So I am running Windows 7 Enterprise. This morning I was able to VPN using the built in VPN (Connect to Work Network etc). I had to change my network's IP address range and now the VPN will not work. It just stalls on the Verifying user name and password... message. But then it returns the 619 error.
Anybody know why changing my machine's IP address would cause this problem? Where should I be looking to try and fix this issue?
I have tried this on a Windows XP machine that also had the IP address range change and this still connects fine using exactly the same connection details.
EDIT
The internal network range changed from 192.x.x.x to 10.x.x.x. This was done on the entire Active Directory. All machines are running fine and the Windows XP machine, that works going to the same client VPN mentioned above is on the same network. Both the XP and the Windows 7 machines are using DHCP served by the Domain Controller. The client domain is not performing any IP range checks/restrictions.
The VPN is outside the internal network, connection is being made via the Internet and not passing through any other machine, other than the normal domain machines, ie DNS etc. This is passing through a router and the router has the relevant VPN passthrough options configured. All internal machines are working correctly with other forms of VPN, ie Cisco, Sonic etc (these were tested on other machines, they are not installed on the Vista or Windows 7 machines).
After further testing, this is occurring on all Windows 7 and Vista machines where they can no longer connect to the client VPN, however all XP machines can still connect fine. This has been tested on three Vista, two Windows 7 and five XP machines. All machines are on DHCP and tests have been done with both the firewalls turned on and off, as well as with fixed IPs being used.
2 Answers
Some more information on the exact changes that you did would be welcome. Also about the local network architecture, router etc. Also why you had to change the local address range. This information is best added to your post.
Error 619 means simple "A connection to the remote computer could not be established". Which just means that the computer that was before reachable is now unreachable, assuredly because of the IP changes.
I suggest that you verify that the computer is within the segment range that is served by your router or whatever connection you have. This is most likely the problem. Also try and use DHCP rather than your own IP (if at all possible).
Again, some more info might help in giving an answer that's less vague.
EDIT
Some things to try. Under properties of the connection:
- Go into Security and change the type of VPN from Automatic to PPTP
- Change data encryption to Optional
and select CHAP & MS-CHAP v2 down
below for your protocols.
(If you wish you can also use PAP but your password will be sent unencrypted) - Under Networking disable IPv6
EDIT2
Some more possibilities:
- In Properties for the VPN, Options tab, uncheck "Include windows Logon Domain".
- Vista/Win7 do not support the older
Microsoft CHAP (MS-CHAP) protocol.
Ensure on your VPN server that MS-CHAP v2 is actually available. - Whatever router you're using for outside access may need firmware upgrade.
- Some possibly useful links:
An outdated network router may not function correctly when you use it together with new networking features in Windows Vista
Windows Vista cannot obtain an IP address from certain routers or from certain non-Microsoft DHCP servers
Please check whether the client or the vpn server is behind a "link balancer". For those of you who do not know what a link balancer is - It is a device on which multiple links from different ISP's converge to provide a failover and link aggregation solution.
VPN traffic does not like being link balanced. We can find this through a packet capture taken at the client.