PPTP clients cannot connect to a PPTP server that has multiple IP addresses (271731)

Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows registry

SYMPTOMS

When you connect to a Point-to-Point Tunneling Protocol (PPTP) server from a PPTP client computer, the connection may not succeed, and you may receive one of the following error messages, depending on the version of Microsoft Windows that you are running:

In Microsoft Windows 95, Microsoft Windows 98, or Microsoft Windows Millennium Edition (Me):
Error 650: The Remote Access server is not responding
In Microsoft Windows NT 4.0, Microsoft Windows 2000, Microsoft Windows XP, or Microsoft Windows Server 2003:
Error 721: Remote PPP peer is not responding
In Microsoft Windows NT 4.0 or Microsoft Windows 2000:
Error 629: The port was disconnected by the remote machine.
In Microsoft Windows Server 2000 that has a virtual private network (VPN) installed:
Error 678: There was no answer

CAUSE

This issue may occur if the PPTP server replies by using an Internet Protocol (IP) address that is different from the address that the PPTP client computer sent the request to. This issue may occur if either one of the following conditions is true:

The server has multiple IP addresses on the public network interface.
The server is multihomed, and the configuration of the default gateway is on the incorrect interface.

The PPTP client detects the change in the IP address between the request and the reply. Therefore, the client does not permit the connection to be completed when the other IP address in the reply from the PPTP server is used.

RESOLUTION

To resolve this issue, make sure that the PPTP clients establish the connection to the first IP address that is bound to the PPTP server's public network interface. Also make sure that you configure the default gateway on the server to the interface that receives the connection attempt. Typically, the public network interface receives the connection attempt in this scenario.

If your PPTP server runs later version of Windows 2000 Service Pack 4 (SP4) or Windows Server 2003, and multiple IP addresses are bound to the public network interface, the server replies by using the same IP address that the client computer sent the request for connection to. For more information about change in IP address, click the following article number to view the article in the Microsoft Knowledge Base:

810839 VPN client cannot establish a connection after you install a service pack

If your PPTP server is running Windows 2000 SP4, and a PPTP client tries to connect to the second IP address that is bound to the public network interface, the PPTP server replies by using the first IP address that is bound to the public network interface.

This issue may occur, depending on the configuration of your PPTP server that uses Windows NT Load Balancing Service (WLBS) or Network Load Balancing. The PPTP server that uses Windows 2000 SP4-or-later may work as expected, regardless of the configuration. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

810839 VPN client cannot establish a connection after you install a service pack

This issue may also occur if you publish the PPTP server behind a firewall or a router. If you configure the firewall or the router incorrectly, the source IP address for PPTP reply packets may differ from the address that is received. To resolve this issue, configure the firewall or the router so that the source of the PPTP reply packets is the same IP address that the PPTP clients use. PPTP communication is made up of TCP port 1723 and of the Generic Routing Encapsulation (GRE) protocol (IP protocol 47).

MORE INFORMATION

Windows 95, Windows 98, Windows Me, and Windows NT 4.0 do not permit a PPTP connection to be completed if the PPTP server replies by using a different IP address.

Windows 2000 and Windows XP-based PPTP client computers permit connections if either Internet Connection Sharing or Internet Connection Firewall (ICF) is in use on the client. When you install Windows 2000 SP4 or Windows XP SP1 on your PPTP client, the client cannot connect to the PPTP server that replies by using a different IP address.

If you want your PPTP client that is running either Windows XP SP1 or Windows 2000 SP4-or-later to permit a connection to a PPTP server that replies with a different IP address, you must turn off PPTP address validation. To do so, follow these steps. Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

Click Start, and then click Run.
In the Open box, type regedit, and then click OK.
Locate the following subkey, where <000x> is the network adapter for the WAN Miniport (PPTP) driver:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\\{4D36E972-E325-11CE-BFC1-08002bE10318}\<000x>
On the Edit menu, point to New, and then click DWORD Value.
Type ValidateAddress, and then press ENTER.

Note By default, the Data value is 0 (Off).
Quit Registry Editor.
Restart your computer.

PPTP clients cannot connect to a PPTP server that has multiple IP addresses (271731)

SYMPTOMS

CAUSE

RESOLUTION

STATUS

MORE INFORMATION