Re: New connections not allowed into existing IPSec security associati

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Louise Bowman [MSFT] (lbowman_at_microsoft.com)
Date: 10/06/04 

Date: Wed, 6 Oct 2004 10:47:16 -0700

For clues, try turning on oakley logging.

http://support.microsoft.com/default.aspx?scid=kb;en-us;257225

Louise Bowman
MSFT 

-- 
This posting is provided "AS IS" with no warranties, and confers no rights.
"Rocky" <Rocky@discussions.microsoft.com> wrote in message
news:A484AD3A-78C6-4ACA-A5E5-3307C17113C5@microsoft.com...
> Win2k Citrix farm using MetaframeXP hosting the business application.
> TN3270e connections between each user session at the server and mainframe
> protected with IPSec (all ports between the devices).  Scenario is as
follows;
>
> Normal ops.  Multiple users logged into the application on each server.
> Security Association (SA) establishes with the first user connection to
> mainframe.  Subsequent user sessions use the established SA.  Working
well.
>
> Help desk gets a report of a user receiving an error during application
> login that describes a problem at the network layer.  Citrix client
connects
> to the server and brings up the application, no problem.  The error comes
> from the application and indicates a timeout waiting for the socket to
> complete that would connect the TN3270e session to the mainframe.
>
> Attempting to ping from the user's server to the mainframe times out.  SA
is
> in place, netstat -n shows current connections, current users see no
problem
> with connectivity.
>
> Toggling the IPSec Policy assign/un-assign in the management console
clears
> the problem without affecting existing connections.
>
> Problem has appeared on several different servers.
>
> Looking for clues, suggestions for isolating further, etc.  Thanks in
advance.

Relevant Pages

  • New connections not allowed into existing IPSec security associati
    ... TN3270e connections between each user session at the server and mainframe ... Multiple users logged into the application on each server. ...
    (microsoft.public.win2000.networking)
  • Re: Control the user to open multiple application (EXE)
    ... as needed simultaneous connections to the mainframe or remote server. ...
    (microsoft.public.windowsxp.configuration_manage)
  • Re: SBS 2003 IIS BASED SERVICES FAIL INTERMITTENTLY
    ... If I read your post correctly, you have a switch where the SBS ... Run DHCP server on your SBS, and set all client machine nics to dynamic. ... Once you have your nics configured, run the Connect to the Internet wizard, ... QUESTION1 - what is REFUSING CONNECTIONS? ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS Exchange 2003: too many "Current Sessions" opened
    ... So far everything is good and now I'm just monitoring my exchange. ... get the SMTP service to stop hanging in the first place. ... won't have dead connections. ... work for now until I put into production new server hardware with sbs 2003 ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS Exchange 2003: too many "Current Sessions" opened
    ... You really should go through the steps I posted and get the SMTP service to stop hanging in the first place. ... You'll be happier, you won't be clubbing your server every day with a kill script, and you won't have dead connections. ... You do *not* need to restart the server, ...
    (microsoft.public.windows.server.sbs)