Windows Server Essentials 2016 VPN Access

By M_Lyons10
in Smart Home, Network & Security

 Share

Recommended Posts

Grand Master

M_Lyons10

Posted
Posted (edited)

I just upgraded our server with a Windows Server Essentials 2016 box and I can't seem to get the VPN to work.

 

So I wanted to ask on here.

 

I have a VPN Router that I AM able to connect to, but I don't have access to anything on the server.

 

I looked into the Anywhere Access, but that appears to require that I connect to the server from //server/connect and install the software, which bricked two computers and so I elected not to go that route. Instead I logged in to the server from the workstations. This works great while we're here, but not remotely. It DID work remotely prior to the upgrade.

 

Is there a setting I need to change to make the server accessible through my VPN router? If I'm connected to the router through VPN, I should have access to the server as if I'm here since that's the point of it...?

 

Any help is greatly appreciated.

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

I have read that like 3 times - can not make heads or tails other than your having problem..

 

You have a VPN router, and your trying to run VPN on your server?  Drawing would go a long way here!!!

Grand Master

Circaflex

Posted
Posted
1 hour ago, M_Lyons10 said:

I just upgraded our server with a Windows Server Essentials 2016 box and I can't seem to get the VPN to work.

 

So I wanted to ask on here.

 

I have a VPN Router that I AM able to connect to, but I don't have access to anything on the server.

 

I looked into the Anywhere Access, but that appears to require that I connect to the server from //server/connect and install the software, which bricked two computers and so I elected not to go that route. Instead I logged in to the server from the workstations. This works great while we're here, but not remotely. It DID work remotely prior to the upgrade.

 

Is there a setting I need to change to make the server accessible through my VPN router? If I'm connected to the router through VPN, I should have access to the server as if I'm here since that's the point of it...?

 

Any help is greatly appreciated.

Just to make sure I am reading this correctly, your issue is that while connected to the VPN you cannot access your server through explorer? If you connect to the VPN and use explorer, can you manually access the server by say entering \\servername or \\ip-of-surver? Do you have "Use default gateway on remote network." enabled or disabled?

Grand Master

M_Lyons10

Posted
  • Author
Posted

I'm sorry it took me so long to get back to this, I wanted to try to explain it better.

 

Now, my prior setup was like this.  I had a VPN router (SSL VPN to be specific) that was connected to the server (which was running WIndows Server 2003).  Remote computers would connect to the VPN Router and would then have access to any resources on the server just as they would if they were in the office (SQL Server databases, documents, etc.).  This worked extremely well.

 

Recently I upgraded the server to a Windows Server 2016 Essentials machine.  I have SQL Server up and running and I have set up shared storage for various things.  Now, whe we are in the office, we have access to all of these shared resources.  We have access to the SQL Server databases, we have access to and are able to save files back to the server's storage, etc.  However, when I connect remotely to the VPN Router, I do not have access to any of the resources on the server.  I don't have access to SQL Server or any of the storage.  When I try to browse to the server in file explorer, it can't find the server.  Even though, I'm connected to the same router that the office itself uses.

 

Now, it makes no sense to me why this would not be working, and didn't know if there's a setting on the server that would somehow prevent this?  But I see no reason why it shouldn't work. 

 

I also saw that Windows Server 2016 Essentials has a remote vpn setup where the server would handle all of this, but in reading through it, it looks like it requires the Windows Server Essentials Connector to be installed, which I have been unable to get working.  During initial setup, I got two computers to connect using the Connector, while two other computers were rendered unable to boot and required Windows to be reinstalled...  I'm not sure what the issue is with Connector, but I can't risk going through that again...

I hope that explains things better.  If I've left anything important out, please let me know and I will fill in the blanks.

 

Thanks again everyone for your help.

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

What server you running has ZERO to do with your vpn clients connecting to it.. ZERO!!!  I take it your still running this vpn router - what is it?  Are you tunnel the vpn clients via a different network or you using a tap sort of connection where the clients get an IP on the same L2?

 

Your not going to be able to do "browsing" to a file share if your on a different L2.. You would have to access via \\ipaddress or \\fqdn that resolves to the IP.

 

If your on a different network you would also have to worry about the the servers firewall not allowing access to remote networks.

 

edit:  I also question where does this vpn router sit?  Is it just your router, or some other you added?  Which if so then without routing on the server telling it how to get to the vpn tunnel network you would never be able to talk to the server because of asymmetrical routing..

 

So again going to ask for a DRAWING!!

Grand Master

M_Lyons10

Posted
  • Author
Posted
On 9/16/2018 at 10:08 AM, BudMan said:

What server you running has ZERO to do with your vpn clients connecting to it.. ZERO!!!  I take it your still running this vpn router - what is it?  Are you tunnel the vpn clients via a different network or you using a tap sort of connection where the clients get an IP on the same L2?

 

Your not going to be able to do "browsing" to a file share if your on a different L2.. You would have to access via \\ipaddress or \\fqdn that resolves to the IP.

 

If your on a different network you would also have to worry about the the servers firewall not allowing access to remote networks.

 

edit:  I also question where does this vpn router sit?  Is it just your router, or some other you added?  Which if so then without routing on the server telling it how to get to the vpn tunnel network you would never be able to talk to the server because of asymmetrical routing..

 

So again going to ask for a DRAWING!!

I've attached a drawing of the network.  It's really not a complex setup at all.

There aren't multiple routers.  These computers remoting in are not on different networks.  The VPN Router is a Vigor product from Draytek and shows these remote computers as being connected (these computers recognize that they are connected as well).  However they do not have access to resources on the server.

 

The server is hard wired to the router.

 

All computers are wireless (when local) and connected through the internet (when remote).

 

I hope this helps my explanation make sense.

 

CCI09202018.jpg

Grand Master

+BudMan MVC

Posted
  • MVC
Posted
13 hours ago, M_Lyons10 said:

connected (these computers recognize that they are connected as well).

Connected to what?  The tunnel network?  What IP does the client get.. The vigor support multiple types of vpn - which one are you using?

 

https://www.draytek.com/en/faq/faq-vpn/vpn.host-to-lan/windows-10-built-in-vpn-to-vigor-router/

 

These instructions are HORRIFIC!!! They have you enable PPTP.. JFC!!  That has not been secure for YEARS and YEARS... Please tell me you do not have that enabled..

 

See the tunnel network 192.168.46.. What does your client get for its IP when it connects.. simple ipconfig /all will show this.. Unless you are doing a bridged, layer 2 network where the client gets the same IP network as the server is on - your not going to be able "browse" for anything.. And again if your IP is different than your servers - its firewall is not going to allow you to talk to it.  So either you have to set that int he server, or you would have to be doing a bridged L2 connection or you would have to source nat the connection.

 

Grand Master

M_Lyons10

Posted
  • Author
Posted
On 9/21/2018 at 6:30 AM, BudMan said:

Connected to what?  The tunnel network?  What IP does the client get.. The vigor support multiple types of vpn - which one are you using?

 

https://www.draytek.com/en/faq/faq-vpn/vpn.host-to-lan/windows-10-built-in-vpn-to-vigor-router/

 

These instructions are HORRIFIC!!! They have you enable PPTP.. JFC!!  That has not been secure for YEARS and YEARS... Please tell me you do not have that enabled..

 

See the tunnel network 192.168.46.. What does your client get for its IP when it connects.. simple ipconfig /all will show this.. Unless you are doing a bridged, layer 2 network where the client gets the same IP network as the server is on - your not going to be able "browse" for anything.. And again if your IP is different than your servers - its firewall is not going to allow you to talk to it.  So either you have to set that int he server, or you would have to be doing a bridged L2 connection or you would have to source nat the connection.

 

Connected to the network.  Connected to the router.  Connected to other computers on the network.

 

Nothing in the entire setup changed other than the Server.  The router is the same, the computers are the same.  Every computer is able to connect to the router both locally and through VPN.  They just can't connect to the server when working remote.

 

I will log in remotely and get you the ip addresses and everything, but the computers are connecting to the router without any issue whatsoever. 

 

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • Save 31% on Samsung T7 Portable SSD

      By +Warwagon · Posted

      A few years ago walmart had the 512 models on clearance for $35. I bought 3 of them. I should have purchased more.
    • Should Microsoft be forced to stop promoting Edge over other browsers?

      By +virtorio · Posted

      I'm fine with a little reasonable promotion of Edge, but the degree which they do it right now I consider extremely unreasonable. 
    • Microsoft AI boss no longer believes that AI will replace human workers

      By David Uzondu · Posted

      Microsoft AI boss no longer believes that AI will replace human workers by David Uzondu Mustafa Suleyman, the head of Microsoft AI, recently took back his statements concerning white-collar jobs that he gave to the Financial Times in an interview made back in February, where he claimed that AI would replace office workers within 12 to 18 months. On Monday's episode of The Verge's Decoder, Suleyman recast the technology as more like a helpmate than a tool designed to take over your job. He explained that smaller office duties will "increasingly become digitized, automated" as people generate more digital materials. During the discussion, Suleyman emphasized a "very important distinction" between "tasks" and "jobs" to clarify his previous claims. He argued that his earlier comments only referred to individual actions that people perform at their desks. Suleyman used to work for DeepMind, the research lab he co-founded in 2010 alongside Demis Hassabis and Shane Legg, before he left in 2022 to establish Inflection AI and build an empathetic digital assistant. Microsoft hired him in March 2024 to lead its newly formed "Microsoft AI" division, placing him in charge of consumer products like Copilot, Bing, and Edge. His February comments also detailed plans for Microsoft to achieve self-sufficiency with a $140 billion infrastructure budget to train frontier models, predicting that creating a customized AI will soon feel like creating a podcast or a new blog: The 41-year-old is not the only AI executive who's softened his "AI will replace you" stance. OpenAI's CEO, Sam Altman, last month used X to push back against employment panic by arguing that his startup builds tools to assist humans rather than build replacements. He had previously garnered backlash by suggesting that many modern office roles that AI might replace did not qualify as "real work" in the first place, at least when you compare desk jobs to physical, historical labor like farming.
    • Adobe Acrobat Reader DC 2026.001.21662

      By Copernic · Posted

      Adobe Acrobat Reader DC 2026.001.21662 by Razvan Serea Adobe Acrobat Reader DC software is the free, trusted standard for viewing, printing, signing, and annotating PDFs. Its the only PDF viewer that can open and interact with all types of PDF content – including forms and multimedia. It’s connected to Adobe Document Cloud – so you can work with PDFs on computers and mobile devices. Adobe Document Cloud is a revolutionary, modern and efficient way to get work done with documents in the office, at home or on-the-go. At the heart of Document Cloud is the all-new Adobe Acrobat DC, which will take e-signatures mainstream by delivering free e-signing with every individual subscription. Document Cloud includes a set of integrated services that use a consistent online profile and personal document hub. With Adobe Document Cloud, people will be able to create, review, approve, sign and track documents whether on a desktop or mobile device. Businesses will be able to take advantage of Document Cloud for enterprise which provides enterprise-class document services that integrate into systems of record such as CRM, HCM, CLM, and CMS, adding speed, efficiency and transparency to getting business done with documents. Adobe Acrobat Reader DC new feature highlights: Work with PDFs from anywhere with the new, free Acrobat DC mobile app for Android or iOS. Select functionality is also available on Windows Phone. Use the new Fill & Sign tool in your desktop software to complete PDF forms fast with smart autofill. Download the free Adobe Fill & Sign mobile app to add the same option to your iPad or Android tablet device. Save money on ink and toner when printing from your Windows PC. Store and access files in Adobe Document Cloud with 5GB of free storage. Get instant access to recent files across desktop, web, and mobile devices with Mobile Link. Sync your Fill & Sign autofill collection across desktop, web, and iPad devices. Adobe PDF Pack premium features includes: Convert documents and images to PDF files. Use your mobile device camera to take a picture of a paper document or form and convert it to PDF. Turn PDFs into editable Microsoft Word, Excel, PowerPoint, or RTF files. Combine multiple files into a single PDF (web only). Get signatures from others with a complete e-signature service. Send, track, and confirm delivery of documents electronically instead of using fax or overnight services (tracking not available on mobile). Store and access files online with 20GB of storage. Download: Adobe Acrobat Reader DC 64-bit | 719.0 MB (Freeware) Link: Adobe Acrobat Reader DC Home Page | Release Notes | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Meta will now use data from outside businesses to personalize AI responses

      By David Uzondu · Posted

      Meta will now use data from outside businesses to personalize AI responses by David Uzondu In an update that's rolling out globally (except in a handful of countries), Meta will use your data from outside businesses to personalize your AI responses and your primary feeds. Meta already utilizes your shopping activity to target ads, but the company now plans to expand this tracking to personalize other "parts of your experience" like feed algorithms and AI assistant chats. The company is replacing the two settings ("Your activity off Meta technologies" and "Activity from other businesses") that currently let you disconnect off-platform activity with a single, renamed setting called Activity from other businesses. If you don't want Meta to manipulate your feed and AI responses using your outside history, you can just turn the Activity from other businesses setting off in your account settings. This toggle resides within your Accounts Center, applying your choice to every connected profile. Turning this off will not stop companies from sending your data to Meta. The company will still collect your web interactions, but it only uses them to train products, while still accessing external accounts you connect. When The Verge spoke to Meta spokesperson Emil Vazquez, the representative said that this update will exclude several locations at launch, including the European region, the UK, Brazil, Thailand, South Africa, Turkey, South Korea, Ecuador, Nigeria, and Kenya. The new update comes at a time when the social media giant is recovering from a major PR disaster involving generative AI. Last week, there was a huge security issue on Instagram where attackers figured out a way to trick Meta AI into handing over account ownership (even if the victim had 2FA enabled). Some of the affected accounts include the dormant Obama White House profile, cosmetics brand Sephora, the Chief Master Sergeant of the Space Force, and security researcher Jane Manchun Wong. Internally, the company also had to scale back plans on its Model Capability Initiative (MCI), an employee-monitoring program designed to train corporate AI models by recording worker keystrokes and screen activity, after employees raised privacy concerns and complained about severe battery life drain.

  • Recent Achievements

    • One Year In
      Primer1st earned a badge
      One Year In
    • Experienced
      JayZJay went up a rank
      Experienced
    • Reacting Well
      Sir_Timbit earned a badge
      Reacting Well
    • Week One Done
      rubentuben8 earned a badge
      Week One Done
    • Week One Done
      ARaclen earned a badge
      Week One Done

  • Popular Contributors

    1. 1
      +primortal
      512
    2. 2
      PsYcHoKiLLa
      229
    3. 3
      Edouard
      134
    4. 4
      ATLien_0
      87
    5. 5
      Steven P.
      80
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!