Hi Anthony, Your DNS setting are not correct! A whipping will be ready for you in the morning. Tom www.isaserver.org Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls ________________________________ From: Anthony Michaud [mailto:anthonym@xxxxxxxxxxxxxx] Sent: Wednesday, August 24, 2005 8:34 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Problematic VPN Access via ISA2004 http://www.ISAserver.org Hi Tom, Disabling VPN client support (or enabling it) does not change the status of the RRAS service. I'll disable in ISA, disable RRAS, then enable. DNS settings are "correct" as far as I know. Both NIC's have DNS servers for internal / external servers respectively. The Authentication (windows users) is listing a GUID, not resolving the group name or Domain - so this may indicate an issue? Any idea's on where to look next? Anthony. ________________________________ From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Wednesday, 24 August 2005 23:25 To: [ISAserver.org Discussion List] Subject: [isalist] RE: Problematic VPN Access via ISA2004 http://www.ISAserver.org Hi Anthony, Disable VPN client support in the ISA firewall console. That should disable RRAS IIRC. If not, manually disable the RRAS server and then configure VPN client connectivity in the ISA firewall console again. Also, what are the DNS settings on the ISA firewall interfaces? Tom www.isaserver.org Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls ________________________________ From: Anthony Michaud [mailto:anthonym@xxxxxxxxxxxxxx] Sent: Wednesday, August 24, 2005 8:19 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Problematic VPN Access via ISA2004 http://www.ISAserver.org Hi Tom, Sorry - its getting close to midnight - those would be the helpful details. I have configured (and unconfigured) RRAS services through the RRAS MMC snapin as part of fault finding. At one stage I was able to have a VPN Connection inbound up and stable - but I think that this may have been a fluke or a connection to the RRAS server without ISA being involved (possibly during an ISA service restart). I'm getting this event happening at every connect attempt. Logon Failure: Reason: An error occurred during logon User Name: HGS Domain: ELGXINT Logon Type: 3 Logon Process: IAS Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Workstation Name: Status code: 0xC000005E Substatus code: 0x0 Caller User Name: TOR$ Caller Domain: ELGXINT Caller Logon ID: (0x0,0x3E7) Caller Process ID: 836 Transited Services: - Source Network Address: - Source Port: - Outbound is possibly related: I'm getting a "Initiated Connection" to dest. port 1723, then the same to dest. port 0, then a closed connection almost immediately afterwards. In addition to this, I'm finding Kerberos items in the event log, that looks like http://support.microsoft.com/?kbid=890477 <http://support.microsoft.com/?kbid=890477> although I'm not sure if this is relevant. I have not applied ISA SP1 this time around, but it appears that the SP1 is not relevant. Many thanks, Anthony ________________________________ From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Wednesday, 24 August 2005 23:08 To: [ISAserver.org Discussion List] Subject: [isalist] RE: Problematic VPN Access via ISA2004 http://www.ISAserver.org Hi Anthony, What ball are you following? Where are you see failures? thanks! Tom www.isaserver.org Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls ________________________________ From: Anthony Michaud [mailto:anthonym@xxxxxxxxxxxxxx] Sent: Wednesday, August 24, 2005 8:00 AM To: [ISAserver.org Discussion List] Subject: [isalist] Problematic VPN Access via ISA2004 http://www.ISAserver.org Hi Guys, Looking for some assistance, reference, 2x4 blocks of timber etc :) I am attempting to configure VPN access (inbound and outbound) on an ISA server 2004, running on a fresh W2k3 slipstreamed SP1 installation. Celeron 2.6Ghz, 1Gb RAM, <cough>realtek<cough> NIC's Can someone point me at some detailed documentation for setting this up? I'm following the bouncing ball (or what I thought was the bouncing ball) and its hit a rock and I've now lost the ball! Any assistance would be greatly appreciated. Anthony. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: anthonym@xxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: anthonym@xxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx