can't enable ICS

Symptom: When you try to enable ICS, you may receive the following error message: "Error 783: Internet Connection Sharing cannot be enabled. The LAN connection selected as the private network is either not present, or is disconnected from the network. Please ensure that the LAN adapter is connected before enabling Internet Connection Sharing."

Resolution: When enabling ICS, your computer is assigned the 192.168.0.1 IP address, and if this address is already in use on the network, you will get this error message. To fix this problem, disconnect the computer using the 192.168.0.1 IP address from the network, or change its TCP/IP settings to use DHCP.

 

Error 800: Unable to establish the VPN connection. The VPN server may be un-reachable, or security parameters may not be configured properly for this connection.

Resolutions:
1) if you have firewall, open TCP Port 1723, IP Protocol 47 (GRE).
2) make sure you can reach the VPN server by using ping.  Sometimes, poor connection can cause this issue too.
3) You may need to updated firmware on a router or firewall if other OS (win9x/nt/me/w2k) works except XP.
4) The VPN server may not be able to get IP from DHCP for the VPN client. So, you may want to re-configure VPN host networking settings. For XP pro VPN host, go to the Properties of the VPN>Network, check Specify TCP/IP address and Allow calling computer to specify its own IP address, and uncheck Assign TCP/IP addresses automatically using DHCP.
5) Make sure other secure software blocks your access, for example, if you use Norton secure software, you may need to add the remote client's IP so that the client can access.
6) If your VPN running on a Windows RRAS with NAT enabled, you may want to check the NAT settings.

Case Studies – VPN error 721 and 800

Error 806: a connection between your computer and the VPN server has been established but the VPN connection cannot be completed.  The most common cause for this is that there is at least one internet device between your computer and the
VPN server is not configured to allow GRE protocol packets Verify that protocol 47 GRE is allowed on all personal firewall devices or routers.  if the problem persists, contact your administrator.

Resolutions:
1) if you have a router/firewall, make sure you open TCP Port 1723, IP Protocol 47 (GRE).
2) make sure you can reach the VPN server by using ping.  Sometimes, poor connection can cause this issue too.
3) You may need to updated firmware on a router or firewall.
4) The VPN server may not be able to get IP from DHCP for the VPN client. So, you may want to re-configure VPN host networking settings. For XP pro VPN host, go to the Properties of the VPN>Network, check Specify TCP/IP address and Allow calling computer to specify its own IP address, and uncheck Assign TCP/IP addresses automatically using DHCP.
5) Make sure other secure software blocks your access, for example, if you use Norton secure software, you may need to add the remote client's IP so that the client can access.
6) If your VPN running on a Windows RRAS with NAT enabled, you may want to check the NAT settings.

Cases: VPN Error 721, 800 or 806

Case Studies – VPN error 721 and 800

 

Error 913: A Remote Access Client attempted to connect over a port that was reserved for Routers only (also re: Error 629 and 645). The event viewer may also generate the following event:

Event ID: 20188
Source: RemoteAccess
Description: The user username, attempting to connect on port, was disconnected because of the following reason:
A Remote Access Client attempted to connect over a port that was reserved for Routers only.

Resolutions:
1) Enable Remote access connections. To do this, go to Routing and Remote Access administrative tool>Ports>Properties, click the appropriate port (L2TP, Modem, PPTP, LPT1, and so on), and then click Configure, and then check the Remote access connections (inbound only).
2) Double-click the "Incoming Connections" icon on network connections folder and make sure "Allow VPN Connections" is enabled.
 

Error 930: The authentication server did not respond to authentication requests in a timely fashion.

SYMPTOMS: after setup Routing and Remote Access service for VPN or dial-up on a server to use RADIUS, or upgrade the server to a new OS, 1) the client computers may receive the following error message: Error 930: The authentication server did not respond to authentication requests in a timely fashion. 2) On the RRAS server Event ID: 20073 The following error occurred in the Point-to-Point Protocol module port: Port, UserName: Username. The authentication server did not respond to authentication requests in a timely fashion. 3) On the IAS server, the following error message may be reported Event ID: 13 A request was received from the invalid client IP Address IP_Address.

Causes: 1) The default path to the Remote Access log file has been changed or is not valid.
2) The VPN server has not been set up as a RADIUS client in the IAS.
3) This behavior will occur if the VPN user has permissions to read only on the Active Directory directory service record.
4) Refer to error 619 resolution - add the vpn to the appropriate group.

Refer to 072704RLa

Error 937: Because another connection of your type is in use.

Cause: W2K/XP limits one VPN connection and some one is connecting to the same VPN host.
 

Bob Lin Photography services

Real Estate Photography services 

  This web is provided "AS IS" with no warranties.
Copyright © 2002-2017 ChicagoTech.net, All rights reserved. Unauthorized reproduction forbidden.