RE: VPN and Remote Desktop Problems
- From: v-edtian@xxxxxxxxxxxxxxxxxxxx (Edward Tian)
- Date: Thu, 28 Jul 2005 07:59:19 GMT
Hi Steve:
Thank you for your update.
To narrow down this issue, I'd like to confirm some information with you.
1. Do you have ISA installed? If so, ISA2000 or ISA2004?
2. Have you applied Security Update for Microsoft Windows 835732 to patch
MS04-011? If so, temporarily uninstall it and check if the issue persists.
3. Does this issue occur on all your clients?
I'd also like to give you some suggestions:
1. You mention XP clients do not have ICS enabled, but I'd like to suggest
you apply the hotfix mentioned in KB331816.
2. Please check the Windows XP clients to make sure that Internet
Connection Firewall (ICF) for your internet connection (either on your NIC
or modem) is not enabled. This can also cause the computer may drop virtual
private network (VPN) connections after about 60 to 120 seconds after
connecting to a Windows 2000 server over VPN. You will find the Internet
Connection Firewall check box on the Properties of the client's NIC,
Advanced tab.
Please also check the registry parameter:
HKEY_LOCAL_MACHINE\SYSTEM\CCS\Control\Class\{4d36E972-....}\<instanceid>\Ina
ctivityIdleSeconds
The default setting for this should be 90 (seconds).
If set to "1", it can cause the ICF to disconnect the VPN connection
because it is getting a PPTP_ECHO_REQUEST every second from the server.
2. If you are using a NAT or router connect to the Internet and then
connect the computer to the ISA server via VPN, would you please
disable/remove the firewall (third party firewall and hardware firewall on
the router/NAT device) between the ISA server and client for testing?
Because similar problems have been reported that this behavior can be
issued by the firewall and resolved by removing the firewall between the
client and ISA server, I would appreciate it if you could give it a try and
let me know your findings.
Note: If you have a router in front of the SBS box, the hardware router
should be set to allow GRE 47 and port 1723 to pass through. Please confirm
with the manufacturer that it will pass through without any redirection. We
have met many similar issues (VPN drops after 1 or 2 minutes) which are
caused by the hardware router.
4. I'd like to recommend that you contact our PSS to obtain the hotfix
840654 which is used to fix the VPN disconnection issue.
I hope you can understand that hotfixes are generally available for
specific issues in the Product. Please keep in mind that they are not fully
regression tested and should be applied only to systems experiencing the
specific problem. For this reason, the first step would be to verify if you
are indeed running into the problem addressed in a specific hotfix. The
individual sending of hotfixes must be tracked by Microsoft for reasons
such as: you may run into problems after installing the fix, when future
updates to the hotfix occur we want to be able to notify you. For these
reasons and others, many hotfixes are only available to customers if they
call into the appropriate Microsoft Support phone line, and receive direct
help and advice from a Microsoft support professional. We are not equipped
to send out and track hotfixes here in the Newsgroups forum.
If you prefer, you could contact Microsoft Product Support Services
directly to obtain the fix. For a complete list of Microsoft Product
Support Services phone numbers and information about support costs, visit
the following Microsoft Web site:
http://support.microsoft.com/default.aspx?scid=fh;EN-US;CNTACTMS
I really appreciate your time and patience. If anything is unclear, please
feel free to let me know, I am standing by to help you.
Have a nice day, Steve! :-)
Best Regards
Edward Tian(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: VPN and Remote Desktop Problems
| thread-index: AcWSxTkr3g3phnQOTY+R3q0LLa+5rQ==
| X-WBNR-Posting-Host: 199.108.227.22
| From: =?Utf-8?B?U3RldmUgSmVuc2Vu?= <SteveJensen@xxxxxxxxxxxxxxxxxxxxxxxxx>
| References: <16D36C0D-3B42-4D58-A3BA-30CA7E618C90@xxxxxxxxxxxxx>
<b1rfwuokFHA.2700@xxxxxxxxxxxxxxxxxxxxx>
| Subject: RE: VPN and Remote Desktop Problems
| Date: Wed, 27 Jul 2005 09:07:01 -0700
| Lines: 149
| Message-ID: <EE34EF5F-D3B0-43AB-A6CD-0D43958437FB@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:139187
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Hello, Edward
|
| Regarding the VPN connection dropping:
|
| All network connections, including dialup, say 'ICS disabled by network
| administrator', so whatever the problem is, it is not that. The two
files
| referenced in artlcle 331816 are 5.1.2600.2180 so it is not that either.
|
| About the Remote Desktop, I will try that locally and set up a separate
| topic thread as you suggest if needed.
|
| Thanks,
| Steve
|
| "Edward Tian" wrote:
|
| > Hi Steve:
| > Thank you for posting your questions.
| >
| > I would like to provide the following suggestions regarding the first
issue:
| >
| > 1. Please double check if you have followed the steps in the KB article
| > below:
| >
| > 283628 How to Enable PPTP Clients to Connect Through an ISA Firewall
| > http://support.microsoft.com/?id=283628
| >
| > 2. The internal VPN client must be configured as a SecureNAT client. To
do
| > that, you need to configure ISA's internal NIC as the Default Gateway
of
| > the internal clients. The Firewall Client must be removed from the
internal
| > VPN clients.
| >
| > In addition, there is a known issue for Windows XP or SP1 and it is
| > resolved by Windows XP SP2.
| >
| > 331816 VPN Client in Windows XP Disconnects After One Minute
| > http://support.microsoft.com/?id=331816
| >
| > If you prefer, you could contact Microsoft Product Support Services
| > directly to obtain the fix. For a complete list of Microsoft Product
| > Support Services phone numbers and information about support costs,
visit
| > the following Microsoft Web site:
| >
| > http://support.microsoft.com/default.aspx?scid=fh;EN-US;CNTACTMS
| >
| > One thing I want to clarify in regards to the second question, you may
post
| > it in another thread. We recommend you post different incidents in
| > different threads to keep the thread clean. In doing so, it will ensure
| > your issues are resolved in a timely manner.:)
| >
| > Nevertheless, I would still like to provide you some information
| > corresponding to the second issue.
| >
| > 1. When you use a local client to RDP a workstation, does this problem
| > occur?
| >
| > 2. Does this issue occur on all the workstations you want to access via
RDP?
| >
| > 3. Right click My Computer, click Manage. Expand Local Users and groups
and
| > click Group, in the right pane, double click Remote desktop users group
and
| > make sure that the user is added into the group.
| >
| > 4. Check if your account has been granted log on permission locally. To
do
| > so, please follow the steps below:
| > a. On the Windows XP client on the SBS network, click Start->Run, type
| > "gpedit.msc" without quotes, and then press Enter. Expand to Locate
| > Computer configuration->Windows Settings-Security Settings->Local
| > Policies->User Rights Assignment.
| > b. Double-click Log on locally and add your domain account.
| > c. Run the "gpupdate /force" (without quotes) command in the command
prompt
| > window.
| >
| > I hope this helps. If anything is unclear, please feel free to let me
know.
| > I am glad to be of assistance.
| > I look forward to hearing from you. Have a nice day, Steve!:)
| >
| > Best Regards
| > Edward Tian(MSFT)
| > Microsoft CSS Online Newsgroup Support
| >
| > Get Secure! - www.microsoft.com/security
| > ======================================================
| > This newsgroup only focuses on SBS technical issues. If you have issues
| > regarding other Microsoft products, you'd better post in the
corresponding
| > newsgroups so that they can be resolved in an efficient and timely
manner.
| > You can locate the newsgroup here:
| > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| >
| > When opening a new thread via the web interface, we recommend you check
the
| > "Notify me of replies" box to receive e-mail notifications when there
are
| > any updates in your thread. When responding to posts via your
newsreader,
| > please "Reply to Group" so that others may learn and benefit from your
| > issue.
| >
| > Microsoft engineers can only focus on one issue per thread. Although we
| > provide other information for your reference, we recommend you post
| > different incidents in different threads to keep the thread clean. In
doing
| > so, it will ensure your issues are resolved in a timely manner.
| >
| > For urgent issues, you may want to contact Microsoft CSS directly.
Please
| > check http://support.microsoft.com for regional support phone numbers.
| >
| > Any input or comments in this thread are highly appreciated.
| > ======================================================
| > This posting is provided "AS IS" with no warranties, and confers no
rights.
| >
| > --------------------
| > | Thread-Topic: VPN and Remote Desktop Problems
| > | thread-index: AcWSQ04AICmC0rwSR06bWKiZZCdNow==
| > | X-WBNR-Posting-Host: 199.108.227.22
| > | From: =?Utf-8?B?U3RldmUgSmVuc2Vu?= <Steve
| > Jensen@xxxxxxxxxxxxxxxxxxxxxxxxx>
| > | Subject: VPN and Remote Desktop Problems
| > | Date: Tue, 26 Jul 2005 17:37:02 -0700
| > | Lines: 12
| > | Message-ID: <16D36C0D-3B42-4D58-A3BA-30CA7E618C90@xxxxxxxxxxxxx>
| > | MIME-Version: 1.0
| > | Content-Type: text/plain;
| > | charset="Utf-8"
| > | Content-Transfer-Encoding: 7bit
| > | X-Newsreader: Microsoft CDO for Windows 2000
| > | Content-Class: urn:content-classes:message
| > | Importance: normal
| > | Priority: normal
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| > | Newsgroups: microsoft.public.windows.server.sbs
| > | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| > | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:138990
| > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > |
| > | There are 2 problems, the first of which has been an issue in
previous
| > | versions of SBS:
| > |
| > | 1. The VPN connection drops after about 30 seconds, regardless of
server
| > or
| > | client settings. I have seen this on several Windows 2000 and 2003
| > Server
| > | RRAS installations.
| > |
| > | 2. After establishing a VPN connection to a SBS 2003 network, the
user
| > | cannot log in to a workstation using Remote Desktop. The message is
| > "Local
| > | policy on this system does not permit you to logon interactively".
The
| > | message is the same no matter who logs in, including the
Administrator.
| > | Remote Desktop is enabled on the workstations.
| > |
| >
| >
|
.
- References:
- VPN and Remote Desktop Problems
- From: Steve Jensen
- RE: VPN and Remote Desktop Problems
- From: Edward Tian
- RE: VPN and Remote Desktop Problems
- From: Steve Jensen
- VPN and Remote Desktop Problems
- Prev by Date: RE: Multiple internal email addresses
- Next by Date: Net User Command - Charles Yang
- Previous by thread: RE: VPN and Remote Desktop Problems
- Next by thread: Is there a way to just reinstall certain components
- Index(es):
Relevant Pages
|
