[isalist] Re: VPN Connection

That did the trick... Thanks again!

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Ball, Dan
Sent: Monday, November 16, 2009 12:52 PM
To: 'isalist@xxxxxxxxxxxxx'
Subject: [isalist] Re: VPN Connection

Okay, thanks, I'll test that out tonight.

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Jim Harrison
Sent: Monday, November 16, 2009 12:22 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: VPN Connection

Try this at the ISA:

1. open RegEdit
2. navigate to HKLM\System\CurrentControlSet\Services\Tcpip\Parameters
3. edit the ReservedPorts vaue and add 1723 at the end of the list (DO NOT 
REPLACE EXISTING ENTRIES)
4. reboot the ISA


________________________________
From: isalist-bounce@xxxxxxxxxxxxx [isalist-bounce@xxxxxxxxxxxxx] On Behalf Of 
Ball, Dan [DBall@xxxxxxxxxxx]
Sent: Monday, November 16, 2009 8:47 AM
To: 'isalist@xxxxxxxxxxxxx'
Subject: [isalist] Re: VPN Connection
PPTP

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Jim Harrison
Sent: Monday, November 16, 2009 11:41 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: VPN Connection

Just for S&G; what VPN protocol is in use?

________________________________
From: isalist-bounce@xxxxxxxxxxxxx [isalist-bounce@xxxxxxxxxxxxx] On Behalf Of 
Ball, Dan [DBall@xxxxxxxxxxx]
Sent: Monday, November 16, 2009 6:52 AM
To: 'isalist@xxxxxxxxxxxxx'
Subject: [isalist] Re: VPN Connection
Well, the reboot is definitely the catalyst.  I rebooted it this weekend, and 
have had no VPN access since.  I checked for the RRAS logs, but still see no 
logs at all from RRAS in the specified folder (does the service have to restart 
before the log is written?).  I checked the security log and there is nothing 
in there when I make a VPN attempt, so it doesn't look like it is making it 
past RRAS.

Is there anything I can try before I restart RRAS?


From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Ball, Dan
Sent: Friday, November 13, 2009 1:30 PM
To: 'isalist@xxxxxxxxxxxxx'
Subject: [isalist] Re: VPN Connection

RRAS is configured to use the C:\WINDOWS\system32\LogFiles directory, but when 
I looked in there it was empty.  I have since enabled the logging of 
Authentication Requests (from within the RRAS console), so hopefully this will 
record something next time around.

Sorry I don't have much info to work with...   I've set the server to reboot 
itself tonight, so will do some testing this weekend on it (had busy nights 
this week).


From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Jim Harrison
Sent: Friday, November 13, 2009 11:23 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: VPN Connection

What about the RRAS logs?
Normally, they're located in %windir%\tracing...

Jim

________________________________
From: isalist-bounce@xxxxxxxxxxxxx [isalist-bounce@xxxxxxxxxxxxx] On Behalf Of 
Ball, Dan [DBall@xxxxxxxxxxx]
Sent: Wednesday, November 11, 2009 6:36 AM
To: 'isalist@xxxxxxxxxxxxx'
Subject: [isalist] Re: VPN Connection
Not much there either... In the logs I see the server reboot, RRAS service 
starts, it gets an IP address to use, but I don't see any other messages.
Note: The security log doesn't go back far enough, so I'll have to wait until 
it happens again see if there is anything in that log.


From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Jim Harrison
Sent: Tuesday, November 10, 2009 4:13 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: VPN Connection

WSACONNREFUSED indicates that the RRAS service is not accepting new connections.
What do you find from Routing & Remote Access in the event logs?
________________________________
From: Ball, Dan <DBall@xxxxxxxxxxx>
Sent: Monday, November 09, 2009 10:44
To: 'isalist@xxxxxxxxxxxxx' <isalist@xxxxxxxxxxxxx>
Subject: [isalist] Re: VPN Connection
Well, the ISA traffic monitor shows that the "[System] Allow VPN client traffic 
to ISA Server" rule generates a "0x8007274d WSAECONNREFUSED" error, but that is 
about all I could find.

Since I'm not exactly sure what time the problems start (we don't use VPN every 
day) I don't know about the event log.  I'll have to try rebooting it tonight 
and see if it quits working upon reboot.


From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Jim Harrison
Sent: Monday, November 09, 2009 11:02 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: VPN Connection

Dan,

It should be "manual", because the firewall service manages its state.
When you say "not going through" - what exactly is happening?
What do  you see in the RRAS, ISA or event logs at the time the problems start?

Jim

________________________________
From: isalist-bounce@xxxxxxxxxxxxx [isalist-bounce@xxxxxxxxxxxxx] On Behalf Of 
Ball, Dan [DBall@xxxxxxxxxxx]
Sent: Monday, November 09, 2009 4:36 AM
To: 'isalist@xxxxxxxxxxxxx'
Subject: [isalist] VPN Connection
A few times over the last couple of months I've had problems with the VPN 
connections not going through our ISA2006 server.  Each time, the problem 
appears to be in the Routing and Remote Access part of the server.   A restart 
of the RRAS service seems to fix it, but rebooting the entire server does not.  
I noticed the service is set to Manual startup, is this correct or is it 
supposed to be set to Automatic?


--------------------------------------------------
Dan Ball
Network and Systems Technician
Marquette Area Public Schools
1103 West College Avenue
Marquette, MI 49855
E-Mail: dball@xxxxxxxxxxx<UrlBlockedError.aspx>
Phone: (906)225-5779
Fax: (906)225-5377
--------------------------------------------------

Other related posts: