PPTP VPN Web Client Connection Reset

Hello,

I am new in this field so, excuse me for my lack of knowledge.

My setup is on windows server 2008 r2 enterprise sp1, The VPN server and the Web server (IIS 7) are on the same machine.

We are hosting a PowerSCADA Expert v8.1 web server which is meant to be remotely accessed by VPN clients and when I navigate to its address as a VPN client I get "Connection Reset" in (Internet Explorer-Chrome), I believe it doesn't get me to the windows security login form, by investigating the log file we get those couple of unique entries:

2019-05-09 06:32:39 192.168.1.106 GET /citect - 80 - 192.168.1.106 Mozilla/5.0+(Windows+NT+10.0;+WOW64;+Trident/7.0;+rv:11.0)+like+Gecko 401 2 64 3697


2019-05-09 06:32:58 192.168.1.106 GET /citect - 80 - 192.168.1.106 Mozilla/5.0+(Windows+NT+10.0;+WOW64;+Trident/7.0;+rv:11.0)+like+Gecko 401 2 121 18907

Regarding that:

1-I can access other network devices web servers successfully when I am connected remotely as a VPN client and this web server can be accessed successfully by any local machine in the network.

2-The only error code we have in the log file is 401.2, I disabled the loopback check and we still have the same issue.

3-I can access the default IIS 7 website of the server as a VPN client but the welcome picture can't load.

4-The PPP adapter RAS interface of the server has a different IPv4 address with different subnet mask and every connected VPN client is assigned an IPv4 address within this different subnet mask, however I can ping and access all devices within the right subnet mask.

  • Code 401 could represent http error '401 - Unauthorized'. Could it be a firewall issue on the server or client?
    Can you access the web server from within the local network?
    Also, are you using a compatible Internet Explorer version on your client? Citect is very picky about that. Other browsers will not work in any case.
  • Thanks for your reply Mr.Patrick,

    1-According to my knowledge, error code "401.2" represents "logon failed due to server configuration" so,
    -We made sure that the citect webserver directory has a full control privilages for the specified active directory users.
    -We enabled all authentication methods of the webserver in the IIS7 server role configuration.
    -We made sure that the server firewall allows connection through port 80.

    2-Yes, I can seamlessly access the webserver within the local network.

    3-We are using Internet explorer 11 with all security and activex configurations required.
  • Hi Mohammed,

    I never had the exact setup as yours, so I'm not sure what it could be.
    Maybe just allowing port 80 in your firewall is not enough. You might consider performing a test with the firewall temporarily disabled, just to see if that helps.

    I'm quite certain that you have to allow some Citect ports (2080, 2082, 2084, 2085, 5482) for a Web Client to function properly, once you have logged in to the web server.