Demand Dial VPN prevented by Client License limit?

Discussion in 'Windows Small Business Server' started by Nickonthemove, Jul 8, 2005.

  1. I setup a demand-dial VPN between a SBS2003 and Windows Server 2003 machine
    the other day and it worked perfectly - the first time at least. Since then,
    I can connect from the SBS2003 --> Win2003 machine fine, no problems, but
    when i initiate the connection from Win2003 --> SBS2003, the interface is
    'unrechable'.

    I checked the event viewer on the Win2003 machine and it said "No more
    connections can be made to this remote computer at this time because there
    are already as many connections as the computer can accept".

    There are enough ports available and there are no protocol filters setup so
    i was somewhat puzzled by it. I checked the SBS Event Viewer and got this:
    "No more connections can be made to this remote computer because the
    computer has exceeded its client license limit."

    Now, there are no other users accessing ANYTHING on the SBS2003 machine and
    I don't know why it thinks its exceeded its limit. If I stop the license
    logging service, I can connect fine, but i can't prevent the service from
    restarting otherwise the server shuts down.

    If anyone has any ideas i would be most grateful.

    Regards,

    Nick
     
    Nickonthemove, Jul 8, 2005
    #1
    1. Advertisements

  2. Hi Nick,

    Can you please provide the complete error messages with the event ID's? How
    many CAL's are installed on the SBS? How many VPN ports are configured in
    RRAS? How many nics in each server?

    --
    Regards,

    Marina Roos
    Microsoft SBS-MVP
    One of the Magical M&M's
    www.smallbizserver.net
    Take part in SBS forum:
    http://www.smallbizserver.net/Default.aspx?tabid=53
     
    Marina Roos [SBS-MVP], Jul 8, 2005
    #2
    1. Advertisements

  3. Hi Marina,

    The event ID on the machine attempting to connect is

    Event ID : 20111

    A Demand Dial connection to the remote interface Demand_Leeds on port VPN5-4
    was successfully initiated but failed to complete successfully because of the
    following error: No more connections can be made to this remote computer at
    this time because there are already as many connections as the computer can
    accept.


    The computer I am trying to connect to has this event ID in the event viewer:

    Event ID : 20097

    A user was unable to connect on port VPN5-4. No more connections can be made
    to this remote computer because the computer has exceeded its client license
    limit.

    In answer to your other questions:

    There are 2 NIC's in each server.
    There are 5 PPTP VPN ports configured on each machine.
    There are 10 installed licenses on the SBS machine.

    It definitely has something to do with the license logging, as when i stop
    the service i can connect fine. I don't know how i can be using licenses and
    why it isn't detecting the user as having disconnected.

    I cannot connect to the SBS machine at all now and receive the above Event
    ID's every time.

    Your help appreciated,

    Nick
     
    Nickonthemove, Jul 12, 2005
    #3
  4. I think i've found a solution to the problem but im still confused as to why
    this should be the case.

    Anyway, if I setup the Demand-Dial interfaces to have the same credentials
    at each end, so for example:

    Site A

    Interface name: VPN
    user: VPN
    pass: VPN

    Site B

    Interface name: VPN
    user: VPN
    pass: VPN

    This works fine. I can connect no problem and nothing is mentioned about
    the license limit being exceeded.

    If anyone could shed any light as to why this is the case, I would be very
    grateful. It may just be me being lazy and not researching properly how MS
    does its VPN's, but I don't see why the dial-out credentials matching the
    dial-in credentials would reduce the no. of connections.

    TIA

    Nick
     
    Nickonthemove, Jul 14, 2005
    #4
  5. Nickonthemove

    Andy Guest

    Hi Nick, I had this same problem maybe a year ago and I managed to confirm
    that the problem existed with four other people, I asked the same questions
    you did and interestingly, Marina asked me the very same questions you've
    been asked.

    This is a problem that definitely and without a doubt exists in SBS 2003.
    I got sick of the roundabout questions that I was being asked and solved my
    problem by buying a couple of draytek routers. I later found the same
    solution that you've found of duplicating the DOD and account names on both
    servers.

    I just wanted you to know that you are not alone with this problem or with
    your findings.

    Regards

    Andy
     
    Andy, Jul 14, 2005
    #5
  6. Hi Andy,

    Thanks for your reply. I was beginning to lose patience with the whole
    thing until i found the aforementioned workaround.

    I can't seem to find any documentation on it anywhere either on the VPN side
    of things or the concurrent connection side of things. Im going to have to
    settle with the single user id for now but it would be nice if Microsoft
    would either acknowledge it as a fault or if by design, explain why it did
    that!

    The closest documentation i can find with regards to VPN connection limits
    is with Server 2003 Web Ed. where it only allows a single DoD connection.

    Oh well, at least im not alone.

    Laters,

    Nick
     
    Nickonthemove, Jul 14, 2005
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.