RE: Problematic VPN Access via ISA2004
- From: "Anthony Michaud" <anthonym@xxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 24 Aug 2005 23:45:42 +1000
Gak! Ok, I'm going to re-read your article!
_____
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Wednesday, 24 August 2005 23:38
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Problematic VPN Access via ISA2004
http://www.ISAserver.org
Hi Anthony,
Your DNS setting are not correct! A whipping will be ready for
you in the morning.
Tom
www.isaserver.org
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
_____
From: Anthony Michaud [mailto:anthonym@xxxxxxxxxxxxxx]
Sent: Wednesday, August 24, 2005 8:34 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Problematic VPN Access via
ISA2004
http://www.ISAserver.org
Hi Tom,
Disabling VPN client support (or enabling it) does not
change the status of the RRAS service. I'll disable in ISA, disable
RRAS, then enable.
DNS settings are "correct" as far as I know. Both NIC's
have DNS servers for internal / external servers respectively.
The Authentication (windows users) is listing a GUID,
not resolving the group name or Domain - so this may indicate an issue?
Any idea's on where to look next?
Anthony.
_____
From: Thomas W Shinder
[mailto:tshinder@xxxxxxxxxxx]
Sent: Wednesday, 24 August 2005 23:25
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Problematic VPN Access
via ISA2004
http://www.ISAserver.org
Hi Anthony,
Disable VPN client support in the ISA firewall
console. That should disable RRAS IIRC. If not, manually disable the
RRAS server and then configure VPN client connectivity in the ISA
firewall console again.
Also, what are the DNS settings on the ISA
firewall interfaces?
Tom
www.isaserver.org
Tom and Deb Shinder's Configuring ISA Server
2004
http://tinyurl.com/3xqb7
<http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
_____
From: Anthony Michaud
[mailto:anthonym@xxxxxxxxxxxxxx]
Sent: Wednesday, August 24, 2005 8:19 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Problematic VPN
Access via ISA2004
http://www.ISAserver.org
Hi Tom,
Sorry - its getting close to midnight -
those would be the helpful details.
I have configured (and unconfigured)
RRAS services through the RRAS MMC snapin as part of fault finding. At
one stage I was able to have a VPN Connection inbound up and stable -
but I think that this may have been a fluke or a connection to the RRAS
server without ISA being involved (possibly during an ISA service
restart).
I'm getting this event happening at
every connect attempt.
Logon Failure:
Reason: An error occurred during
logon
User Name: HGS
Domain: ELGXINT
Logon Type: 3
Logon Process: IAS
Authentication Package:
MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name:
Status code: 0xC000005E
Substatus code: 0x0
Caller User Name: TOR$
Caller Domain: ELGXINT
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 836
Transited Services: -
Source Network Address: -
Source Port: -
Outbound is possibly related: I'm
getting a "Initiated Connection" to dest. port 1723, then the same to
dest. port 0, then a closed connection almost immediately afterwards.
In addition to this, I'm finding
Kerberos items in the event log, that looks like
http://support.microsoft.com/?kbid=890477
<http://support.microsoft.com/?kbid=890477> although I'm not sure if
this is relevant.
I have not applied ISA SP1 this time
around, but it appears that the SP1 is not relevant.
Many thanks,
Anthony
_____
From: Thomas W Shinder
[mailto:tshinder@xxxxxxxxxxx]
Sent: Wednesday, 24 August 2005 23:08
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Problematic VPN
Access via ISA2004
http://www.ISAserver.org
Hi Anthony,
What ball are you following?
Where are you see failures?
thanks!
Tom
www.isaserver.org
Tom and Deb Shinder's Configuring ISA
Server 2004
http://tinyurl.com/3xqb7
<http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
_____
From: Anthony Michaud
[mailto:anthonym@xxxxxxxxxxxxxx]
Sent: Wednesday, August 24, 2005 8:00 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Problematic VPN
Access via ISA2004
http://www.ISAserver.org
Hi Guys,
Looking for some assistance, reference,
2x4 blocks of timber etc :)
I am attempting to configure VPN access
(inbound and outbound) on an ISA server 2004, running on a fresh W2k3
slipstreamed SP1 installation.
Celeron 2.6Ghz, 1Gb RAM,
<cough>realtek<cough> NIC's
Can someone point me at some detailed
documentation for setting this up? I'm following the bouncing ball (or
what I thought was the bouncing ball) and its hit a rock and I've now
lost the ball!
Any assistance would be greatly
appreciated.
Anthony.
Other related posts:
