Registered users    
MembershipMembership:
Latest New UserLatest:jenisa villarin
New TodayNew Today:12
New YesterdayNew Yesterday:10
User CountOverall:23322
Private messaging    
You must be logged in to use this module.
Top 10 posters    
NamePosts
Mariette Knap12893
Marina Roos12507
Eriq Neale2114
Stan Guinn1913
Michael Patrick1912
Robert Pearman1771
Nick Pieters1425
Stewart Brown616
william warren598
Kevin D.579
Welcome unauthorized visitor    
If you want to join us in the discussions on this forum you need to register first. Registration is free! If you are already a registered user please login to join the forum.
Small Business Server Support Forum    
Forums > Microsoft Small Business Server 2003 & 2000 > ISA Server 2004
Subject: Yet Another VPN Issue
Prev Next
You are not authorized to post a reply.

Author Messages
Andrew Vint User is Offline
United Kingdom
Member since
1/30/2007

Registered Users
Posts: 9
8/12/2007 01:39 PM  
Hi, I am having a problem with VPN access to a SBS 2003 system running ISA 2004. VPN access from an external source worked fine until i ran the CEIW, now i keep getting VPN access errors.
The setup of the server is two NIC's, one to the LAN and another direct connection to the internet with no ports blocked (checked with ISP) When i try to connect to the SBS server i get the following errors;
 ---------------------------------------------
Failed Connection Attempt
Log Type: Firewall Service
Status: No connection could be made because the target machine actively refused it
Rule: Allow VPN Client Traffic to ISA Server
Source: External (82.153.x.x:43343)
Destination: Local Host (80.194.x.x:1723)
Protocol: PPTP Initiated Connection
Log Type: Firewall Service
Status: No connection could be made because the target machine actively refused it
Rule: Inbound Access Rule
Source: External (82.153.x.x:500)
Destination: Local Host (80.194.x.x:500)
Protocol: IKE Client
---------------------------------------------
I have checked the inbound and outbound access rules in ISA and both are allowing PPTP, however it still does not work. Also i cannot see the rule 'Allow VPN Client Traffic to ISA Server' to check for the PPTP protocol ?!? I am totally lost so would appreciate some pointers, and before you ask please find the ipconfig /all shown below
---------------------------------------------
Windows IP Configuration
Host Name . . . . . . . . . . . . : one-svr1
Primary Dns Suffix . . . . . . . : ONEGroup.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : ONEGroup.local
 
Ethernet adapter Server Local Area Connection:
Connection-specific DNS Suffix . : ONEGroup.local
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE(NDIS VBD Client)
Physical Address. . . . . . . . . : 00-18-8B-3D-63-A7
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.2.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.2.2
Primary WINS Server . . . . . . . : 192.168.2.2
 
Ethernet adapter Server Wide Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : ASUS NX1001 Network Adapter #2
Physical Address. . . . . . . . . : 00-18-F3-7A-21-8D
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 80.194.x.x
Subnet Mask . . . . . . . . . . . : 255.255.255.192
Default Gateway . . . . . . . . . : 80.194.101.129
DNS Servers . . . . . . . . . . . : 193.38.113.3
194.117.157.4
NetBIOS over Tcpip. . . . . . . . : Disabled
---------------------------------------------
Thanks in advance Andrew Vint
Marina Roos User is Offline
The Netherlands
Member since
3/24/2005

Forum Admins
Posts: 12507
8/12/2007 05:34 PM  
Hi Andrew,
 
Did you run CEICW? Because the external nic is having the wrong DNS entries as those should point to the server IP 192.168.2.2. Furthermore you have the dreaded Broadcom 5708 nic which can be a big PITA. Check for updated drivers.
Marina Roos Smallbizserver.Net AdministratorMission accomplished. We have joined the branch office to our SBS 2003 Headquarters and have the same user experience on the branch office as we have on our local  network at the Headquarters. Want to know how? Signup up for a subscription and get instant access to the article series 'How to add an additional Domain Controller from a remote office to the SBS domain'
Andrew Vint User is Offline
United Kingdom
Member since
1/30/2007

Registered Users
Posts: 9
8/12/2007 10:54 PM  
Hi Marina,
 
Thanls fopr taking the time to get back to me.
 
I have done what you asked regarding the NIC driver and the DNS entry on the ASUS (WAN) card.
 
No joy i am afraid.
 
Andrew
Marina Roos User is Offline
The Netherlands
Member since
3/24/2005

Forum Admins
Posts: 12507
8/12/2007 10:57 PM  
Hi Andrew,
 
Did you rerun CEICW after that? What is the exact error you are getting on the remote client when vpn-ing in?
Marina Roos Smallbizserver.Net AdministratorMission accomplished. We have joined the branch office to our SBS 2003 Headquarters and have the same user experience on the branch office as we have on our local  network at the Headquarters. Want to know how? Signup up for a subscription and get instant access to the article series 'How to add an additional Domain Controller from a remote office to the SBS domain'
Andrew Vint User is Offline
United Kingdom
Member since
1/30/2007

Registered Users
Posts: 9
8/14/2007 12:18 PM  
Hi Marina,
 
I spent yesterday sorting out another problem on the box and the VPN access seems to be working again.
 
The Exchange installation had got all screwed up, messages were not being sent or recived and for some strange reason there was no events in the event log.
In the end i just reinstalled the exchange component from scratch and re-applied Service Pack 3.
 
Exchange and VPN seems to be working now but the IIS websites seem to be acting up.
 
I will run the CEIW today and see if that resolves the website problems.
 
If not this topic will take a change of direction :)
 
Thanks
 
Andrew 
Andrew Vint User is Offline
United Kingdom
Member since
1/30/2007

Registered Users
Posts: 9
8/16/2007 10:46 PM  
Right everything fixed but all the websites now.
 
I know there is a general rule of thumb that you NEVER re-install IIS on SBS, but somehow i think it has got all screwed up.
 
How would one go about ressurecting IIS ?!?
Marina Roos User is Offline
The Netherlands
Member since
3/24/2005

Forum Admins
Posts: 12507
8/17/2007 03:00 PM  
Hi Andrew,
 
Please, do not reinstall IIS. Elaborate on the errors you get. Does servername/exchange work? What about /remote? Do the Monitoring and Backup page show up? Does the companyweb work?
Marina Roos Smallbizserver.Net AdministratorMission accomplished. We have joined the branch office to our SBS 2003 Headquarters and have the same user experience on the branch office as we have on our local  network at the Headquarters. Want to know how? Signup up for a subscription and get instant access to the article series 'How to add an additional Domain Controller from a remote office to the SBS domain'
Andrew Vint User is Offline
United Kingdom
Member since
1/30/2007

Registered Users
Posts: 9
8/20/2007 07:11 PM  
Hi Marina,
 
Just to elaborate on your request please find details below;
 
All these IIS sites were accessed via the internal network
 
http://companyweb                     Works fine
http://servername                  Appears, but no pictures only placeholders
http://servername/remote      HTTP 403 error after certificate request
http://servername/exchange   seems to work fine
 
From the external interface ;
 
http://servername                  Connection times out
http://servername/remote       Connection Times Out
http://servername/exchange    Connection Times Out
 
Regards
 
Andrew
Marina Roos User is Offline
The Netherlands
Member since
3/24/2005

Forum Admins
Posts: 12507
8/21/2007 03:33 AM  
Hi Andrew,
 
Let's concentrate on getting it to work from inside first, as you will never get it working from outside with servername/remote anyway. Can you check if .Net 2 is installed and if yes, double check that all the SBS web sites are set to use .Net 1? Can you post a fresh ipconfig/all from the server and a client please?
Marina Roos Smallbizserver.Net AdministratorMission accomplished. We have joined the branch office to our SBS 2003 Headquarters and have the same user experience on the branch office as we have on our local  network at the Headquarters. Want to know how? Signup up for a subscription and get instant access to the article series 'How to add an additional Domain Controller from a remote office to the SBS domain'
Andrew Vint User is Offline
United Kingdom
Member since
1/30/2007

Registered Users
Posts: 9
8/21/2007 07:14 PM  
Hi Marina,
 
The normal non-ssl websites seem to be working fine, all the ones that require a certificate keep failing with HTTP error 403.
 
As requested please find the ipconfigs below;
 
-+ SERVER IPCONFIG +-
 
Windows IP Configuration
   Host Name . . . . . . . . . . . . : one-svr1
   Primary Dns Suffix  . . . . . . . : ONEGroup.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : ONEGroup.local
 
Ethernet adapter Server Local Area Connection:
   Connection-specific DNS Suffix  . : ONEGroup.local
   Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client)
   Physical Address. . . . . . . . . : 00-18-8B-3D-63-A7
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.2.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 192.168.2.2
   Primary WINS Server . . . . . . . : 192.168.2.2
 
Ethernet adapter Server Wide Area Connection:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : ASUS NX1001 Network Adapter
   Physical Address. . . . . . . . . : 00-18-F3-7A-21-8D
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 80.194.x.x
   Subnet Mask . . . . . . . . . . . : 255.255.255.192
   Default Gateway . . . . . . . . . : 80.194.x.x
   DNS Servers . . . . . . . . . . . : 192.168.2.2
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
-+ DESKTOP IPCONFIG +-
 
Windows IP Configuration
        Host Name . . . . . . . . . . . . : D00010UK
        Primary Dns Suffix  . . . . . . . : ONEGroup.local
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : ONEGroup.local
                                            ONEGroup.local
 
Ethernet adapter Local Area Connection:
        Connection-specific DNS Suffix  . : ONEGroup.local
        Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller
        Physical Address. . . . . . . . . : 00-1A-A0-1E-B5-05
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.2.62
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.2.2
        DHCP Server . . . . . . . . . . . : 192.168.2.2
        DNS Servers . . . . . . . . . . . : 192.168.2.2
        Primary WINS Server . . . . . . . : 192.168.2.2
        Lease Obtained. . . . . . . . . . : 19 August 2007 03:11:21
        Lease Expires . . . . . . . . . . : 27 August 2007 03:11:21
Thanks
 
Andrew
Marina Roos User is Offline
The Netherlands
Member since
3/24/2005

Forum Admins
Posts: 12507
8/24/2007 06:44 AM  
Hi Andrew,
 
Unfortunately you have the dreaded Broadcom 5708 nic installed in the server. Check for updated drivers, disable Advanced features like Offload checksum and receive side scaling on it.
Marina Roos Smallbizserver.Net AdministratorMission accomplished. We have joined the branch office to our SBS 2003 Headquarters and have the same user experience on the branch office as we have on our local  network at the Headquarters. Want to know how? Signup up for a subscription and get instant access to the article series 'How to add an additional Domain Controller from a remote office to the SBS domain'
You are not authorized to post a reply.
Forums > Microsoft Small Business Server 2003 & 2000 > ISA Server 2004 > Yet Another VPN Issue


ActiveForums 3.7
Forum policy    
These Discussion Forums are dedicated to the discussion of the Small Business Server and related server and client software. For the benefit of the community please observe the following posting guidelines:
  1. No Advertising. This includes promotion of commercial products and non-commercial products which are not directly related to Small Business Server and related server and client software.
  2. No Flaming or Trolling.
  3. No Profanity, Racism, or Prejudice.
  4. Site Moderators have the final word on approving/removing a thread or post or comment.
Copyright 2002-2008 Concentrix b.v.    :   Page generated in 0.3750024 seconds.   :   Terms Of Use   :   Privacy Statement