Re: Bizzare ISA2004 VPN Issues, Please help

From: Z D (nospam_at_nospam.com)
Date: 09/24/04 

Date: Fri, 24 Sep 2004 11:34:37 -0400

Hello Eric,

I have discovered more info on the topic:

- I disabled VPN client access from within ISA2004.
- Rebooted the server.
- I then manually opened RRAS, configured it to accept PPTP VPN connections.
- This still DID NOT fix the problem, the PPTP ports did not show up.

- Then I went back to ISA2004 and remembered that I have a PPTP server
publishing rule. I'm doing this because I have yet another PPTP VPN server
inside my network that I'm publishing.
- I disabled this rule and rebooted the server.

- After the reboot, I went back into RRAS and configured it again as a PPTP
VPN server (since after the reboot the service was turned off, I'm assuming
ISA did this because it thought it should be disabled).

- Now when I configure the PPTP ports manually in RRAS they show up!!!

-Now I thought maybe if I can do it manually in RRAS then ISA can also do
it.
- So, I disabled RRAS
- Rebooted the server
- Opened ISA and tried to enable VPN client connections (but I still have
the VPN server publishing rule to the other server disabled)
- I rebooted the server
- The ports are visible!!!!!!! VPN Works!!!

SO, it seems as though there is a bug where ISA cannot be a PPTP VPN server
and also publish another PPTP VPN server inside the network.

What do you think? Are you able to reproduce this problem? Please let me
know what you think.

Thanks very much - maybe I found a bug!!
-ZD

""Eric Sun [MSFT]"" <v-ericsu@online.microsoft.com> wrote in message
news:SQWrpGkoEHA.3468@cpmsftngxa06.phx.gbl...
>
> Thanks for your great information. Below is my research result and
> followed by action plan
>
> 1. From the screenshot of port lists, we can see the PPTP are not listed
> and L2TP is listed as 'Used by' 'RAS/Routing'.
> From the screenshot of port properties, we can the PPTP are 'used by'
> 'RAS' and L2TP are used by 'None' (which should not be
> listed in the port list with 'None' .)
>
> Action Plan: In the port properties, click PPTP and click configure
> button. Check the following two check box.
>
> 'Remote access connections (inbound only)'
> 'Demand-dial routing connections' (inbound and outbound)'
>
> Click L2TP and click configure button. Then Uncheck the above two check
> box
>
> Refresh the port list. What's the result now?
>
> 2. If the problem persists, I think the RRAS service may have crashed.
> Please reinstall the RRAS service in the Add/Remove
> program. Reconfigure the VPN. What's the result?
>
> 3. After check your ISA information and configuration, I do not find
> evident errors. I suggest you to disable the ISA
> service and directly use the RRAS service to serve as VPN. What's the
> result? We need to know that the RRAS service is good so
> that we can concentrate on the ISA and continue the troubleshooting.
>
> Thanks for your time and I look forward to your reply.
>
> Best Regards,
>
> Eric Sun,
> MCSE2000 / MSCA / MCDBA
> Microsoft Online Partner Support
>
> Get Secure! - www.microsoft.com/security
>
> =====================================================
> When responding to posts, please "Reply to Group" via
> your newsreader so that others may learn and benefit
> from your issue.
> =====================================================
>
> This posting is provided "AS IS" with no warranties, and confers no rights
> --------------------
> | From: "Z D" <nospam@nospam.com>
> | References: <ea6OWGNoEHA.1608@TK2MSFTNGP15.phx.gbl>
> <jMLshSVoEHA.2640@cpmsftngxa06.phx.gbl>
> | Subject: Re: Bizzare ISA2004 VPN Issues, Please help
> | Date: Thu, 23 Sep 2004 15:13:42 -0400
> | Lines: 130
> | X-Priority: 3
> | X-MSMail-Priority: Normal
> | X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
> | X-RFC2646: Format=Flowed; Original
> | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
> | Message-ID: <#yTToGaoEHA.324@TK2MSFTNGP11.phx.gbl>
> | Newsgroups: microsoft.public.isa
> | NNTP-Posting-Host:
> cpe0006258c9fd4-cm000039948c5e.cpe.net.cable.rogers.com 69.196.101.145
> | Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP11.phx.gbl
> | Xref: cpmsftngxa06.phx.gbl microsoft.public.isa:50906
> | X-Tomcat-NG: microsoft.public.isa
> |
> | Hi Eric,
> |
> | I've sent you all the info in an email earlier this morning. Hopefully
> you
> | will be able to make some sense of what's going on!
> |
> | thanks
> | -ZD
> |
> |
> | ""Eric Sun [MSFT]"" <v-ericsu@online.microsoft.com> wrote in message
> | news:jMLshSVoEHA.2640@cpmsftngxa06.phx.gbl...
> | > Hi,
> | >
> | > After testing, I cannot reproduce the problem, if 'Enable VPN Client'
> | > wizard was run, 5 PPTP ports should be created in RRAS
> | > automatically.
> | >
> | > I would suggest the following:
> | >
> | > I. Disable VPN in ISA console.
> | >
> | > 1. Open ISA Manament.
> | > 2. Click VPN node
> | > 3. CLick 'Verify that VPN client is enabled'
> | > 4. Uncheck the 'Enable the VPN client access' option
> | > 5 CLick OK
> | > 6 CLick apply
> | >
> | > II. Disable RRAS.
> | >
> | > 1. Open RRAS console
> | > 2. Right click Server and click All Task -> Stop
> | >
> | > III. Enable VPN access with only PPTP.
> | >
> | > 1. Open ISA Manament.
> | > 2. Click VPN node
> | > 3. CLick 'Verify that VPN client is enabled'
> | > 4. Check the 'Enable the VPN client access' option
> | > 5. In the protocol tab, please check PPTP option and uncheck L2TP
> option
> | > 5 CLick OK
> | > 6 CLick apply
> | >
> | > Are the ports created in RRAS? Could this issue be reproduced?
> | >
> | > If the problem persists, let's get the application & System event
> logs,
> | > ISAINFO for ISA 2K4. to me at v-ericsu@microsoft.com
> | >
> | > 1) Download the file from the following URL:
> | > http://www.isatools.org/isainfo/ISAInfo.zip
> | > 2) Extract all files to a folder on ISA server
> | > 3) Double click Isainfo.js. This will generate 2 files
> | > ISAInfo2004-<computer-name>.log and ISAInfo2004-<computer-
> | > name>.xml in the current folder.
> | > 4) Please send these files to me.
> | >
> | > Hope that helps.
> | >
> | > Best Regards,
> | >
> | > Eric Sun,
> | > MCSE2000 / MSCA / MCDBA
> | > Microsoft Online Partner Support
> | >
> | > Get Secure! - www.microsoft.com/security
> | >
> | > =====================================================
> | > When responding to posts, please "Reply to Group" via
> | > your newsreader so that others may learn and benefit
> | > from your issue.
> | > =====================================================
> | >
> | > This posting is provided "AS IS" with no warranties, and confers no
> rights
> | > --------------------
> | > | From: "Z D" <nospam@nospam.com>
> | > | Subject: Bizzare ISA2004 VPN Issues, Please help
> | > | Date: Wed, 22 Sep 2004 14:24:19 -0400
> | > | Lines: 28
> | > | X-Priority: 3
> | > | X-MSMail-Priority: Normal
> | > | X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
> | > | X-RFC2646: Format=Flowed; Original
> | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
> | > | Message-ID: <ea6OWGNoEHA.1608@TK2MSFTNGP15.phx.gbl>
> | > | Newsgroups: microsoft.public.isa,microsoft.public.isa.vpn
> | > | NNTP-Posting-Host:
> | > cpe0006258c9fd4-cm000039948c5e.cpe.net.cable.rogers.com 69.196.101.145
> | > | Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP15.phx.gbl
> | > | Xref: cpmsftngxa06.phx.gbl microsoft.public.isa.vpn:5113
> | > microsoft.public.isa:50880
> | > | X-Tomcat-NG: microsoft.public.isa
> | > |
> | > | Hello,
> | > |
> | > | I have some strange VPN behaviour with ISA2004.
> | > |
> | > | I have configured ISA 2004 to allow 5 VPN connections. I've only
> | > allowed
> | > | PPTP and not L2P/IPSEC.
> | > |
> | > | I have the necessary secuirty permissions for the client dialing in.
> | > |
> | > | When the client tries to VPN in, I get Error 800. When I view the
> | > ISA2004
> | > | realtime logs, it says "Protocol: PPTP, Action: Failed Connection
> | > Attempt,
> | > | Rule: Allow VPN Traffic to ISA Server".
> | > |
> | > | I couldn't figure out what was going on so I manually went into RRAS
> to
> | > | double check the settings that ISA2004 should have configured in it.
> | > | I noticed that there are only L2P ports available (WAN Miniport
> | > | (L2P)(VPN4-...) )!!! No PPTP ports are configured!!
> | > |
> | > | So, I went back to ISA 2004 and I can see for sure that PPTP is
> selected
> | > and
> | > | L2P/IPSEC is NOT selected. SO, what is going on? Why isn't ISA
> putting
> | > the
> | > | correct info into RRAS? Is it a bug?
> | > |
> | > |
> | > | please advise, thanks!
> | > |
> | > | -ZD
> | > |
> | > |
> | > |
> | >
> | >
> |
> |
> |
>
>