SUMMARY This article lists the error codes that you may receive when you use Windows 2000, Windows XP, or Windows Server 2003 as a client computer to make a dial-up connection or a VPN connection. Note: Error codes with numbers higher than 900 will only be seen if you are trying to connect to a Routing and Remote Access Server that is running Windows 2000 or later. MORE INFORMATION The following list contains the error codes for dial-up connections or VPN connections: 600 An operation is pending. 601 The port handle is invalid. 602 The port is already open. 603 Caller’s buffer is too small. 604 Wrong information specified. 605 Cannot set port information. 606 The port is not connected. 607 The event is invalid. 608 The device does not exist. 609 The device type does not exist. 610 The buffer is invalid. 611 The route is not available. 612 The route is not allocated. 613 Invalid compression specified. 614 Out of buffers. 615 The port was not found. 616 An asynchronous request is pending. 617 The port or device is already disconnecting. 618 The port is not open. 619 The port is disconnected. 620 There are no endpoints. 621 Cannot open the phone book file. 622 Cannot load the phone book file. 623 Cannot find the phone book entry. 624 Cannot write the phone book file. 625 Invalid information found in the phone book. 626 Cannot load a string. 627 Cannot find key. 628 The port was disconnected. 629 The port was disconnected by the remote machine. 630 The port was disconnected due to hardware failure. 631 The port was disconnected by the user. 632 The structure size is incorrect. 633 The port is already in use or is not configured for Remote Access dialout. 634 Cannot register your computer on the remote network. 635 Unknown error. 636 The wrong device is attached to the port. 637 The string could not be converted. 638 The request has timed out. 639 No asynchronous net available. 640 A NetBIOS error has occurred. 641 The server cannot allocate NetBIOS resources needed to support the client. 642 One of your NetBIOS names is already registered on the remote network. 643 A network adapter at the server failed. 644 You will not receive network message popups. 645 Internal authentication error. 646 The account is not permitted to log on at this time of day. 647 The account is disabled. 648 The password has expired. 649 The account does not have Remote Access permission. 650 The Remote Access server is not responding. 651 Your modem (or other connecting device) has reported an error. 652 Unrecognized response from the device. 653 A macro required by the device was not found in the device .INF file section. 654 A command or response in the device .INF file section refers to an undefined macro 655 The macro was not found in the device .INF file section. 656 The macro in the device .INF file section contains an undefined macro 657 The device .INF file could not be opened. 658 The device name in the device .INF or media .INI file is too long. 659 The media .INI file refers to an unknown device name. 660 The device .INF file contains no responses for the command. 661 The device .INF file is missing a command. 662 Attempted to set a macro not listed in device .INF file section. 663 The media .INI file refers to an unknown device type. 664 Cannot allocate memory. 665 The port is not configured for Remote Access. 666 Your modem (or other connecting device) is not functioning. 667 Cannot read the media .INI file. 668 The connection dropped. 669 The usage parameter in the media .INI file is invalid. 670 Cannot read the section name from the media .INI file. 671 Cannot read the device type from the media .INI file. 672 Cannot read the device name from the media .INI file. 673 Cannot read the usage from the media .INI file. 674 Cannot read the maximum connection BPS rate from the media .INI file. 675 Cannot read the maximum carrier BPS rate from the media .INI file. 676 The line is busy. 677 A person answered instead of a modem. 678 There is no answer. 679 Cannot detect carrier. 680 There is no dial tone. 681 General error reported by device. 682 ERROR WRITING SECTIONNAME 683 ERROR WRITING DEVICETYPE 684 ERROR WRITING DEVICENAME 685 ERROR WRITING MAXCONNECTBPS 686 ERROR WRITING MAXCARRIERBPS 687 ERROR WRITING USAGE 688 ERROR WRITING DEFAULTOFF 689 ERROR READING DEFAULTOFF 690 ERROR EMPTY INI FILE 691 Access denied because username and/or password is invalid on the domain. 692 Hardware failure in port or attached device. 693 ERROR NOT BINARY MACRO 694 ERROR DCB NOT FOUND 695 ERROR STATE MACHINES NOT STARTED 696 ERROR STATE MACHINES ALREADY STARTED 697 ERROR PARTIAL RESPONSE LOOPING 698 A response keyname in the device .INF file is not in the expected format. 699 The device response caused buffer overflow. 700 The expanded command in the device .INF file is too long. 701 The device moved to a BPS rate not supported by the COM driver. 702 Device response received when none expected. 703 ERROR INTERACTIVE MODE 704 ERROR BAD CALLBACK NUMBER 705 ERROR INVALID AUTH STATE 706 ERROR WRITING INITBPS 707 X.25 diagnostic indication. 