Re: VPN breaks after installing patches
- From: v-edtian@xxxxxxxxxxxxxxxxxxxx (Edward Tian)
- Date: Tue, 04 Oct 2005 10:43:20 GMT
Hi Shawn:
Thanks for your update.
I have just received your email due to some network traffic problems.
>From the ISA log, I haven't found any entries showing that the attempt to
access the network shares was denied by ISA Server.
Based on my research on the ipconfig information you provided, I find that
the internal IP address and external IP address of the SBS Server are in
the same subnet schema. Both of they are using the
192.168.1.x/255.255.255.0 subnet. Technically speaking, if we have multiple
network adapters on one machine, we should separate them into different
subnet in order to avoid unexpected problems. I suspect that the
intermittent connectivity problems were probably caused by the same schema.
For example, we can allocate 192.168.1.51/255.255.255.0 to the external NIC
and 192.168.2.50/255.255.255.0 to the internal NIC.
Regarding the current situation, I would like to suggest you change the IP
address of either the internal NIC or the external NIC.
You can choose one of the following methods:
Method 1:
To change the IP address of the external NIC, you can follow the steps
below:
1. Open the Network Connections, double click the external network adapter,
and manually change the IP address to a different subnet (e.g.
192.168.2.51/255.255.255.0).
Note: I note that your external NIC was pointing the default gateway to the
internal IP address of the SBS box, that doesn't make sense. Actually we
should point the default gateway of the external NIC to the IP address of
the hardware router.
Please do not change the IP address of the DNS Servers/Primary WINS Server
on the external NIC because they should point to the internal NIC of the
SBS box. Please also double check the DNS Server on the SBS box to see if
the DNS Forwarder is pointed to the ISP's DNS server (This step will be
done by the CEICW Wizard).
2. Open the Server management console, navigate to "Internet and E-mail",
on the right pane, click "Connect to the Internet", and then follow the
instructions in this KB article to complete the CEICW Wizard:
825763 How to configure Internet access in Windows Small Business Server
2003
http://support.microsoft.com/?id=825763
Then type ipconfig/all and double check if the TCP/IP settings are correct.
Method 2:
To change the IP address of the internal NIC, please try the following
steps:
1. Open the Server management console, navigate to "Internet and E-mail",
on the right pane, click "Change Server IP Address".
2. Change the internal IP address from 192.168.1.50 to
192.168.2.50/255.255.255.0 which doesn't belong to the same subnet as the
original IP address.
Hope the above information helps. Please feel free to let me know if you
have any questions or concerns.
Have a nice day!
Best Regards
Edward Tian(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: VPN breaks after installing patches
| thread-index: AcXIphEBW2XQuGylT02uVh1DLKPrAA==
| X-WBNR-Posting-Host: 64.219.20.221
| From: "=?Utf-8?B?U2hhd24gTydDb25ub3I=?="
<ShawnOConnor@xxxxxxxxxxxxxxxxxxxxxxxxx>
| References: <90EDC742-2F03-4486-849B-CF6ACB3EAB9F@xxxxxxxxxxxxx>
<2h2KgCAxFHA.1024@xxxxxxxxxxxxxxxxxxxxx>
<CB79712D-1F2D-45E3-9257-F60F1F6DF6DE@xxxxxxxxxxxxx>
<#l$IlfFyFHA.3772@xxxxxxxxxxxxxxxxxxxx>
<F968ACA1-1555-491E-AD91-08FCAE7248CD@xxxxxxxxxxxxx>
<W5sYtkIyFHA.768@xxxxxxxxxxxxxxxxxxxxx>
| Subject: Re: VPN breaks after installing patches
| Date: Mon, 3 Oct 2005 22:40:02 -0700
| Lines: 201
| Message-ID: <08260818-F8A0-4B24-9274-5E7D52B17F18@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:158473
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| An interesting note: earlier this afternoon after being frustrated with
the
| VPN connection and not being able to connect it looks like the
home-office
| laptop was left connected to the VPN all day and evening. When I got
home to
| check on this forum I noticed that I was stilled VPN'd into the office --
and
| access to Server resources works just fine. Everything works. This is
part
| and parcel for what I've been seeing. Still, it is the first time I've
seen
| it where access to Server resources didn't work and then later started
| working from within what appears to be the same VPN session. That leads
me
| to believe that perhaps it is related to Server load or network traffic
at
| the office. However, in monitoring the Server it doesn't seem to be
running
| too low on RAM or maxing out CPU resources. Does this observation ring a
| bell for you? The office network is a combination of peer-to-peer and
| Workstations connected in a domain. Probably a total of 7 peer-to-peer
| machines (mix of xp, 2000 and 98) and 7 machines on the domain (all xp w/
| sp2).
|
| "Edward Tian" wrote:
|
| > Hi Shawn:
| > Thanks for your reply. Hello SuperGumby, thank you for your input.
| >
| > I truly understand your concern. In my point of view, if you did
install
| > the Windows Server 2003 SP1 recently before the problem occurred,
please do
| > not hesitate to install this hotfix, since the hotfix was specifically
| > designed to solve this kind of issue. As SuperGumby mentioned, no
charge
| > will apply if you call the MS office to ask for the hotfix. Please feel
| > free to make a phone call and obtain the Hotfix:
| >
| > VPN clients can no longer access internal resources after you install
| > Windows Server 2003 Service Pack 1 on a computer that is running ISA
Server
| > 2000
| > http://support.microsoft.com/?id=897651
| >
| > Please don't forget to modify the registry key mentioned in my initial
| > reply after you install the hotfix.
| >
| > If things are not what I described before, we may need to make a deep
| > investigation. First, could you help me gather the remaining
information
| > that is mentioned in my first reply?
| > 1. Does this problem occur on all the remote clients that are located
in
| > your home office? If you plug a laptop directly connect to the modem
and
| > then establish the VPN connection to the SBS Server, does the problem
| > persist? This will help to confirm if the root cause resides in the
remote
| > side or the SBS side.
| >
| > 2. Please try not using the remote gateway on the client, to do so:
| > On the VPN client,
| > 1). Double-click My Computer, and then click the Network and Dial-up
| > Connections link.
| > 2). Right-click the VPN connection that you want to change, and then
click
| > Properties.
| > 3). Click the Networking tab, click Internet Protocol (TCP/IP) in the
| > 'Components checked are used by this connection' list, and then click
| > Properties.
| > 4). Click Advanced, and then click to clear the Use default gateway on
| > remote network check box.
| >
| > Does the problem persist?
| >
| > 3. Once the VPN connection was established, please type "ipconfig/all >
| > d:\client1.txt" and "route print > d:\client2.txt" on the VPN client
side
| > (without the quotation mark). If possible, please also gather the
| > information from the SBS Server side and send the output to my mailbox:
| > v-edtian@xxxxxxxxxxxxx .
| >
| > 4. Please help to gather the ISA Logs and send to my mailbox:
| >
| > 1) Open ISA Management, and then point to Monitoring Configuration |
Logs
| >
| > 2) Double click ISA Server Firewall Service in the right pane, click to
| > select Enable Logging for this service, click Fields tab, click Select
All,
| > and then click OK.
| >
| > 3) Please repeat Step 2) to enable logging IP Packet Filter and Web
Proxy
| > Services.
| >
| > 4) Run command "net stop isactrl" (without the quotation marks) to stop
all
| > ISA Services.
| >
| > 5) Backup all files in the folder C:\Program Files\Microsoft ISA
| > Server\ISALogs, and then delete them.
| >
| > 6) In ISA Management | <server name> | Monitoring | Services, start all
ISA
| > services.
| >
| > 7) Reproduce the issue.
| >
| > 8) Wait for about 3 minutes, and then send me that day's firewall, web
| > proxy and IP Packet filter log in C:\Program Files\Microsoft ISA
| > Server\ISALogs. You can compress logs into .zip file.
| >
| > Firewall log: FWSEXTDyyyymmdd.log
| > Web Proxy log: WEBEXTDyyyymmdd.log
| > IP Packet Filter log: IPPEXTDyyyymmdd.log
| >
| > Please also let me know the IP address of the remote client, the
internal
| > client in which the network resources reside and the VPN Server so that
I
| > can filter the data.
| >
| > I also notice that you cannot access the RWW site from external users
and
| > the SBS Server is using the dynamic DNS service, due to the complexity
of
| > the issue, if you prefer, could you please create a new thread for the
RWW
| > issue so that we can work on the new problem on a clean thread in order
to
| > keep the post clean. Thank you for your understanding!
| >
| > Hope the above information helps. Please feel free to let me know if
you
| > have any questions or concerns.
| >
| > Have a nice day!
| >
| > Best Regards
| > Edward Tian(MSFT)
| > Microsoft CSS Online Newsgroup Support
| >
| > Get Secure! - www.microsoft.com/security
| > ======================================================
| > This newsgroup only focuses on SBS technical issues. If you have issues
| > regarding other Microsoft products, you'd better post in the
corresponding
| > newsgroups so that they can be resolved in an efficient and timely
manner.
| > You can locate the newsgroup here:
| > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| >
| > When opening a new thread via the web interface, we recommend you check
the
| > "Notify me of replies" box to receive e-mail notifications when there
are
| > any updates in your thread. When responding to posts via your
newsreader,
| > please "Reply to Group" so that others may learn and benefit from your
| > issue.
| >
| > Microsoft engineers can only focus on one issue per thread. Although we
| > provide other information for your reference, we recommend you post
| > different incidents in different threads to keep the thread clean. In
doing
| > so, it will ensure your issues are resolved in a timely manner.
| >
| > For urgent issues, you may want to contact Microsoft CSS directly.
Please
| > check http://support.microsoft.com for regional support phone numbers.
| >
| > Any input or comments in this thread are highly appreciated.
| > ======================================================
| > This posting is provided "AS IS" with no warranties, and confers no
rights.
| >
| > --------------------
| > | Thread-Topic: VPN breaks after installing patches
| > | thread-index: AcXIW1acAc5ElPLvSxyfJLpt31pNQg==
| > | X-WBNR-Posting-Host: 68.89.85.129
| > | From: "=?Utf-8?B?U2hhd24gTydDb25ub3I=?="
| > <ShawnOConnor@xxxxxxxxxxxxxxxxxxxxxxxxx>
| > | References: <90EDC742-2F03-4486-849B-CF6ACB3EAB9F@xxxxxxxxxxxxx>
| > <2h2KgCAxFHA.1024@xxxxxxxxxxxxxxxxxxxxx>
| > <CB79712D-1F2D-45E3-9257-F60F1F6DF6DE@xxxxxxxxxxxxx>
| > <#l$IlfFyFHA.3772@xxxxxxxxxxxxxxxxxxxx>
| > | Subject: Re: VPN breaks after installing patches
| > | Date: Mon, 3 Oct 2005 13:45:07 -0700
| > | Lines: 22
| > | Message-ID: <F968ACA1-1555-491E-AD91-08FCAE7248CD@xxxxxxxxxxxxx>
| > | MIME-Version: 1.0
| > | Content-Type: text/plain;
| > | charset="Utf-8"
| > | Content-Transfer-Encoding: 7bit
| > | X-Newsreader: Microsoft CDO for Windows 2000
| > | Content-Class: urn:content-classes:message
| > | Importance: normal
| > | Priority: normal
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| > | Newsgroups: microsoft.public.windows.server.sbs
| > | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| > | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:158331
| > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > |
| > | Thanks SuperGumby. I'll give that a shot as a last resort; maybe
I'll do
| > it
| > | anyway. I'll call and at least have that fix standing by. I'd like
to
| > work
| > | through the issues and see if we can't determine if the problem I am
| > having
| > | is really something that this hotfix will resolve -- or not.
Sometimes
| > you
| > | get burned with the hotfixes. I'd hate to apply it; it doens't fix
the
| > | issue, and then at a later date when I need to apply something else I
| > have an
| > | issue because of the hotfix I applied.
| > |
| > | "SuperGumby [SBS MVP]" wrote:
| > |
| > | > just a thought.
| > | >
| > | > <snip> I'm a little hesitant to go through Microsoft Support to
obtain
| > the
| > | > hotfix
| > | > > -- it looks like that will be quite costly and may or may not be
the
| > issue
| > | > > and may not resolve the problem.
| > | >
| > | > if you call your local MS office and say 'HI, I want hotfix
123456', no
| > | > charges will apply. In AU they won't even ask for CC details.
| > | >
| > | >
| > | >
| > |
| >
| >
|
.
- Prev by Date: pop3 connector,Exchange,sbs2003
- Next by Date: Reinstall Service Pack for Exchange
- Previous by thread: pop3 connector,Exchange,sbs2003
- Next by thread: Re: VPN breaks after installing patches
- Index(es):
Relevant Pages
|
