RE: Problematic VPN Access via ISA2004
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 24 Aug 2005 08:38:27 -0500
Hi Anthony,
Your DNS setting are not correct! A whipping will be ready for you in
the morning.
Tom
www.isaserver.org
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
________________________________
From: Anthony Michaud [mailto:anthonym@xxxxxxxxxxxxxx]
Sent: Wednesday, August 24, 2005 8:34 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Problematic VPN Access via ISA2004
http://www.ISAserver.org
Hi Tom,
Disabling VPN client support (or enabling it) does not change
the status of the RRAS service. I'll disable in ISA, disable RRAS, then
enable.
DNS settings are "correct" as far as I know. Both NIC's have
DNS servers for internal / external servers respectively.
The Authentication (windows users) is listing a GUID, not
resolving the group name or Domain - so this may indicate an issue?
Any idea's on where to look next?
Anthony.
________________________________
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Wednesday, 24 August 2005 23:25
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Problematic VPN Access via
ISA2004
http://www.ISAserver.org
Hi Anthony,
Disable VPN client support in the ISA firewall console.
That should disable RRAS IIRC. If not, manually disable the RRAS server
and then configure VPN client connectivity in the ISA firewall console
again.
Also, what are the DNS settings on the ISA firewall
interfaces?
Tom
www.isaserver.org
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
________________________________
From: Anthony Michaud
[mailto:anthonym@xxxxxxxxxxxxxx]
Sent: Wednesday, August 24, 2005 8:19 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Problematic VPN Access
via ISA2004
http://www.ISAserver.org
Hi Tom,
Sorry - its getting close to midnight - those
would be the helpful details.
I have configured (and unconfigured) RRAS
services through the RRAS MMC snapin as part of fault finding. At one
stage I was able to have a VPN Connection inbound up and stable - but I
think that this may have been a fluke or a connection to the RRAS server
without ISA being involved (possibly during an ISA service restart).
I'm getting this event happening at every
connect attempt.
Logon Failure:
Reason: An error occurred during logon
User Name: HGS
Domain: ELGXINT
Logon Type: 3
Logon Process: IAS
Authentication Package:
MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name:
Status code: 0xC000005E
Substatus code: 0x0
Caller User Name: TOR$
Caller Domain: ELGXINT
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 836
Transited Services: -
Source Network Address: -
Source Port: -
Outbound is possibly related: I'm getting a
"Initiated Connection" to dest. port 1723, then the same to dest. port
0, then a closed connection almost immediately afterwards.
In addition to this, I'm finding Kerberos items
in the event log, that looks like
http://support.microsoft.com/?kbid=890477
<http://support.microsoft.com/?kbid=890477> although I'm not sure if
this is relevant.
I have not applied ISA SP1 this time around, but
it appears that the SP1 is not relevant.
Many thanks,
Anthony
________________________________
From: Thomas W Shinder
[mailto:tshinder@xxxxxxxxxxx]
Sent: Wednesday, 24 August 2005 23:08
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Problematic VPN
Access via ISA2004
http://www.ISAserver.org
Hi Anthony,
What ball are you following?
Where are you see failures?
thanks!
Tom
www.isaserver.org
Tom and Deb Shinder's Configuring ISA
Server 2004
http://tinyurl.com/3xqb7
<http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
________________________________
From: Anthony Michaud
[mailto:anthonym@xxxxxxxxxxxxxx]
Sent: Wednesday, August 24, 2005 8:00 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Problematic VPN
Access via ISA2004
http://www.ISAserver.org
Hi Guys,
Looking for some assistance, reference,
2x4 blocks of timber etc :)
I am attempting to configure VPN access
(inbound and outbound) on an ISA server 2004, running on a fresh W2k3
slipstreamed SP1 installation.
Celeron 2.6Ghz, 1Gb RAM,
<cough>realtek<cough> NIC's
Can someone point me at some detailed
documentation for setting this up? I'm following the bouncing ball (or
what I thought was the bouncing ball) and its hit a rock and I've now
lost the ball!
Any assistance would be greatly
appreciated.
Anthony.
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information
about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this
ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information
about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this
ISAserver.org Discussion List as: anthonym@xxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about
our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this
ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other
sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org
Discussion List as: anthonym@xxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
