You are currently offline, waiting for your internet to reconnect

Troubleshooting PPTP Connectivity Issues in Windows NT 4.0

This article was previously published under Q162847
This article describes how to troubleshoot connectivity issues in WindowsNT 4.0 with the Point-to-Point Tunneling Protocol (PPTP). You may want tosee the PPTP information available on the Microsoft Web site( before you follow the steps in this article.

Installing PPTP

Installation involves installing and configuring PPTP on both a client anda server computer.

Client Setup:
  1. In Control Panel, double-click Network.
  2. Click the Protocols tab.
  3. Click Add, and then click Point-to-Point Tunneling Protocol.
  4. When you are prompted for how many Virtual Private Networks (VPN) to enable, click 1.
  5. Click OK. When you are prompted to supply the Window NT 4.0 installation media, do so.
  6. In RAS Setup, add the new Virtual Private Network (VPN) port by clicking Add and double-clicking the VPN port.
  7. Configure the protocols to be used over the VPN port by clicking Network.
  8. Click OK, click Continue, and then click Close. When you are prompted to restart the computer, do so.
Server Setup:

Follow the procedure outlined above to install PPTP on the server. Set upas many VPN ports as will be required to support dial-in clients.

You can also configure the protocols available to each VPN port andspecify whether the port will have access to only this computer or theentire network.

Setting Up and Testing Internet Connectivity

PPTP relies on the Remote Access Service (RAS). Therefore, RAS should beinstalled, configured, and tested prior to installing PPTP. The RemoteAccess Service can be installed using the Network tool in Control Panel.The TCP/IP protocol is also required by PPTP and should be installed priorto PPTP. A Dial-Up Networking phone book entry for your Internet serviceprovider (ISP) should be created and tested. Verify that you cansuccessfully connect to your ISP and obtain full Internet access.

For information about setting up RAS, Dial-Up Networking, and the TCP/IPprotocol to connect to the Internet, refer to Help in Windows NT.

For additional information, please see the following articles in theMicrosoft Knowledge Base:
ARTICLE-ID: 161516
TITLE : Troubleshooting Modem Problems Under Windows NT 4.0

ARTICLE-ID: 161986
TITLE : Troubleshooting Internet Service Provider Login Problems

Testing Connectivity to the PPTP Server

Once the PPTP client and the PPTP server are connected to their ISPs, testthe connectivity between the two.
  • Obtain the IP address of the PPTP server. This can be obtained with the IPCONFIG tool. On the PPTP server, start a command prompt inside Windows NT. Type the following command:

    c:\>ipconfig /all

    This displays the IP address of the NDISWANx driver.
  • Try communicating with the IP address of the PPTP server from the PPTP client. From a command prompt on the PPTP client, type the following command:

    c:\>ping <IP address of the PPTP server>

    You should receive four responses from the server. If you receive a "Request timed out" message, the PPTP client is not able to communicate with the PPTP server.

Cannot Connect to PPTP Server

The error message you receive will help determine what part of the PPTPconnection you should troubleshoot.

When PPTP filtering is enabled you may receive one of the following errormessages:
Error 678: There is no answer
If you receive this error message, RAS Connection Manager and RemoteAccess Server may not be started and may be set for manual startup. Startboth and change RAS connection manager startup to automatic.
Error 650: The Remote Access Server is not responding
If you receive this error message, disable PPTP filtering andthen attempt to ping the PPTP server. To disable PPTP filtering, type thefollowing command on the PPTP server:


You should now be able to ping the PPTP server over the Internet. If youstill receive one of these error messages, the problem may not be a PPTPproblem. Until you get replies from the server, you will need totroubleshoot this issue as a normal connectivity problem.

If pinging the PPTP server across the Internet successfully returns withreplies, the ISP or internal corporate network may not allow GenericRouting Encapsulation (GRE) packets or PPTP packets to go across thefirewall or router.

GRE packets are commonly used internally as messages between routers. Forexample, an ISP may use GRE to distribute routing messages between itssites. For security or other reasons, this ability may be turned off tothe outside Internet.

You can resolve this problem by ensuring that Protocol 47 is open at therouter or firewall. This protocol is required for PPTP to work correctly.

In addition to GRE Protocol 47, TCP port 1723 must be enabled at allrouters or firewalls between the PPTP client and server.

An example of a GRE-blocked PPTP call in a trace is shown below. In thiscase, the ISP uses GRE internally, but does not allow the protocol to besent to any outside interfaces.
1- 5.364   00 E8 TCP       ....S., len:2- 5.614   E8 00 TCP       .A..S., len:3- 5.614   00 E8 TCP       .A ., len: 0, seq: 168021101-168021101,   ack:    460753,4- 5.630   00 E8 TCP       .AP..., len: 156, seq: 168021101-168021256,   ack:    460753,5- 6.130   E8 00 TCP       .AP..., len:  156, seq:    460753-460908,   ack:   168021257, win:6- 6.145   00 E8 TCP       .AP..., len:  168, seq: 168021257-168021424,   ack:    460909,7- 6.520   E8 00 TCP       .AP..., len:   32, seq:    460909-460940,   ack:    168021425, win:8- 6.536   00 E8 TCP       .AP..., len:   24, seq: 168021425-168021448,   ack:    460941,9- 6.536   20 20 LCP       Config Req Packet, Ident = 0x00, Length = 1710- 6.536  00 E8 LCP       Config Req Packet, Ident = 0x00, Length = 1711- 6.833  E8 00 ICMP      Destination Unreachable:   See frame 1012- 6.942  E8 00 TCP       .A...., len:    0, seq:    460941-460941,   ack:   168021449, win:				

In frame 11, there is a reference that states the destination cannot bereached in frame 10. Looking closely at frame 10, you can see that thispacket is actually a GRE packet:
+ FRAME: Base frame properties+ ETHERNET: ETYPE = 0x0800 : Protocol = IP:  DOD Internet Protocol+ IP: ID = 0xECB3; Proto = 0x2F; Len: 53+ GRE: ..KS............ Length: 21, Call ID: 0  <<<--Shows that this is a                                                     GRE packet.+ PPP: Link Control Protocol Frame (0xC021)+ LCP: Config Req Packet, Ident = 0x00, Length = 17				

The IP address in the IP portion of this frame shows the IP address of thedevice that will not allow GRE packets past its interface.

NOTE: Some ISPs or corporate firewalls will not allow incoming or outgoingGRE packets. In this case, you will see the same "Destination HostUnreachable" packets in the trace, but there will not be any packets thatdrill down to GRE.

Timeouts Using PPTP

If you receive error 718, "the server has not responded," you may want toincrease the number of attempts PPTP makes to transmit data.

You can make this change by editing the following registry entry.

WARNING: Using Registry Editor incorrectly can cause serious, system-wideproblems that may require you to reinstall Windows NT to correct them.Microsoft cannot guarantee that any problems resulting from the use ofRegistry Editor can be solved. Use this tool at your own risk.
  1. Run Registry Editor (Regedt32.exe).
  2. Go to the following key in the registry:
  3. On the Edit menu, click Add Value and use the following entry (if the entry already exists, just double-click it to edit the value):
          Value Name:    PPTPTcpMaxDataRetransmissions      Data Type:     REG_DWORD      Value range:   0 - 0xFFFFFFFF      Default value: 9h						

    By default, this value is 9h. You may want to increase this value to 18h. It is not recommended to increase this value beyond 27h.
If you are using the NetBEUI protocol to connect to a PPTP server, you mayneed to install Windows NT 4.0 Service Pack 3. For additional information,please see the following article in the Microsoft Knowledge Base:
ARTICLE-ID: 163129
TITLE : RAS Client Fails to Connect to Service Pack 2 Using NetBEUI

Dialing the IP Address and Logging on to PPTP Server

After each computer can connect to its ISP and ping the PPTP server, testlogging on to the PPTP server.
  • Set up a Dial-Up Networking phone book entry to dial the IP address of the PPTP server. When you set up the phone book entry, enter the server's IP address in place of a phone number. Dial using RASPPTPM.
  • If Dial-Up Networking dials but does not connect to the PPTP server, try restarting the Remote Access Server service. To do so, follow these steps:
    1. In Control Panel, double-click Services.
    2. Locate the Remote Access Server service. Stop the service and then start the service.

Confirming Dial-In Permissions

PPTP requires that the connecting user account have dial-in permissions.Use the Remote Access Admin tool to verify that the user account has theappropriate dial-in permissions.

If a domain is present, the user may need domain permissions to connect tocertain resources on the network.

Troubleshooting Protocol Issues

PPTP can use the NetBEUI, IPX/SPX-compatible, and TCP/IP protocols. TheNetBEUI protocol requires the least amount of configuration. Connectingto the PPTP server requires that the client and server have a networkprotocol in common. Once connected, the PPTP server can act as NetBIOSgateway to the rest of the local area network.

When you are using the TCP/IP protocol, each client needs a unique IPaddress. IP addresses can be statically assigned to clients, suppliedfrom a pool of IP addresses, or from a DHCP server.

The Ping tool can be used in troubleshooting connectivity issues withTCP/IP. For additional information, please see the following article inthe Microsoft Knowledge Base:
ARTICLE-ID: 102908
TITLE : How to Troubleshoot TCP/IP Connectivity with Windows NT

Browsing Issues

Avoid browsing Network Neighborhood over a slow connection. Try connectingto the network resource directly. To do so, follow these steps:
  1. Click the Start button, and then click Run.
  2. Type the following line, and then click OK:

If you can connect with this method, the PPTP session is working properlyand the issue is related to browsing.

For additional information about PPTP, see the following articles in theMicrosoft Knowledge Base:
ARTICLE-ID: 162230
TITLE : Fragmentation and Performance Issues with PPTP Connections

ARTICLE-ID: 154674
TITLE : PPTP Registry Entries

ARTICLE-ID: 164052
TITLE : PPTP and Interoperability with Other Local Machine Services

ARTICLE-ID: 164601
TITLE : How to Enable PPTP Port for Network Monitor

ARTICLE-ID: 158387
TITLE : RAS Server Cannot Use DHCP to Assign Addresses w/ PPTP Filtering
prodnt ntfaqipr

Article ID: 162847 - Last Review: 11/01/2006 04:57:59 - Revision: 1.1

  • Microsoft Windows NT Workstation 4.0 Developer Edition
  • Microsoft Windows NT Server 4.0 Standard Edition
  • kbdialup KB162847