RE: VPN, RRAS & DHCP

Hi John,

Thanks for updating.

Since the problem occured when the ISA firewall is installed, the issue
could be related to the DHCP service configuration or the client
workstation. To isolate the problem, please try the following action plan:

1. Open DHCP console. Check the status of the local server. Do you see a
green arrow on the server icon? If not, right-click the server name and
choose 'Authorize' to enable the DHCP service.

2. If the server status is correct, right-click the server name and choose
'Properties'. In 'Advanced' tab, click 'Bindings' button. Make sure that
the DHCP service is listening to the SBS server's internal NIC.

3. Is ISA firewall client installed on the client workstations? If so, you
may want to disable the Firewall client and then try the address
refreshing. What's the result?

4. Go to a workstation. Open a command prompt. Input the command 'Netsh
interface ip reset all' and press 'Enter'. Reboot the workstation to see if
the problem will be resolved.

If the problem still exists, please kindly send me the MPS Report for
further research.

I am looking forward to hear from you.

Have a nice day.

Best regards,

Robert Li(MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================

This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.

=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
<Thread-Topic: VPN, RRAS & DHCP
<thread-index: AcdleW7tpvC5KfdMSs2A0/gmDj5gng==
<X-WBNR-Posting-Host: 82.69.60.79
<From: =?Utf-8?B?Q2FybHRvbmpvaG4=?= <Carltonjohn@xxxxxxxxxxxxxxxxxxxxxxxxx>
<References: <284861F9-B321-4E83-9067-A2BB6509278B@xxxxxxxxxxxxx>
<F7E0F70A-B417-48D3-B7EC-7D59DE465199@xxxxxxxxxxxxx>
<6V9o9gUZHHA.3820@xxxxxxxxxxxxxxxxxxxxxx>
<Subject: RE: VPN, RRAS & DHCP
<Date: Tue, 13 Mar 2007 07:11:02 -0700
<Lines: 265
<Message-ID: <3EF5E21F-D8FA-4033-8261-8123BF77E72F@xxxxxxxxxxxxx>
<MIME-Version: 1.0
<Content-Type: text/plain;
< charset="Utf-8"
<Content-Transfer-Encoding: 8bit
<X-Newsreader: Microsoft CDO for Windows 2000
<Content-Class: urn:content-classes:message
<Importance: normal
<Priority: normal
<X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757
<Newsgroups: microsoft.public.windows.server.sbs
<Path: TK2MSFTNGHUB02.phx.gbl
<Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:22580
<NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
<X-Tomcat-NG: microsoft.public.windows.server.sbs
<
<Hi, Robert
<
<Thanks for getting back on this.
<
<You're correct, RRAS users cannot obtain IP addres from SBS server when
and
<only when RRAS is set to obtain IP address from DHCP server.
<
<
<When RRAS is set to obtain IP address from an address pool (192.168.25.230
-
<192.168.20.249) all works Ok except:
<When the RRAS service is restarted (occasionally) or the server is
rebooted
<the setting in RRAS reverts to 'Obtain IP address from DHCP server' and
the
<VPN connections subsequently fail again.
<
<I say fail but in practice both the server and clients are assigned IP
<addresses in the range 168.254.x.x - the automatic IP address range.
<
<
<Normally RRAS has 1 IP address already assigned by DHCP for the server
side
<of each VPN connection. On this SBS 2003, those leases are missing and
for
<each connection there's a system event logged 'Remote Access' Event 20169'
<'Unable to contact a DHCP server.
<
<
<This has occurred since 20th October 2006 as advised after updating was
<completed.
<
<This customer had SBS2003 (NOT R2) SP1 installed in August however premium
<technologies SP1 and all post SP1 updates, including all from Microsoft
<Update were deferred to 20th October 2006.
<
<Thus on 20th October 2006 after installing ISA server 2004 & all the then
<current updates remote access failed to contact a DHCP server and VPN
access
<faltered.
<
<
<Network Topology:
<
<LAN <--> SBS2003 <-> Router <-> Internet
< 192.168.25.x 192.168.1.x
<
<All external VPN clients have the issue
<The problem arose after installing ISA server 2004 and about 31 updates
<
<
<Step 1
<
<I've re-run CEICW several times:
<
<LanIP: 192.168.25.2
<LanSM: 255.255.255.0
<LanGW: -
<LanDNS: 192.168.25.2 Registered in DNS
<LanWINS: 192.168.25.2 NetBIOS enabled
<
<WanIP: 192.168.1.2
<WanSM: 255.255.255.0
<WanGW: 192.168.1.1
<WanDNS: 192.168.25.2 Not registered in DNS
<WanWINS: - NetBIOS disabled
<
<I've checked setting up against http://support.microsoft.com/?id=825763 as
<suggested.
<
<Setup is Manual Router, draytek 2600+, VPN definitely works through this -
<there is an incoming VPN connection established as I type (IP assigned
from
<RRAS static address pool)
<
<Step 2
<
<I've re-run RAW several times. I've also tried setting up RRAS manually
<since manually the DHCP relay component gets installed (I set this to
forward
<to 192.168.25.2, 4 hops, 4 seconds) whereas the DHCP component doesn't get
<installed when RAW is run and when RRAS is initially not configured.
<
<I've also found on occasions its advisable to run CEICW again after RAW.
<
<Step 3
<
<I can establish VPN internally with IP assignment from IP address pool but
<not when set to use DHCP server
<
<Step 4
<
<The router & GRE protocol are definitely not the problem. The system will
<accept VPN connections when addresses are assigned from IP address pool
but
<the DHCP assigned IP address setting causes VPN to fail.
<
<MPS report
<
<This task is running and the report will be sent as directed
<
<Many thanks on this
<Best regards
<John
<Carltonjohn
<
<"Robert Li [MSFT]" wrote:
<
<> Hi Carlton,
<>
<> Thanks for posting in our newsgroup.
<>
<> From your description, I know that the RRAS users cannot obtain IP
<> addresses from SBS server. If I am off-base, please don¡¯t hesitate to
let
<> me know.
<>
<> Please let me know the following to make the situation more clearly:
<>
<> What the topology of the network, do you have a router between the SBS
<> server and the Internet?
<> Do all the VPN clients or some of them have the issue?
<> Do you have ISA server installed?
<>
<> Please take the following steps to narrow down this issue:
<>
<> Step 1: Please try to rerun the CEICW wizard, the wizard help us to
<> configure RRAS security setting, IP Configuration, Remote access ports
and
<> DHCP Relay automatically.
<>
<> For more information, please refer to:
<> 825763 How to configure Internet access in Windows Small Business Server
<> 2003
<> http://support.microsoft.com/?id=825763
<>
<> Step 2: Please Run the Configure Remote Access wizard to configure VPN.
<>
<> 1. Open Server Management select Configure Remote Access.
<> 2. Select to enable remote access and choosoe VPN access or Dial-in
access(
<> require a modem).
<> 2. Input the VPN Server name. You can input IP address or full Internet
<> domain name of the VPN server.
<> 3. Finish the Wizard.
<> ?
<> Step 3: On a LAN workstation, can you establish a VPN connection to the
<> server?
<>
<> For more information, please refer to:
<> 305550 How to configure a VPN connection to your corporate network in
<> Windows XP Professional
<> http://support.microsoft.com/?id=305550
<>
<> Step4: Please check if GRE Protocol 47 is enabled on your router. GRE
<> Protocol 47 is used in conjunction with PPTP to create VPNs between
clients
<> or between clients and servers. Refer to the following Knowledge Base
<> article for more information about GRE Protocol 47:
<>
<> 241251 VPN Tunnels - GRE Protocol 47 Packet Description and Use
<> http://support.microsoft.com/?kbid=241251
<>
<>
<> If the problem still exists, please help me collect the following
<> information for further research:
<>
<> MPS Report:
<>
<> a. Visit
<>
http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0bd9
<> 15706/MPSRPT_NETWORK.EXE to download the file.
<> b. Run the MPSRPT_NETWORK.EXE on the server box.
<> c. Wait for 10~15 minutes.
<> d. Open Windows explorer, navigate to
<> %SYSTEMROOT%\MPSReports\Network\Reports\cab\
<> e. Send the .cab file directly to me at v-robeli@xxxxxxxxxxxxx with
<> subject: PostReview-38293510-VPN, RRAS & DHCP.
<>
<> I am looking forward to hear from you.
<>
<> If you need further assistance, please don¡¯t hesitate to let me know
<>
<> Best regards,
<>
<> Robert Li(MSFT)
<>
<> Microsoft CSS Online Newsgroup Support
<>
<> Get Secure! - www.microsoft.com/security
<>
<> =====================================================
<>
<> This newsgroup only focuses on SBS technical issues. If you have issues
<> regarding other Microsoft products, you'd better post in the
corresponding
<> newsgroups so that they can be resolved in an efficient and timely
manner.
<> You can locate the newsgroup here:
<> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
<>
<> When opening a new thread via the web interface, we recommend you check
the
<> "Notify me of replies" box to receive e-mail notifications when there
are
<> any updates in your thread. When responding to posts via your
newsreader,
<> please "Reply to Group" so that others may learn and benefit from your
<> issue.
<>
<> Microsoft engineers can only focus on one issue per thread. Although we
<> provide other information for your reference, we recommend you post
<> different incidents in different threads to keep the thread clean. In
doing
<> so, it will ensure your issues are resolved in a timely manner.
<>
<> For urgent issues, you may want to contact Microsoft CSS directly.
Please
<> check http://support.microsoft.com for regional support phone numbers.
<>
<> Any input or comments in this thread are highly appreciated.
<>
<> =====================================================
<>
<> This posting is provided "AS IS" with no warranties, and confers no
rights.
<>
<> --------------------
<> <Thread-Topic: VPN, RRAS & DHCP
<> <thread-index: Acdk5ayBvz+f1AtlQf6he+falfMtAA==
<> <X-WBNR-Posting-Host: 82.69.60.79
<> <From: =?Utf-8?B?Y2FybHRvbmpvaG4=?=
<carltonjohn@xxxxxxxxxxxxxxxxxxxxxxxxx>
<> <References: <284861F9-B321-4E83-9067-A2BB6509278B@xxxxxxxxxxxxx>
<> <Subject: RE: VPN, RRAS & DHCP
<> <Date: Mon, 12 Mar 2007 13:33:20 -0700
<> <Lines: 25
<> <Message-ID: <F7E0F70A-B417-48D3-B7EC-7D59DE465199@xxxxxxxxxxxxx>
<> <MIME-Version: 1.0
<> <Content-Type: text/plain;
<> < charset="Utf-8"
<> <Content-Transfer-Encoding: 7bit
<> <X-Newsreader: Microsoft CDO for Windows 2000
<> <Content-Class: urn:content-classes:message
<> <Importance: normal
<> <Priority: normal
<> <X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757
<> <Newsgroups: microsoft.public.windows.server.sbs
<> <Path: TK2MSFTNGHUB02.phx.gbl
<> <Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:22440
<> <NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
<> <X-Tomcat-NG: microsoft.public.windows.server.sbs
<> <
<> <End 1st paragraph should read GRE protocol 47
<> <
<> <"carltonjohn" wrote:
<> <
<> <> RRAS on several SBS2003 fails to obtain DHCP lease giving several
errors
<> <> including the one that relates in other queries to routers & RE
protocol
<> 47.
<> <>
<> <> I've observed this on 3 customers' SBS2003 & have tried installing
RRAS
<> with
<> <> & without DHCP relay and just about every valid setting under the sun.
<> <>
<> <> The only temporary workaround has been to assign DHCP addresses from
a
<> <> static pool. The problem is this setting seems to get reset when the
<> RRAS
<> <> service is restarted or when the server restarts so the workaround is
<> <> volatile.
<> <>
<> <> The problem began on 1 machine precisely the same day I installed
hotfix
<> <> updates from Microsoft on 20th October 06 - all was 100% fine before.
<> <>
<> <> Updates include 903676 917734 914389 917344 918439 917953 911280
912442
<> <> 917283 914388 920670 920683 922616 917422 920214 921398 922582 921883
<> 920685
<> <> 918899 925486 923414 924496 923191 924191 921096 890830 922819 922770
<> 925672
<> <> 916106
<> <>
<> <> Does anyone have a permanent workaround or know which of these
updates
<> is
<> <> likely to be the culprit?
<> <
<>
<>
<

.