http://www.ISAserver.org ------------------------------------------------------- How do I get a dual-ended capture? Thanks, Rob -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Tuesday, January 15, 2008 11:38 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: VPN Client Connection Problem http://www.ISAserver.org ------------------------------------------------------- No, you're not - you're getting "0x80074e24 FWX_E_CONNECTION_KILLED", which is a clear indicator of PPTP protocol violation by one or both ends of the VPN tunnel. The "" code literally means "closed by application filter action". Get a dual-ended capture of this (best done at the ISA itself and I'll bet you I can find the packet where the problem occurred. Jim -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Rob Moore Sent: Tuesday, January 15, 2008 7:55 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: VPN Client Connection Problem http://www.ISAserver.org ------------------------------------------------------- Now I can't get the same behavior as yesterday. Yesterday, as I mentioned in my original post, I'd get an "Initiated" log entry, followed immediately by a "Closed" log entry, and then immediately by a "Denied" entry. Today I'm getting only two entries, "Initiated" and, about 30 seconds later, a "Closed" entry. The logs for those two are: Original Client IP Client Agent Authenticated Client Service Server Name Referring Server Destination Host Name Transport MIME Type Object Source Source Proxy Destination Proxy Bidirectional Client Host Name Filter Information Network Interface Raw IP Header Raw Payload GMT Log Time Source Port Processing Time Bytes Sent Bytes Received Result Code HTTP Status Code Cache Information Log Record Type Authentication Server Log Time Destination IP Destination Port Protocol Action Rule Client IP Client Username Source Network Destination Network HTTP Method URL Error Information 216.204.20.170 PHL-ISA3 - TCP - - 1/15/2008 3:41:35 PM 64093 31031 188 348 0x80074e24 FWX_E_CONNECTION_KILLED 0x0 Firewall - 1/15/2008 10:41:35 AM 172.17.200.20 1723 PPTP Server Closed Connection PPTP to PHL-UTILITY 216.204.20.170 External Internal - - 0x0 216.204.20.170 PHL-ISA3 - TCP - - 1/15/2008 3:41:04 PM 64093 0 0 0 0x0 ERROR_SUCCESS 0x0 Firewall - 1/15/2008 10:41:04 AM 172.17.200.20 1723 PPTP Server Initiated Connection PPTP to PHL-UTILITY 216.204.20.170 External Internal - - 0x0 I'm guessing that since this is only happening to this one person, it's something to do with his computer. But if we can figure out what it is by using the firewall, that's OK with me. Thanks for your help, Rob -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Tuesday, January 15, 2008 9:20 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: VPN Client Connection Problem http://www.ISAserver.org ------------------------------------------------------- Yano - you did. I guess I'm just getting to the point where I overlook "PPTP" Still; a look at the relevant log entries (start from "initiate") would help a lot. Even better would be network captures from both sides of ISA (NetMon 3 can do this). -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Rob Moore Sent: Tuesday, January 15, 2008 6:02 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: VPN Client Connection Problem http://www.ISAserver.org ------------------------------------------------------- I did mention in my original post that it was PPTP. Rob -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder Sent: Monday, January 14, 2008 10:39 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: VPN Client Connection Problem http://www.ISAserver.org ------------------------------------------------------- I'll bet a dollar it's a PPTP VPN :) -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Monday, January 14, 2008 8:07 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: VPN Client Connection Problem http://www.ISAserver.org ------------------------------------------------------- Can you include a couple of the log entries that indicate this traffic? "VPN" is too vague; is this IPSec, PPTP, SSL-VPN..? -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Rob Moore Sent: Monday, January 14, 2008 1:33 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] VPN Client Connection Problem Hello all- ISA 2006 Standard Windows Server 2003 I've got an odd problem. I have a guy using a Mac trying to connect to my VPN server. (The VPN server is a Windows server running behind the ISA server. It's a PPTP VPN.) When he tries to connect, he gets this error message: "The connection was terminated by the communication device. Please verify your settings and try again". We've tried recreating his VPN connector. We've tried connecting wired and wireless and from several different locations. I've also successfully connected to the VPN server using his account but from different computers, both Mac and PC. When I monitor my own successful connection attempt on the firewall, I get a single message that says the connection was initiated. When I monitor his unsuccessful connection attempt, I get three entries. First it says the connection was initiated. Then it says the connection was closed. Then I get a "Denied" entry in which it appears the ISA server is trying to send the request to the public IP address of the VPN server. The error is "0xc0040017 FWX_E_TCP_NOT_SYN_PACKET_DROPPED." I've tried Googling it and gotten a lot of stuff, some of it ISA related, some of it not. I also looked some in the archives of this list. Can anyone point me in the right direction? Thanks, Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Rob Moore Network Manager 215-241-7870 Help Desk: 800-500-AFSC ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx