Until about a week ago, I had a functioning Site-to-Site VPN with BMEE
3.6 and a NW6SP4 Small Business master VPN server. Then last weekend I
had a disastrous attempt to upgrade to NW6.5 SBS, which ended with a
complete reinstall of NW6 SBS and a data restore from tape. Upgrading
to NW6.5 will have to wait until another day. I then patched my newly
installed NW6 up to SP5, and reinstalled BMEE 3.6 exactly as described
in Craig Johnson's tips. The VPN comes up, and the master VPN server
can ping to the slave VPN, but the slave VPN cannot ping to the master
VPN server, and no applications appear to connect to the master VPN
server from the slave VPN site. I'm hoping someone can figure out what
is going wrong, as I REALLY need to get this S2S VPN running again.

Here are the symptoms, info, etc.

1. Master VPN server can ping Slave VPN server across the VPTUNNEL, but
Slave VPN cannot ping Master VPN
2. No applications from slave VPN site can connect to master VPN server
across the VPTUNNEL.
3. NWADMIN reports that both Master and Slave VPN servers are
Up-to-Date, and each server is properly configured for its protected
networks. The private network on the Master VPN side is,
which correctly shows as the protected network for the Master VPN. The
private network on the slave VPN side is, which also
correctly shows as the protected network for the Slave VPN.
4. NWADMIN Activity for each server shows up green arrows for IPX, but
up purple arrows for IP. The stats reflect an established IPX
connection, but an unattached status for the IP connection. A review of
an acquired Audit Log occasionally shows a message that "A VPN
Site-to-Site license is not available" and/or "SKIP-Construction of SA
failed for peer SLAVE@Slave Public IP address."
5. Bootup on the master VPN server does show errors, as follows:

DXEVENT.NLM loads and waits. At this point Console.log shows a Timesync
event, which reports that Timesync is waiting for TCP/IP to be
initialized. It makes this report 4 or 5 times, then the next thing
appearing on console.log is a BM error:
"NBMLICENSE Manager. Unable to obtain a valid license.
Code=C0001008VPTUNNEL is decreased MTU to 1350 bytes because of buffer
size limitations."

There are a couple of other errors which show up in the bootup
console.log for the Master VPN:
NSSCOMN 3.05-741. Set parameters unable to be read.
pssStartup.c[534]. Level 2 Oplocks Enabled.
Loader cannot find public symbole WriteFile 64 for module NCPIP.NLM
Also Portal.NLM does not resolve or load, for some reason.

After Master VPN completes boot, the VPTUNNEL appears to be open one way
from the Master VPN to the Slave VPN. Messages periodically come up on
the console reporting that the IP call connection over the tunnel has
disconnnected, then immediately reports that the IP call connection is

I know I'm rambling, but I'm hoping something here can help someone
figure out what is going wrong. It looks like the biggest problem is
that TCPIP is not initializing fast enough for BM, but I don't know how
to slow it down. The BRDSRV and VPMASTER commands are at the end of
autoexec.ncf, although VPTUNNEL.LAN loads with the rest of the network

Anyone have any thoughts, ideas, etc???

Chip Reinhardt