[isalist] Re: TMG VPN Not working on Windows Server 2008

  • From: Joe Pochedley <Joe.Pochedley@xxxxxxxxxxxxxx>
  • To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
  • Date: Tue, 15 Jun 2010 09:50:36 -0400

I was able to get PPTP VPN up and running on TMG with little issue using the 
info in Jim Harrison's book (and previous experience with ISA 2006/2004/2000).

I think the one quirk that I found (don't remember if it was spelled out 
anywhere) was that the IP address assigned to the PPP RAS adapter on the TMG 
server should not be listed as part of the Internal network within TMG.  Once 
VPN is configured, go into Networking > Networks tab...  Open the Internal 
network > Addresses tab..  Clear out whatever you have defined, and then choose 
to Add Adapter and pick your internal network's adapter to have the range of 
IPs to auto-populate...  Whenever I do this, the PPP RAS adapter IP is always 
excluded from the ranges for the Internal network.

If that doesn't help, I guess my original question to the OP is this: What do 
you see in the TMG logs when a VPN client attempts to connect?


From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Rob Moore
Sent: Tuesday, June 15, 2010 7:49 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: TMG VPN Not working on Windows Server 2008

It (mostly) worked for me, following the steps in Jim Harrison's book, 
Microsoft Forefront Threat Management Gateway (TMG) Administrator's Companion. 
I say "mostly" because I was able to connect to the VPN. But the DHCP relay 
didn't seem to work right. I got an IP address in the right range but some of 
the other options were wrong, and I was not able to ping things on the network. 
Same thing happened to me when I set it up on ISA 2006. So I'm just passing VPN 
traffic through TMG to an internal VPN server (just as I did for ISA). I'm sure 
it's something I'm doing wrong, but don't know just what.

Since it's working the way it is, it's not super high priority to fix it. 
Besides I'm really keen to get SSTP working. Seems like a better solution than 
regular VPN, since it hopefully won't be blocked (some of our users get to 
hotel networks that block access to VPN traffic). Now if I can just find the 


From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Tee Darling
Sent: Tuesday, June 15, 2010 4:26 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] TMG VPN Not working on Windows Server 2008

Has anyone been able to make VPN work at all through TMG on Windows Server 2008 
R2? I followed this article from Deb Shinder to configure VPN on my network.


The problem is, every time I try to connect to the VPN, I receive the error :

"Error 678: The remote computer did not respond". I havd googled the error but 
the troubleshooting steps that I am getting is not even helping in any way. I 
tried to also follow the configuration steps in the TMG Adminstrators Companion 
guide but the steps in there did not help in any way.

The articles that have worked for me before are the ones written by Tom Shinder 
for VPN configuration on ISA 2004 & 2006. I tried to follow that for TMG but it 
did not work either.

Any help?



Other related posts: