[isalist] Re: VPN Connection
- From: Jim Harrison <Jim@xxxxxxxxxxxx>
- To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 23 Nov 2009 18:00:36 -0800
er...
How did you assemble the two?
Yes, there is a problem with having RDP listening on the external interface if
you also have a server publishing listener configured to do the same (race
condition), but where does this have any relationship to PPTP VPN failures?
Jim
________________________________
From: isalist-bounce@xxxxxxxxxxxxx [isalist-bounce@xxxxxxxxxxxxx] On Behalf Of
Paul T. Laudenslager [paul@xxxxxxxxxxxxxxxx]
Sent: Monday, November 23, 2009 4:08 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: VPN Connection
This is the old dreaded multiple NICs selected for Remote Desktop into ISA.
When our server would be rebooted (like a power outage), we could not longer
connect properly with RD and VPN’s stopped working as well. Restarting the
firewall/routing services seemed to get everything working but doing a
start/shutdown/restart would NOT resolve the issue.
I believe, from what I’ve read, if you tell Terminal Services to only respond
on the Internal NIC card, this problem goes away. However, I like connecting
to the outside IP (from remote). So each time I have a problem, I have to
remote in to a server BEHIND the firewall and restart the services on the
firewall itself. It’s a pain, but doesn’t happen often. Only when the server
reboots does it appear… ie. Microsoft forces a reboot on the server for
updates even when you tell it NOT to… go figure.
Having the services only responding to one NIC should resolve your VPN issue…
Hopefully... <grin>
Your friend,
-paul
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Ball, Dan
Sent: Friday, November 13, 2009 1:30 PM
To: 'isalist@xxxxxxxxxxxxx'
Subject: [isalist] Re: VPN Connection
RRAS is configured to use the C:\WINDOWS\system32\LogFiles directory, but when
I looked in there it was empty. I have since enabled the logging of
Authentication Requests (from within the RRAS console), so hopefully this will
record something next time around.
Sorry I don’t have much info to work with… I’ve set the server to reboot
itself tonight, so will do some testing this weekend on it (had busy nights
this week).
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Jim Harrison
Sent: Friday, November 13, 2009 11:23 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: VPN Connection
What about the RRAS logs?
Normally, they're located in %windir%\tracing...
Jim
________________________________
From: isalist-bounce@xxxxxxxxxxxxx [isalist-bounce@xxxxxxxxxxxxx] On Behalf Of
Ball, Dan [DBall@xxxxxxxxxxx]
Sent: Wednesday, November 11, 2009 6:36 AM
To: 'isalist@xxxxxxxxxxxxx'
Subject: [isalist] Re: VPN Connection
Not much there either… In the logs I see the server reboot, RRAS service
starts, it gets an IP address to use, but I don’t see any other messages.
Note: The security log doesn’t go back far enough, so I’ll have to wait until
it happens again see if there is anything in that log.
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Jim Harrison
Sent: Tuesday, November 10, 2009 4:13 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: VPN Connection
WSACONNREFUSED indicates that the RRAS service is not accepting new connections.
What do you find from Routing & Remote Access in the event logs?
________________________________
From: Ball, Dan <DBall@xxxxxxxxxxx>
Sent: Monday, November 09, 2009 10:44
To: 'isalist@xxxxxxxxxxxxx' <isalist@xxxxxxxxxxxxx>
Subject: [isalist] Re: VPN Connection
Well, the ISA traffic monitor shows that the “[System] Allow VPN client traffic
to ISA Server” rule generates a “0x8007274d WSAECONNREFUSED” error, but that is
about all I could find.
Since I’m not exactly sure what time the problems start (we don’t use VPN every
day) I don’t know about the event log. I’ll have to try rebooting it tonight
and see if it quits working upon reboot.
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Jim Harrison
Sent: Monday, November 09, 2009 11:02 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: VPN Connection
Dan,
It should be "manual", because the firewall service manages its state.
When you say "not going through" - what exactly is happening?
What do you see in the RRAS, ISA or event logs at the time the problems start?
Jim
________________________________
From: isalist-bounce@xxxxxxxxxxxxx [isalist-bounce@xxxxxxxxxxxxx] On Behalf Of
Ball, Dan [DBall@xxxxxxxxxxx]
Sent: Monday, November 09, 2009 4:36 AM
To: 'isalist@xxxxxxxxxxxxx'
Subject: [isalist] VPN Connection
A few times over the last couple of months I’ve had problems with the VPN
connections not going through our ISA2006 server. Each time, the problem
appears to be in the Routing and Remote Access part of the server. A restart
of the RRAS service seems to fix it, but rebooting the entire server does not.
I noticed the service is set to Manual startup, is this correct or is it
supposed to be set to Automatic?
--------------------------------------------------
Dan Ball
Network and Systems Technician
Marquette Area Public Schools
1103 West College Avenue
Marquette, MI 49855
E-Mail: dball@xxxxxxxxxxx<UrlBlockedError.aspx>
Phone: (906)225-5779
Fax: (906)225-5377
--------------------------------------------------
________________________________
This email is confidential and should only be read by the intended recipient.
Other related posts:
