Re: VPN breaks after installing patches
- From: v-edtian@xxxxxxxxxxxxxxxxxxxx (Edward Tian)
- Date: Wed, 05 Oct 2005 07:05:47 GMT
Dear Shawn:
Thanks for the update.
Now I understand that you are using the PPPoE connection and no router is
deployed. Regarding the current situation, I would like to provide you the
following two suggestions (Choose either one):
Suggestion 1:
When PPPoE connection is used, a virtual network adapter (PPP) will be
created on the SBS box which is responsible to transport the traffic
between the SBS box and the internet.(Once the PPPoE connection was
established, you will see the following information in IPconfig/all.) So,
in this case, we only need to change the IP address of the external NIC to
another subnet such as 192.168.100.1/255.255.255.0 and leave its default
gateway blank. (Please manually configure the settings in Network
Connections)
PPP adapter Small Business Broadband Connection 2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 70.242.84.238 (This is your real
public IP)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 0.0.0.0
DNS Servers . . . . . . . . . . . : 151.164.79.201
151.164.11.201
NetBIOS over Tcpip. . . . . . . . : Disabled
After that, try the VPN connection again, if the problem still persists, we
may need to re-run the CEICW to let the wizard properly configure the
network settings.
825763 How to configure Internet access in Windows Small Business Server
2003
http://support.microsoft.com/?id=825763
Suggestion 2:
Run the Change Server IP Address to change the internal IP address. (As I
mentioned in the previous reply)
1. Open the Server management console, navigate to "Internet and E-mail",
on the right pane, click "Change Server IP Address".
2. Change the internal IP address from 192.168.1.50 to
192.168.2.50/255.255.255.0 which doesn't belong to the same subnet as the
original IP address.
Try the VPN connection again, does it work this time?
Hope the information helps. Please feel free to let me know if there is
anything I can do for you.
Have a nice day!
Best Regards
Edward Tian(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: VPN breaks after installing patches
| thread-index: AcXI6dFvakHH6afjTeSW63FkOK64UA==
| X-WBNR-Posting-Host: 68.89.85.129
| From: "=?Utf-8?B?U2hhd24gTydDb25ub3I=?="
<ShawnOConnor@xxxxxxxxxxxxxxxxxxxxxxxxx>
| References: <90EDC742-2F03-4486-849B-CF6ACB3EAB9F@xxxxxxxxxxxxx>
<2h2KgCAxFHA.1024@xxxxxxxxxxxxxxxxxxxxx>
<CB79712D-1F2D-45E3-9257-F60F1F6DF6DE@xxxxxxxxxxxxx>
<#l$IlfFyFHA.3772@xxxxxxxxxxxxxxxxxxxx>
<F968ACA1-1555-491E-AD91-08FCAE7248CD@xxxxxxxxxxxxx>
<W5sYtkIyFHA.768@xxxxxxxxxxxxxxxxxxxxx>
<08260818-F8A0-4B24-9274-5E7D52B17F18@xxxxxxxxxxxxx>
<AGIZxBNyFHA.3020@xxxxxxxxxxxxxxxxxxxxx>
| Subject: Re: VPN breaks after installing patches
| Date: Tue, 4 Oct 2005 06:45:01 -0700
| Lines: 331
| Message-ID: <820B9F32-9738-4BA3-9AB0-B41E1CC22509@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:158562
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Edward, good suggestions. I'll give them a try. In looking at the
external
| nic config I'll make the corrections you suggested -- it's been a while
since
| I originally set this up, but I remember trying to do what you are asking
and
| had some problems. I can't remember exactly what. However, I do
remember
| that prior to SP 1 on the Server I had the external nic setup to accept a
| dynamically allocated DHCP address (via pppoe) from my ISP. After SP1 I
had
| major problems with the network -- the nic card would show that "there
was
| limited or no connectivity" and although things seemed to work, after a
while
| network access just quit. I eventually decided to set the external IP to
a
| static IP (looks like on the wrong subnet) and this resolved the issues.
The
| dynamic IP address is set via the CEICW Wizard. So it looks like the
Server
| sees two physical nics and a virtual nic from the ISP (does that make
| sense?).
|
| Anyway, back to my original question regarding the external nic settings.
| You made a note:
| "Note: I note that your external NIC was pointing the default gateway to
the
| > internal IP address of the SBS box, that doesn't make sense. Actually
we
| > should point the default gateway of the external NIC to the IP address
of
| > the hardware router."
|
| I don't have a hardware router on the network. It is just the DSL modem
to
| the external nic and then internal nic to the rest of the network. So
what
| should my gateway settings be set at for the external nic?
|
| Thanks,
|
| --Shawn
|
| "Edward Tian" wrote:
|
| > Hi Shawn:
| > Thanks for your update.
| > I have just received your email due to some network traffic problems.
| >
| > From the ISA log, I haven't found any entries showing that the attempt
to
| > access the network shares was denied by ISA Server.
| >
| > Based on my research on the ipconfig information you provided, I find
that
| > the internal IP address and external IP address of the SBS Server are
in
| > the same subnet schema. Both of they are using the
| > 192.168.1.x/255.255.255.0 subnet. Technically speaking, if we have
multiple
| > network adapters on one machine, we should separate them into different
| > subnet in order to avoid unexpected problems. I suspect that the
| > intermittent connectivity problems were probably caused by the same
schema.
| > For example, we can allocate 192.168.1.51/255.255.255.0 to the external
NIC
| > and 192.168.2.50/255.255.255.0 to the internal NIC.
| >
| >
| > Regarding the current situation, I would like to suggest you change the
IP
| > address of either the internal NIC or the external NIC.
| >
| > You can choose one of the following methods:
| >
| > Method 1:
| > To change the IP address of the external NIC, you can follow the steps
| > below:
| > 1. Open the Network Connections, double click the external network
adapter,
| > and manually change the IP address to a different subnet (e.g.
| > 192.168.2.51/255.255.255.0).
| >
| > Note: I note that your external NIC was pointing the default gateway to
the
| > internal IP address of the SBS box, that doesn't make sense. Actually
we
| > should point the default gateway of the external NIC to the IP address
of
| > the hardware router.
| >
| > Please do not change the IP address of the DNS Servers/Primary WINS
Server
| > on the external NIC because they should point to the internal NIC of
the
| > SBS box. Please also double check the DNS Server on the SBS box to see
if
| > the DNS Forwarder is pointed to the ISP's DNS server (This step will be
| > done by the CEICW Wizard).
| >
| >
| > 2. Open the Server management console, navigate to "Internet and
E-mail",
| > on the right pane, click "Connect to the Internet", and then follow the
| > instructions in this KB article to complete the CEICW Wizard:
| >
| > 825763 How to configure Internet access in Windows Small Business
Server
| > 2003
| > http://support.microsoft.com/?id=825763
| >
| > Then type ipconfig/all and double check if the TCP/IP settings are
correct.
| >
| >
| > Method 2:
| > To change the IP address of the internal NIC, please try the following
| > steps:
| >
| > 1. Open the Server management console, navigate to "Internet and
E-mail",
| > on the right pane, click "Change Server IP Address".
| >
| > 2. Change the internal IP address from 192.168.1.50 to
| > 192.168.2.50/255.255.255.0 which doesn't belong to the same subnet as
the
| > original IP address.
| >
| > Hope the above information helps. Please feel free to let me know if
you
| > have any questions or concerns.
| >
| > Have a nice day!
| >
| > Best Regards
| > Edward Tian(MSFT)
| > Microsoft CSS Online Newsgroup Support
| >
| > Get Secure! - www.microsoft.com/security
| > ======================================================
| > This newsgroup only focuses on SBS technical issues. If you have issues
| > regarding other Microsoft products, you'd better post in the
corresponding
| > newsgroups so that they can be resolved in an efficient and timely
manner.
| > You can locate the newsgroup here:
| > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| >
| > When opening a new thread via the web interface, we recommend you check
the
| > "Notify me of replies" box to receive e-mail notifications when there
are
| > any updates in your thread. When responding to posts via your
newsreader,
| > please "Reply to Group" so that others may learn and benefit from your
| > issue.
| >
| > Microsoft engineers can only focus on one issue per thread. Although we
| > provide other information for your reference, we recommend you post
| > different incidents in different threads to keep the thread clean. In
doing
| > so, it will ensure your issues are resolved in a timely manner.
| >
| > For urgent issues, you may want to contact Microsoft CSS directly.