708 The account has expired. 709 Error changing password on domain. 710 Serial overrun errors were detected while communicating with your modem. 711 RasMan initialization failure. Check the event log. 712 Biplex port is initializing. Wait a few seconds and redial. 713 No active ISDN lines are available. 714 Not enough ISDN channels are available to make the call. 715 Too many errors occurred because of poor phone line quality. 716 The Remote Access IP configuration is unusable. 717 No IP addresses are available in the static pool of Remote Access IP addresses. 718 PPP timeout. 719 PPP terminated by remote machine. 720 No PPP control protocols configured. 721 Remote PPP peer is not responding. 722 The PPP packet is invalid. 723 The phone number, including prefix and suffix, is too long. 724 The IPX protocol cannot dial-out on the port because the computer is an IPX router. 725 The IPX protocol cannot dial-in on the port because the IPX router is not installed. 726 The IPX protocol cannot be used for dial-out on more than one port at a time. 727 Cannot access TCPCFG.DLL. 728 Cannot find an IP adapter bound to Remote Access. 729 SLIP cannot be used unless the IP protocol is installed. 730 Computer registration is not complete. 731 The protocol is not configured. 732 The PPP negotiation is not converging. 733 The PPP control protocol for this network protocol is not available on the server. 734 The PPP link control protocol terminated.. 735 The requested address was rejected by the server.. 736 The remote computer terminated the control protocol. 737 Loopback detected.. 738 The server did not assign an address. 739 The remote server cannot use the Windows NT encrypted password. 740 The TAPI devices configured for Remote Access failed to initialize or were not installed correctly. 741 The local computer does not support encryption. 742 The remote server does not support encryption. 743 The remote server requires encryption. 744 Cannot use the IPX net number assigned by the remote server. Check the event log. 745 ERROR_INVALID_SMM 746 ERROR_SMM_UNINITIALIZED 747 ERROR_NO_MAC_FOR_PORT 748 ERROR_SMM_TIMEOUT 749 ERROR_BAD_PHONE_NUMBER 750 ERROR_WRONG_MODULE 751 The callback number contains an invalid character. Only the following 18 characters are allowed: 0 to 9, T, P, W, (, ), -, @, and space 752 A syntax error was encountered while processing a script. 753 The connection could not be disconnected because it was created by the multi-protocol router. 754 The system could not find the multi-link bundle. 755 The system cannot perform automated dial because this connection has a custom dialer specified. 756 This connection is already being dialed. 757 Remote Access Services could not be started automatically. Additional information is provided in the event log. 758 Internet Connection Sharing is already enabled on the connection. 759 An error occurred while the existing Internet Connection Sharing settings were being changed. 760 An error occurred while routing capabilities were being enabled. 761 An error occurred while Internet Connection Sharing was being enabled for the connection. 762 An error occurred while the local network was being configured for sharing. 763 Internet Connection Sharing cannot be enabled. There is more than one LAN connection other than the connection to be shared. 764 No smart card reader is installed. 765 Internet Connection Sharing cannot be enabled. A LAN connection is already configured with the IP address that is required for automatic IP addressing. 766 A certificate could not be found. Connections that use the L2TP protocol over IPSec require the installation of a machine certificate, also known as a computer certificate. 767 Internet Connection Sharing cannot be enabled. The LAN connection selected as the private network has more than one IP [...]
Archive for May, 2011
AliveVPN OpenVPN account settings: After payment of OpenVPN package you’ll receive an email with your registration data of this type:Subject: Registration of AliveVPN account (Unlimited Bandwidth OpenVPN account / 1 day):10 day(s), account expires 05/25/2010 Your registration data: Arhive of keys files: v46-23085.tgz Password: zYlJmZy Account Expires: 05/25/2010 Download and install the OpenVPN GUI from here:http://openvpn.net/release/openvpn-2.1_rc15-install.exe Expand the archive with the keys and the settings in the folder with the settings of Open VPN GUI, by default it is this – “C:\Program Files\OpenVPN\config\”. As a result, in the settings directory should be the following files:07.04.2009 13:08 1 529 ca.crt 07.04.2009 13:08 424 dh2048.pem 07.04.2009 01:13 246 v46-23085.conf 07.04.2009 13:08 4 947 v46-23085.crt 07.04.2009 13:08 1 751 v46-23085.key 07.04.2009 01:13 238 v46-23085.ovpn Now you have to run the OpenVPN connection: Run the OpenVPN CUI program “C:\Program Files\OpenVPN\bin\openvpn-gui-1.0.3.exe” Double-click the tray icon appears in the OpenVPN GUI and enter in response to a request issued you a password. Your connection is established.
Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables the secure transfer of data from a remote client to a private enterprise server by creating a virtual private network (VPN) across TCP/IP-based data networks. PPTP supports on-demand, multi-protocol, virtual private networking over public networks, such as the Internet. Introduction Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables the secure transfer of data from a remote client to a private enterprise server by creating a virtual private network (VPN) across TCP/IP-based data networks. PPTP supports on-demand, multi-protocol, virtual private networking over public networks such as the Internet. The networking technology of PPTP is an extension of the remote access Point-to-Point protocol defined in the document by the Internet Engineering Task Force (IETF) titled “The Point-to-Point Protocol for the Transmission of Multi-Protocol Datagrams over Point-to-Point Links,” referred to as RFC 1171. PPTP is a network protocol that encapsulates PPP packets into IP datagrams for transmission over the Internet or other public TCP/IP-based networks. PPTP can also be used in private LAN-to-LAN networking. The PPTP extension of PPP is explained in the document titled “Point-to-Point Tunneling Protocol ,” PPTP draft-ietf – ppext – pptp – 00.Text. A draft of this document was submitted to the IETF in June, 1996 by the companies of the PPTP Forum, which includes Microsoft Corporation, Ascend Communications, 3Com/Primary Access, ECI Telematics, and US Robotics. PPTP and Virtual Private Networking The PPTP protocol is included with Windows NT® Server version 4.0 and Windows NT Workstation version 4.0 operating systems. Computers running these operating can use the PPTP protocol to securely connect to a private network as a remote access client by using a public data network such as the Internet. In other words, PPTP enables on-demand, virtual private networks over the Internet or other public TCP/IP-based data networks. PPTP can also be used by computers connected to a LAN to create a virtual private network across the LAN. An important feature in the use of PPTP is its support for virtual private networking by using public-switched telephone networks (PSTNs). PPTP simplifies and reduces the cost of deploying an enterprise-wide, remote access solution for remote or mobile users because it provides secure and encrypted communications over public telephone lines and the Internet. PPTP eliminates the need for expensive, leased-line or private enterprise-dedicated communication servers because you can use PPTP over PSTN lines. Generally, there are three computers involved in every PPTP deployment: a PPTP client a network access server a PPTP server The following section describes a typical PPTP scenario using these computers and explains how they relate to each other and then fully defines each of these components. Typical PPTP Scenario A typical deployment of PPTP starts with a remote or mobile PPTP client that needs access to a private enterprise LAN by using a local Internet Service Provider (ISP). Clients using computers running Windows NT Server version 4.0 or Windows NT Workstation version 4.0 use Dial-up Networking and the remote access protocol PPP to connect to an ISP. The client connects to a network access server (NAS) at the ISP facility. (Network access servers are also referred to as front-end processors (FEPs), dial-in servers or point-of-presence (POP) servers.) Once connected, the client can send and receive packets over the Internet. The network access server uses the TCP/IP protocol for all traffic to the Internet. After the client has made the initial PPP connection to the ISP, a second Dial-Up Networking call is made over the existing PPP connection. Data sent using this second connection is in the form of IP datagrams that contain PPP packets, referred to as encapsulated PPP packets. The second call creates the virtual private networking (VPN) connection to a PPTP server on the private enterprise LAN, this is referred to as a tunnel. This is shown in the following figure: Figure 1: – The PPTP Tunnel Tunneling is the process of sending packets to a computer on a private network by routing them over some other network, such as the Internet. The other network routers cannot access the computer that is on the private network. However, tunneling enables the routing network to transmit the packet to an intermediary computer, such as a PPTP server, that is connected to the both the routing network and the private network. Both the PPTP client and the PPTP server use tunneling to securely route packets to a computer on the private network by using routers that only know the address of the private network intermediary server. When the PPTP server receives the packet from the routing network, it sends it across the private network to the destination computer. The PPTP server does this by processing the PPTP packet to obtain the private network computer name or address information in the encapsulated PPP packet. Note that the encapsulated PPP packet can contain multi-protocol data such as TCP/IP, IPX, or NetBEUI protocols. Because the PPTP server is configured to communicate across the private network by using private network protocols, it is able to read multi-protocol packets. The following figure illustrates the multi-protocol support built-into PPTP. A packet sent from the PPTP client to the PPTP server passes through the PPTP tunnel to a destination computer on the private network. Figure 2: – Connecting a Dial-Up Networking PPTP Client to the Private Network PPTP encapsulates the encrypted and compressed PPP packets into IP datagrams for transmission over the Internet. These IP datagrams are routed over the Internet until they reach the PPTP server that is connected to the Internet and the private network. The PPTP server disassembles the IP datagram into a PPP packet and then decrypts the PPP packet using the network protocol of the private network. As mentioned earlier, the network protocols on the private network that are supported by PPTP are IPX, NetBEUI, or TCP/IP. PPTP Clients A computer that supports the PPTP network protocol, e.g., a Microsoft client, can connect to a PPTP server in two ways: by using an ISP’s network access server that supports inbound PPP connections by using a physical TCP/IP-enabled LAN connection to connect to a PPTP server PPTP clients that use an ISP’s network access server must be configured with a modem and a VPN device to make the separate connections to the ISP and the PPTP server. The first connection is a dial-up connection using the PPP protocol over the modem to an Internet service provider. The second connection is a VPN connection using PPTP, over the modem and the ISP connection, to tunnel across the Internet to a VPN device on the PPTP server. The second connection requires the first connection because the tunnel between the VPN devices is established by using the modem and PPP connection to the Internet. The exception to this two-connection requirement is using PPTP to create a virtual private network between computers physically connected to the private enterprise network LAN. In this scenario, a PPTP client is already connected to the network and only uses Dial-Up Networking with a VPN device to create the connection to a PPTP server on the LAN. PPTP packets from a remote access PPTP client and a local LAN PPTP client are processed differently. A PPTP packet from a remote access PPTP client is placed on the telecommunication device physical media, while the PPTP packet from a LAN PPTP client is placed on the network adapter physical media as illustrated in the following figure: Figure 3: – Placing a PPTP packet on the Network Media The figure above illustrates how PPTP encapsulates PPP packets and then places the outgoing PPTP packet on either a modem, ISDN, or LAN network media. Network Access Servers at an ISP ISPs use network access servers to support clients that dial in using a protocol, such as SLIP or PPP, to gain access to the Internet. However, to support PPTP-enabled clients, a network access server must provide PPP service. The ISP network access servers are designed and built to accommodate a high number of dial-in clients. Network access servers are built by companies such as 3Com, Ascend, ECI Telematics, and U.S. Robotics, that are members of the PPTP Forum. Note: An ISP that provides a PPTP service by using a PPTP-enabled network access server can support Windows+ 95, Windows NT versions 3.5 and 3.51, as well as third-party PPP clients, such as Apple Macintosh or UNIX. These clients can use a PPP connection to the ISP server. The ISP server acts as a PPTP client and connects to the PPTP server on the private network, creating a PPTP tunnel from the ISP server to the PPTP server. In this scenario, the PPTP architecture described in this document is fundamentally the same; however, all PPTP communication occurs between the network access server and PPTP server. Contact your ISP to see if they provide a PPTP service and how you need to configure PPP and Dial-Up Networking to access the ISP server that supports PPTP. PPTP Servers on the Private LAN PPTP servers are servers [...]
1. Choose Apple, System Preferences, and then click Network. 2. Click Add (+) at the bottom of the network connection services list. (if the lock at the bottom left hand corner of that window is locked, click it to activate the settings for Network) 3. Choose VPN from the “Interface” pop-up menu. “VPN Type” now shows up below this pop-up-menu. * Choose “PPTP” from the “VPN Type” pop-up menu. * Type in “AliveVPN” for the “Service Name”. 4. Type in “vpn.alivevpn.com” for the “Server Address”. * Type in your username for “Account Name”. * Choose “Automatic (128 bit or 40 bit)” for “Encryption”. 5. Click the Authentication Settings button. * Type in your password for the field that says “Password:” and click OK. 6. Click on the “Advanced…” button. 7. In the “Options” tab, make sure “Send all traffic over VPN connection” is marked and click OK. 8. Make sure “Show VPN status in menu bar” is marked and click “Apply”. 9. To connect, click on the “Connect” button. You should now be connected to the VPN network.
Virtual Private Networks (VPNs) have now become the de facto standard to provide a company’s partners or employees with remote access to corporate resources in a secure manner. In this tip, we attempt to explain the difference between two popular VPN types –IPSec VPN vs. SSL VPN — and how to decide between them. Before I delve into these two different types, however, a quick overview of VPN technologies is in order. VPN refers to the family of technologies that facilitate remote access to corporate resources. The primary users of this technology are company employees who want to access resources at work from their homes or other public places, and corporate partners/third parties who support various systems within the corporate infrastructure. VPNs typically leverage public long-haul IP networks to transmit data by creating an encrypted channel between the remote site, which could be an employee’s laptop or a third-party system, and the corporate network. Key technologies At present, the two most popular VPN technologies are the traditional Internet Protocol Security (IPsec)-based VPNs, which function primarily at the network layer, and Secure Sockets Layer (SSL) VPNs, which function primarily at the application layer. These differ in both the underlying technology used, the function they serve, as well as in the potential VPN security risks they present. IPsec was originally designed to provide point-to-point, always-on connections between remote sites and the central office resource. The clients in this case could be branch offices or vendors. The protocol is designed to work further down the network stack (layer 3) and can be used to transmit any IP-based protocol, irrespective of the application generating the traffic. With the advent of the mobile work force, IPsec has been extended to support remote access through the use of a dedicated VPN application (client) installed on the users’ mobile assets. SSL VPNs, on the other hand, were designed with the mobile workforce in mind. The intended goal was to provide a seamless, clientless method for remote access. An SSL VPN can be thought of as an application proxy, providing granular access to specific corporate resources that a remote user can access using his or her browser without the need to install a client. Strengths and weaknesses IPsec ‘s key strength lies in its ability to provide a permanent connection between locations. Working at the network layer (layer 3 of the network stack) also makes it application agnostic: Any IP-based protocol could be tunneled through it. This makes IPsec an attractive alternative to an expensive leased line or a dedicated circuit. It could also serve as a backup link in the event that the primary leased line or dedicated circuit connecting the remote site to the central office goes down. IPsec’s application-agnostic design is also its weakness, however. Though it provides authentication, authorization and encryption, while basically extending the corporate network to any remote user, it does not have the ability to restrict access to resources at a granular level. Once a tunnel is set up, remote users can typically access any corporate resource as if they were plugged directly into the corporate network. These security concerns are exacerbated because having a mobile workforce requires allowing non-managed IT assets like smartphones and home PCs to access corporate resources. These are assets that IT has no visibility into or control over, and there is no guarantee that these devices comply with the level of security that is typically enforced on managed assets. IPsec is also more involved to maintain. In addition to setting up the appliance to terminate the tunnels, additional configuration and maintenance are required to support the remote user population. In situations where corporations useNetwork Address Translation (NAT), special configuration is required to ensure IPsec plays nicely with the NAT setup. SSL VPNs, on the other hand, have been designed from the ground up to support remote access. They do not require any special software to be installed. Remote access is provided through a browser-based session using SSL. SSL VPNs also provide an enterprise with the ability to control access at a granular level. Specific authentication and authorization schemes for access to an application can be limited to a particular user population. Built-in logging and auditing capabilities address various compliance requirements. SSL VPNs also have the ability to run host compliance checks on the remote assets connecting to the enterprise to validate they are configured with the appropriate security software and have the latest patches installed. This does not mean SSL VPNs are the panacea to all of IPsec’s weaknesses. If a remote site requires an always-on link to the main office, SSL VPN would not be the solution. IPsec, being application agnostic, can support a number of legacy protocols and traditional client/server applications with minimal effort. This is not the case with SSL VPNs, which have been built around Web-based applications. Many SSL VPNs get around this weakness by installing a Java or ActiveX-based agent on the remote asset. This installation is typically achieved seamlessly after the remote asset has successfully authenticated to the SSL VPN appliance, though it should be noted that both ActiveX and Java come with their own security weaknesses that attackers commonly seek to exploit. IPsec or SSL VPNs? Each VPN method has its place in an enterprise. Ideally, as SSL and IPsec VPNs serve different purposes and complement each other, they should both be implemented. IPsec should be leveraged in situations where an always-on connection to remote office locations or partners/vendors is required. In these instances, granular access control limitations and missing host-check capabilities should be augmented with a Network Access Control (NAC) system, which can ensure only approved remote hosts are allowed to connect to the enterprise. Enterprises should leverage SSL VPNs primarily as a remote access method for the mobile workforce where granular access control capabilities, auditing and logging, and security policy enforcement are crucial. But, regardless of your VPN choice or specific needs, remember that a VPN must not only be updated, tested and monitored for performance, but also employed as part of a defense-in-depth strategy that utilizes comprehensive policies and a variety of network security technologies.
