[isalist] Re: VPN Connection
- From: "Ball, Dan" <DBall@xxxxxxxxxxx>
- To: "'isalist@xxxxxxxxxxxxx'" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 17 Nov 2009 07:22:06 -0500
That did the trick... Thanks again!
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Ball, Dan
Sent: Monday, November 16, 2009 12:52 PM
To: 'isalist@xxxxxxxxxxxxx'
Subject: [isalist] Re: VPN Connection
Okay, thanks, I'll test that out tonight.
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Jim Harrison
Sent: Monday, November 16, 2009 12:22 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: VPN Connection
Try this at the ISA:
1. open RegEdit
2. navigate to HKLM\System\CurrentControlSet\Services\Tcpip\Parameters
3. edit the ReservedPorts vaue and add 1723 at the end of the list (DO NOT
REPLACE EXISTING ENTRIES)
4. reboot the ISA
________________________________
From: isalist-bounce@xxxxxxxxxxxxx [isalist-bounce@xxxxxxxxxxxxx] On Behalf Of
Ball, Dan [DBall@xxxxxxxxxxx]
Sent: Monday, November 16, 2009 8:47 AM
To: 'isalist@xxxxxxxxxxxxx'
Subject: [isalist] Re: VPN Connection
PPTP
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Jim Harrison
Sent: Monday, November 16, 2009 11:41 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: VPN Connection
Just for S&G; what VPN protocol is in use?
________________________________
From: isalist-bounce@xxxxxxxxxxxxx [isalist-bounce@xxxxxxxxxxxxx] On Behalf Of
Ball, Dan [DBall@xxxxxxxxxxx]
Sent: Monday, November 16, 2009 6:52 AM
To: 'isalist@xxxxxxxxxxxxx'
Subject: [isalist] Re: VPN Connection
Well, the reboot is definitely the catalyst. I rebooted it this weekend, and
have had no VPN access since. I checked for the RRAS logs, but still see no
logs at all from RRAS in the specified folder (does the service have to restart
before the log is written?). I checked the security log and there is nothing
in there when I make a VPN attempt, so it doesn't look like it is making it
past RRAS.
Is there anything I can try before I restart RRAS?
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Ball, Dan
Sent: Friday, November 13, 2009 1:30 PM
To: 'isalist@xxxxxxxxxxxxx'
Subject: [isalist] Re: VPN Connection
RRAS is configured to use the C:\WINDOWS\system32\LogFiles directory, but when
I looked in there it was empty. I have since enabled the logging of
Authentication Requests (from within the RRAS console), so hopefully this will
record something next time around.
Sorry I don't have much info to work with... I've set the server to reboot
itself tonight, so will do some testing this weekend on it (had busy nights
this week).
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Jim Harrison
Sent: Friday, November 13, 2009 11:23 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: VPN Connection
What about the RRAS logs?
Normally, they're located in %windir%\tracing...
Jim
________________________________
From: isalist-bounce@xxxxxxxxxxxxx [isalist-bounce@xxxxxxxxxxxxx] On Behalf Of
Ball, Dan [DBall@xxxxxxxxxxx]
Sent: Wednesday, November 11, 2009 6:36 AM
To: 'isalist@xxxxxxxxxxxxx'
Subject: [isalist] Re: VPN Connection
Not much there either... In the logs I see the server reboot, RRAS service
starts, it gets an IP address to use, but I don't see any other messages.
Note: The security log doesn't go back far enough, so I'll have to wait until
it happens again see if there is anything in that log.
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Jim Harrison
Sent: Tuesday, November 10, 2009 4:13 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: VPN Connection
WSACONNREFUSED indicates that the RRAS service is not accepting new connections.
What do you find from Routing & Remote Access in the event logs?
________________________________
From: Ball, Dan <DBall@xxxxxxxxxxx>
Sent: Monday, November 09, 2009 10:44
To: 'isalist@xxxxxxxxxxxxx' <isalist@xxxxxxxxxxxxx>
Subject: [isalist] Re: VPN Connection
Well, the ISA traffic monitor shows that the "[System] Allow VPN client traffic
to ISA Server" rule generates a "0x8007274d WSAECONNREFUSED" error, but that is
about all I could find.
Since I'm not exactly sure what time the problems start (we don't use VPN every
day) I don't know about the event log. I'll have to try rebooting it tonight
and see if it quits working upon reboot.
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Jim Harrison
Sent: Monday, November 09, 2009 11:02 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: VPN Connection
Dan,
It should be "manual", because the firewall service manages its state.
When you say "not going through" - what exactly is happening?
What do you see in the RRAS, ISA or event logs at the time the problems start?
Jim
________________________________
From: isalist-bounce@xxxxxxxxxxxxx [isalist-bounce@xxxxxxxxxxxxx] On Behalf Of
Ball, Dan [DBall@xxxxxxxxxxx]
Sent: Monday, November 09, 2009 4:36 AM
To: 'isalist@xxxxxxxxxxxxx'
Subject: [isalist] VPN Connection
A few times over the last couple of months I've had problems with the VPN
connections not going through our ISA2006 server. Each time, the problem
appears to be in the Routing and Remote Access part of the server. A restart
of the RRAS service seems to fix it, but rebooting the entire server does not.
I noticed the service is set to Manual startup, is this correct or is it
supposed to be set to Automatic?
--------------------------------------------------
Dan Ball
Network and Systems Technician
Marquette Area Public Schools
1103 West College Avenue
Marquette, MI 49855
E-Mail: dball@xxxxxxxxxxx<UrlBlockedError.aspx>
Phone: (906)225-5779
Fax: (906)225-5377
--------------------------------------------------
Other related posts:
