RE: VPN, RRAS & DHCP
- From: Carltonjohn <Carltonjohn@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 13 Mar 2007 07:11:02 -0700
Hi, Robert
Thanks for getting back on this.
You're correct, RRAS users cannot obtain IP addres from SBS server when and
only when RRAS is set to obtain IP address from DHCP server.
When RRAS is set to obtain IP address from an address pool (192.168.25.230 -
192.168.20.249) all works Ok except:
When the RRAS service is restarted (occasionally) or the server is rebooted
the setting in RRAS reverts to 'Obtain IP address from DHCP server' and the
VPN connections subsequently fail again.
I say fail but in practice both the server and clients are assigned IP
addresses in the range 168.254.x.x - the automatic IP address range.
Normally RRAS has 1 IP address already assigned by DHCP for the server side
of each VPN connection. On this SBS 2003, those leases are missing and for
each connection there's a system event logged 'Remote Access' Event 20169'
'Unable to contact a DHCP server.
This has occurred since 20th October 2006 as advised after updating was
completed.
This customer had SBS2003 (NOT R2) SP1 installed in August however premium
technologies SP1 and all post SP1 updates, including all from Microsoft
Update were deferred to 20th October 2006.
Thus on 20th October 2006 after installing ISA server 2004 & all the then
current updates remote access failed to contact a DHCP server and VPN access
faltered.
Network Topology:
LAN <--> SBS2003 <-> Router <-> Internet
192.168.25.x 192.168.1.x
All external VPN clients have the issue
The problem arose after installing ISA server 2004 and about 31 updates
Step 1
I've re-run CEICW several times:
LanIP: 192.168.25.2
LanSM: 255.255.255.0
LanGW: -
LanDNS: 192.168.25.2 Registered in DNS
LanWINS: 192.168.25.2 NetBIOS enabled
WanIP: 192.168.1.2
WanSM: 255.255.255.0
WanGW: 192.168.1.1
WanDNS: 192.168.25.2 Not registered in DNS
WanWINS: - NetBIOS disabled
I've checked setting up against http://support.microsoft.com/?id=825763 as
suggested.
Setup is Manual Router, draytek 2600+, VPN definitely works through this -
there is an incoming VPN connection established as I type (IP assigned from
RRAS static address pool)
Step 2
I've re-run RAW several times. I've also tried setting up RRAS manually
since manually the DHCP relay component gets installed (I set this to forward
to 192.168.25.2, 4 hops, 4 seconds) whereas the DHCP component doesn't get
installed when RAW is run and when RRAS is initially not configured.
I've also found on occasions its advisable to run CEICW again after RAW.
Step 3
I can establish VPN internally with IP assignment from IP address pool but
not when set to use DHCP server
Step 4
The router & GRE protocol are definitely not the problem. The system will
accept VPN connections when addresses are assigned from IP address pool but
the DHCP assigned IP address setting causes VPN to fail.
MPS report
This task is running and the report will be sent as directed
Many thanks on this
Best regards
John
Carltonjohn
"Robert Li [MSFT]" wrote:
Hi Carlton,.
Thanks for posting in our newsgroup.
From your description, I know that the RRAS users cannot obtain IP
addresses from SBS server. If I am off-base, please don¡¯t hesitate to let
me know.
Please let me know the following to make the situation more clearly:
What the topology of the network, do you have a router between the SBS
server and the Internet?
Do all the VPN clients or some of them have the issue?
Do you have ISA server installed?
Please take the following steps to narrow down this issue:
Step 1: Please try to rerun the CEICW wizard, the wizard help us to
configure RRAS security setting, IP Configuration, Remote access ports and
DHCP Relay automatically.
For more information, please refer to:
825763 How to configure Internet access in Windows Small Business Server
2003
http://support.microsoft.com/?id=825763
Step 2: Please Run the Configure Remote Access wizard to configure VPN.
1. Open Server Management select Configure Remote Access.
2. Select to enable remote access and choosoe VPN access or Dial-in access(
require a modem).
2. Input the VPN Server name. You can input IP address or full Internet
domain name of the VPN server.
3. Finish the Wizard.
?
Step 3: On a LAN workstation, can you establish a VPN connection to the
server?
For more information, please refer to:
305550 How to configure a VPN connection to your corporate network in
Windows XP Professional
http://support.microsoft.com/?id=305550
Step4: Please check if GRE Protocol 47 is enabled on your router. GRE
Protocol 47 is used in conjunction with PPTP to create VPNs between clients
or between clients and servers. Refer to the following Knowledge Base
article for more information about GRE Protocol 47:
241251 VPN Tunnels - GRE Protocol 47 Packet Description and Use
http://support.microsoft.com/?kbid=241251
If the problem still exists, please help me collect the following
information for further research:
MPS Report:
a. Visit
http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0bd9
15706/MPSRPT_NETWORK.EXE to download the file.
b. Run the MPSRPT_NETWORK.EXE on the server box.
c. Wait for 10~15 minutes.
d. Open Windows explorer, navigate to
%SYSTEMROOT%\MPSReports\Network\Reports\cab\
e. Send the .cab file directly to me at v-robeli@xxxxxxxxxxxxx with
subject: PostReview-38293510-VPN, RRAS & DHCP.
I am looking forward to hear from you.
If you need further assistance, please don¡¯t hesitate to let me know
Best regards,
Robert Li(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
<Thread-Topic: VPN, RRAS & DHCP
<thread-index: Acdk5ayBvz+f1AtlQf6he+falfMtAA==
<X-WBNR-Posting-Host: 82.69.60.79
<From: =?Utf-8?B?Y2FybHRvbmpvaG4=?= <carltonjohn@xxxxxxxxxxxxxxxxxxxxxxxxx>
<References: <284861F9-B321-4E83-9067-A2BB6509278B@xxxxxxxxxxxxx>
<Subject: RE: VPN, RRAS & DHCP
<Date: Mon, 12 Mar 2007 13:33:20 -0700
<Lines: 25
<Message-ID: <F7E0F70A-B417-48D3-B7EC-7D59DE465199@xxxxxxxxxxxxx>
<MIME-Version: 1.0
<Content-Type: text/plain;
< charset="Utf-8"
<Content-Transfer-Encoding: 7bit
<X-Newsreader: Microsoft CDO for Windows 2000
<Content-Class: urn:content-classes:message
<Importance: normal
<Priority: normal
<X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757
<Newsgroups: microsoft.public.windows.server.sbs
<Path: TK2MSFTNGHUB02.phx.gbl
<Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:22440
<NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
<X-Tomcat-NG: microsoft.public.windows.server.sbs
<
<End 1st paragraph should read GRE protocol 47
<
<"carltonjohn" wrote:
<
<> RRAS on several SBS2003 fails to obtain DHCP lease giving several errors
<> including the one that relates in other queries to routers & RE protocol
47.
<>
<> I've observed this on 3 customers' SBS2003 & have tried installing RRAS
with
<> & without DHCP relay and just about every valid setting under the sun.
<>
<> The only temporary workaround has been to assign DHCP addresses from a
<> static pool. The problem is this setting seems to get reset when the
RRAS
<> service is restarted or when the server restarts so the workaround is
<> volatile.
<>
<> The problem began on 1 machine precisely the same day I installed hotfix
<> updates from Microsoft on 20th October 06 - all was 100% fine before.
<>
<> Updates include 903676 917734 914389 917344 918439 917953 911280 912442
<> 917283 914388 920670 920683 922616 917422 920214 921398 922582 921883
920685
<> 918899 925486 923414 924496 923191 924191 921096 890830 922819 922770
925672
<> 916106
<>
<> Does anyone have a permanent workaround or know which of these updates
is
<> likely to be the culprit?
<
- Follow-Ups:
- RE: VPN, RRAS & DHCP
- From: Robert Li [MSFT]
- RE: VPN, RRAS & DHCP
- References:
- RE: VPN, RRAS & DHCP
- From: Robert Li [MSFT]
- RE: VPN, RRAS & DHCP
- Prev by Date: WSUS Client polling interval
- Next by Date: Re: Mail display name in Exchange 2003
- Previous by thread: RE: VPN, RRAS & DHCP
- Next by thread: RE: VPN, RRAS & DHCP
- Index(es):
Relevant Pages
|
Loading