Please
| > check http://support.microsoft.com for regional support phone numbers.
| >
| > Any input or comments in this thread are highly appreciated.
| > ======================================================
| > This posting is provided "AS IS" with no warranties, and confers no
rights.
| >
| > --------------------
| > | Thread-Topic: VPN breaks after installing patches
| > | thread-index: AcXIphEBW2XQuGylT02uVh1DLKPrAA==
| > | X-WBNR-Posting-Host: 64.219.20.221
| > | From: "=?Utf-8?B?U2hhd24gTydDb25ub3I=?="
| > <ShawnOConnor@xxxxxxxxxxxxxxxxxxxxxxxxx>
| > | References: <90EDC742-2F03-4486-849B-CF6ACB3EAB9F@xxxxxxxxxxxxx>
| > <2h2KgCAxFHA.1024@xxxxxxxxxxxxxxxxxxxxx>
| > <CB79712D-1F2D-45E3-9257-F60F1F6DF6DE@xxxxxxxxxxxxx>
| > <#l$IlfFyFHA.3772@xxxxxxxxxxxxxxxxxxxx>
| > <F968ACA1-1555-491E-AD91-08FCAE7248CD@xxxxxxxxxxxxx>
| > <W5sYtkIyFHA.768@xxxxxxxxxxxxxxxxxxxxx>
| > | Subject: Re: VPN breaks after installing patches
| > | Date: Mon, 3 Oct 2005 22:40:02 -0700
| > | Lines: 201
| > | Message-ID: <08260818-F8A0-4B24-9274-5E7D52B17F18@xxxxxxxxxxxxx>
| > | MIME-Version: 1.0
| > | Content-Type: text/plain;
| > | charset="Utf-8"
| > | Content-Transfer-Encoding: 7bit
| > | X-Newsreader: Microsoft CDO for Windows 2000
| > | Content-Class: urn:content-classes:message
| > | Importance: normal
| > | Priority: normal
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| > | Newsgroups: microsoft.public.windows.server.sbs
| > | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| > | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:158473
| > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > |
| > | An interesting note: earlier this afternoon after being frustrated
with
| > the
| > | VPN connection and not being able to connect it looks like the
| > home-office
| > | laptop was left connected to the VPN all day and evening. When I got
| > home to
| > | check on this forum I noticed that I was stilled VPN'd into the
office --
| > and
| > | access to Server resources works just fine. Everything works. This
is
| > part
| > | and parcel for what I've been seeing. Still, it is the first time
I've
| > seen
| > | it where access to Server resources didn't work and then later
started
| > | working from within what appears to be the same VPN session. That
leads
| > me
| > | to believe that perhaps it is related to Server load or network
traffic
| > at
| > | the office. However, in monitoring the Server it doesn't seem to be
| > running
| > | too low on RAM or maxing out CPU resources. Does this observation
ring a
| > | bell for you? The office network is a combination of peer-to-peer
and
| > | Workstations connected in a domain. Probably a total of 7
peer-to-peer
| > | machines (mix of xp, 2000 and 98) and 7 machines on the domain (all
xp w/
| > | sp2).
| > |
| > | "Edward Tian" wrote:
| > |
| > | > Hi Shawn:
| > | > Thanks for your reply. Hello SuperGumby, thank you for your input.
| > | >
| > | > I truly understand your concern. In my point of view, if you did
| > install
| > | > the Windows Server 2003 SP1 recently before the problem occurred,
| > please do
| > | > not hesitate to install this hotfix, since the hotfix was
specifically
| > | > designed to solve this kind of issue. As SuperGumby mentioned, no
| > charge
| > | > will apply if you call the MS office to ask for the hotfix. Please
feel
| > | > free to make a phone call and obtain the Hotfix:
| > | >
| > | > VPN clients can no longer access internal resources after you
install
| > | > Windows Server 2003 Service Pack 1 on a computer that is running
ISA
| > Server
| > | > 2000
| > | > http://support.microsoft.com/?id=897651
| > | >
| > | > Please don't forget to modify the registry key mentioned in my
initial
| > | > reply after you install the hotfix.
| > | >
| > | > If things are not what I described before, we may need to make a
deep
| > | > investigation. First, could you help me gather the remaining
| > information
| > | > that is mentioned in my first reply?
| > | > 1. Does this problem occur on all the remote clients that are
located
| > in
| > | > your home office? If you plug a laptop directly connect to the
modem
| > and
| > | > then establish the VPN connection to the SBS Server, does the
problem
| > | > persist? This will help to confirm if the root cause resides in the
| > remote
| > | > side or the SBS side.
| > | >
| > | > 2. Please try not using the remote gateway on the client, to do so:
| > | > On the VPN client,
| > | > 1). Double-click My Computer, and then click the Network and
Dial-up
| > | > Connections link.
| > | > 2). Right-click the VPN connection that you want to change, and
then
| > click
| > | > Properties.
| > | > 3). Click the Networking tab, click Internet Protocol (TCP/IP) in
the
| > | > 'Components checked are used by this connection' list, and then
click
| > | > Properties.
| > | > 4). Click Advanced, and then click to clear the Use default gateway
on
| > | > remote network check box.
| > | >
| > | > Does the problem persist?
| > | >
| > | > 3. Once the VPN connection was established, please type
"ipconfig/all >
| > | > d:\client1.txt" and "route print > d:\client2.txt" on the VPN
client
| > side
| > | > (without the quotation mark). If possible, please also gather the
| > | > information from the SBS Server side and send the output to my
mailbox:
| > | > v-edtian@xxxxxxxxxxxxx .
| > | >
| > | > 4. Please help to gather the ISA Logs and send to my mailbox:
| > | >
| > | > 1) Open ISA Management, and then point to Monitoring Configuration
|
| > Logs
| > | >
| > | > 2) Double click ISA Server Firewall Service in the right pane,
click to
| > | > select Enable Logging for this service, click Fields tab, click
Select
| > All,
| > | > and then click OK.
| > | >
| > | > 3) Please repeat Step 2) to enable logging IP Packet Filter and Web
| > Proxy
| > | > Services.
| > | >
| > | > 4) Run command "net stop isactrl" (without the quotation marks) to
stop
| > all
| > | > ISA Services.
| > | >
| > | > 5) Backup all files in the folder C:\Program Files\Microsoft ISA
| > | > Server\ISALogs, and then delete them.
| > | >
| > | > 6) In ISA Management | <server name> | Monitoring | Services, start
all
| > ISA
| > | > services.
| > | >
| > | > 7) Reproduce the issue.
| > | >
| > | > 8) Wait for about 3 minutes, and then send me that day's firewall,
web
| > | > proxy and IP Packet filter log in C:\Program Files\Microsoft ISA
| > | > Server\ISALogs. You can compress logs into .zip file.
| > | >
| > | > Firewall log: FWSEXTDyyyymmdd.log
| > | > Web Proxy log: WEBEXTDyyyymmdd.log
| > | > IP Packet Filter log: IPPEXTDyyyymmdd.log
| > | >
| > | > Please also let me know the IP address of the remote client, the
| > internal
| > | > client in which the network resources reside and the VPN Server so
that
| > I
| > | > can filter the data.
| > | >
| > | > I also notice that you cannot access the RWW site from external
users
| > and
| > | > the SBS Server is using the dynamic DNS service, due to the
complexity
| > of
| > | > the issue, if you prefer, could you please create a new thread for
the
| > RWW
| > | > issue so that we can work on the new problem on a clean thread in
order
| > to
| > | > keep the post clean. Thank you for your understanding!
| > | >
| > | > Hope the above information helps. Please feel free to let me know
if
| > you
| > | > have any questions or concerns.
| > | >
| > | > Have a nice day!
| > | >
| > | > Best Regards
| > | > Edward Tian(MSFT)
| > | > Microsoft CSS Online Newsgroup Support
| > | >
| > | > Get Secure! - www.microsoft.com/security
| > | > ======================================================
| > | > This newsgroup only focuses on SBS technical issues. If you have
issues
| > | > regarding other Microsoft products, you'd better post in the
| > corresponding
| > | > newsgroups so that they can be resolved in an efficient and timely
| > manner.
| > | > You can locate the newsgroup here:
| > | > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| > | >
| > | > When opening a new thread via the web interface, we recommend you
check
| > the
| > | > "Notify me of replies" box to receive e-mail notifications when
there
| > are
| > | > any updates in your thread. When responding to posts via your
| > newsreader,
| > | > please "Reply to Group" so that others may learn and benefit from
your
| > | > issue.
| > | >
| > | > Microsoft engineers can only focus on one issue per thread.
Although we
| > | > provide other information for your reference, we recommend you post
| > | > different incidents in different threads to keep the thread clean.
In
| > doing
| > | > so, it will ensure your issues are resolved in a timely manner.
| > | >
|
.
- References:
- Re: VPN breaks after installing patches
- From: Edward Tian
- Re: VPN breaks after installing patches
- Prev by Date: Re: Symantec Brightmail AntiSpam
- Next by Date: RE: ISA Server 2004 installation
- Previous by thread: Re: VPN breaks after installing patches
- Next by thread: Reinstall Service Pack for Exchange
- Index(es):
Relevant Pages
|
