-1

I have recently completed a P2V of a Win2008R2 server.

It had PPTP server vpn capability before conversion, but it appears something is now blocking / preventing the vpn connection.

If I try to connect to the VPN with a local virtualized windows client (on same ESXi server), it connects.

However clients that are not virtualized on the ESXi server cannot connect. After "Verifying user name and password" the connection times out with an Error 619. I can see the VPN port on the server shows "Authenticating"

All other file and print and security services work fine on this server. L2TP connections work on the server. (and yes I know L2TP is better than PPTP)

I saw a similar error posted about ESXi v5.5, where protocol 47 was being blocked, but nothing on v6.5.

I've subsequently built a new Win2K8R2 server in ESXi and also in Oracle VM using the exact same steps. The PPTP service works fine on Oracle, but again fails on ESXi.

Further process of elimination: It doesn't appear to be the ESXi firewall. Set default action to PASS and disabled firewall with no difference.

(via SSH ran following commands)

esxcli network firewall set -e false
esxcli network firewall set -d true
esxcli network firewall get
   Default Action: PASS
   Enabled: false
   Loaded: true

Any thoughts o wise ones?

Ken
  • 99
  • 2
  • 1
    The host firewall is for the host, not the guests. Changing the host firewall has no bearing on traffic to or from the virtual machines. – joeqwerty Dec 31 '17 at 17:50
  • Thanks for the comment. At my wits end so pulling at *every* string! – Ken Dec 31 '17 at 18:09
  • 1
    I've had some quirky results with network adapters when copying servers. One thing you can try is to set this environment variable: `SET DEVMGR_SHOW_NONPRESENT_DEVICES=1`, then run `devmgmt.msc`, and select View > Show Hidden Devices. If there are network adapters from the former physical server present, you may want to delete them, then restart to see if it helps. You should also confirm that the Windows Firewall service is running on the guest server. – Greg Askew Dec 31 '17 at 18:32
  • Thanks for the reply. Had done that with the P2V machine already, but the server that I built from scratch on ESXi shows the same symptom, whereas the Oracle VM box doesn't. It has to be something stupidly simple that I'm missing, but I can't find it! – Ken Dec 31 '17 at 19:04

1 Answers1

0

You need to enable (Accept) Promiscuous Mode on your vSwitch in order for VPN clients to connect to the VPN server on the virtual machine.

joeqwerty
  • 109,901
  • 6
  • 81
  • 172