PPTP clients cannot connect to a PPTP server that has multiple IP addresses

Article translations Article translations
Article ID: 271731 - View products that this article applies to.
This article was previously published under Q271731
Expand all | Collapse all

SYMPTOMS

When you connect to a Point-to-Point Tunneling Protocol (PPTP) server from a PPTP client computer, the connection may not succeed, and you may receive one of the following error messages, depending on the version of Microsoft Windows that you are running:
  • In Microsoft Windows 95, Microsoft Windows 98, or Microsoft Windows Millennium Edition (Me):
    Error 650: The Remote Access server is not responding
  • In Microsoft Windows NT 4.0, Microsoft Windows 2000, Microsoft Windows XP, or Microsoft Windows Server 2003:
    Error 721: Remote PPP peer is not responding
  • In Microsoft Windows NT 4.0 or Microsoft Windows 2000:
    Error 629: The port was disconnected by the remote machine.
  • In Microsoft Windows Server 2000 that has a virtual private network (VPN) installed:
    Error 678: There was no answer

CAUSE

This issue may occur if the PPTP server replies by using an Internet Protocol (IP) address that is different from the address that the PPTP client computer sent the request to. This issue may occur if either one of the following conditions is true:
  • The server has multiple IP addresses on the public network interface.
  • The server is multihomed, and the configuration of the default gateway is on the incorrect interface.
The PPTP client detects the change in the IP address between the request and the reply. Therefore, the client does not permit the connection to be completed when the other IP address in the reply from the PPTP server is used.

RESOLUTION

To resolve this issue, make sure that the PPTP clients establish the connection to the first IP address that is bound to the PPTP server's public network interface. Also make sure that you configure the default gateway on the server to the interface that receives the connection attempt. Typically, the public network interface receives the connection attempt in this scenario.

If your PPTP server runs later version of Windows 2000 Service Pack 4 (SP4) or Windows Server 2003, and multiple IP addresses are bound to the public network interface, the server replies by using the same IP address that the client computer sent the request for connection to. For more information about change in IP address, click the following article number to view the article in the Microsoft Knowledge Base:
810839 VPN client cannot establish a connection after you install a service pack
If your PPTP server is running Windows 2000 SP4, and a PPTP client tries to connect to the second IP address that is bound to the public network interface, the PPTP server replies by using the first IP address that is bound to the public network interface.

This issue may occur, depending on the configuration of your PPTP server that uses Windows NT Load Balancing Service (WLBS) or Network Load Balancing. The PPTP server that uses Windows 2000 SP4-or-later may work as expected, regardless of the configuration. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
810839 VPN client cannot establish a connection after you install a service pack
This issue may also occur if you publish the PPTP server behind a firewall or a router. If you configure the firewall or the router incorrectly, the source IP address for PPTP reply packets may differ from the address that is received. To resolve this issue, configure the firewall or the router so that the source of the PPTP reply packets is the same IP address that the PPTP clients use. PPTP communication is made up of TCP port 1723 and of the Generic Routing Encapsulation (GRE) protocol (IP protocol 47).

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

MORE INFORMATION

Windows 95, Windows 98, Windows Me, and Windows NT 4.0 do not permit a PPTP connection to be completed if the PPTP server replies by using a different IP address.

Windows 2000 and Windows XP-based PPTP client computers permit connections if either Internet Connection Sharing or Internet Connection Firewall (ICF) is in use on the client. When you install Windows 2000 SP4 or Windows XP SP1 on your PPTP client, the client cannot connect to the PPTP server that replies by using a different IP address.

If you want your PPTP client that is running either Windows XP SP1 or Windows 2000 SP4-or-later to permit a connection to a PPTP server that replies with a different IP address, you must turn off PPTP address validation. To do so, follow these steps. Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows
  1. Click Start, and then click Run.
  2. In the Open box, type regedit, and then click OK.
  3. Locate the following subkey, where <000x> is the network adapter for the WAN Miniport (PPTP) driver:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\\{4D36E972-E325-11CE-BFC1-08002bE10318}\<000x>
  4. On the Edit menu, point to New, and then click DWORD Value.
  5. Type ValidateAddress, and then press ENTER.

    Note By default, the Data value is 0 (Off).
  6. Quit Registry Editor.
  7. Restart your computer.

Properties

Article ID: 271731 - Last Review: October 30, 2006 - Revision: 5.5
APPLIES TO
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Web Edition
  • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Server
  • Microsoft Windows XP 64-Bit Edition Version 2003
  • Microsoft Windows XP Professional
  • Microsoft Windows XP Home Edition
  • Microsoft Windows Millennium Edition
  • Microsoft Windows 98 Standard Edition
  • Microsoft Windows NT Workstation 4.0 Developer Edition
  • Microsoft Windows NT Server 4.0 Standard Edition
  • Microsoft Windows 95
Keywords: 
kbhotfixserver kbqfe kbfirewall kbenv kberrmsg kbprb kbtunneling KB271731

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com