Re: VPN drops
- From: v-terliu@xxxxxxxxxxxxxxxxxxxx (Terence Liu [MSFT])
- Date: Thu, 29 Mar 2007 08:11:47 GMT
Hello Adrian,
Thank you for kind update.
I'm glad to hear that things are working correctly for you now. Since you
have found a workaround of this issue: set up site to site VPN instead, we
can not continue to do troubleshooting on it.
For the ISA log, as you said, it may be wrong, maybe it should log
"connection lost" and so on. Meanwhile, we can not narrow down this issue
only depend on ISA log.
If you have any concern on this issue, please feel free to let me know.
Thanks and have a nice day.
Best regards,
Terence Liu(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Date: Wed, 28 Mar 2007 12:01:54 +0100
| From: "Adrian Marsh (NNTP)" <adrian.marsh@xxxxxxxxxxxxxxxxxxxxxxx>
| User-Agent: Thunderbird 1.5.0.10 (Windows/20070221)
| MIME-Version: 1.0
| Subject: Re: VPN drops
| References: <4602EA84.4010309@xxxxxxxxxxxxxxxxxxxxxxx>
<1174642573.571071.146430@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
<uFVDDUTbHHA.3272@xxxxxxxxxxxxxxxxxxxx>
<46066C94.9040003@xxxxxxxxxxxxxxxxxxxxxxx>
<pVEkEq3bHHA.1432@xxxxxxxxxxxxxxxxxxxxxx>
| In-Reply-To: <pVEkEq3bHHA.1432@xxxxxxxxxxxxxxxxxxxxxx>
| Content-Type: text/plain; charset=ISO-8859-1; format=flowed
| Content-Transfer-Encoding: 7bit
| Message-ID: <Ok4GAiScHHA.4392@xxxxxxxxxxxxxxxxxxxx>
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: office.ubiquisys.com 88.96.204.222
| Lines: 1
| Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP03.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:25982
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Hi Terence,
|
| Thanks for the reply..
|
| As I'd said, I opted for the LAN<>LAN route, not involving SBS. So my
| immediate issue has gone away. However diagnosing future issues might
| need more info.
|
| I have seen others with longer connection times, so I'm fairly confident
| its not the SBS end dropping connections. However, what I wanted to
| prove was whether or not a client was actually disconnecting gracefully
| (i.e. end-user clicks disconnect), or whether the SBS server was closing
| the connection due to some timeout.
|
| For that, I'd need more logging data. "IAS Log viewer" (3rd party) was
| able to tell me that connections were "User_request" terminated, yet the
| end-users are telling me its not..
|
| So if end-users say they aren't dropping the connections, but the SBS
| log says "user-request"'ed, then the SBS log must be wrong - maybe it
| should log "connection lost" or "far-end-timeout" or something. (not to
| be confused with "idle-timeout"s though).
|
| Adrian
|
|
|
|
| Terence Liu [MSFT] wrote:
| > Hello Adrian,
| >
| > Thank you for kind update.
| >
| > How about my suggestions? If anything is unclear, please do not
hesitate to
| > let me know and I will be happy to help. :)
| >
| > To bypass the hardware issue, we can try to set up several VPN
connections
| > from internal clients at same time and then monitoring. Are they
working
| > fine?
| >
| > If they are working fine, that means the VPN connection drop related to
| > hardware (DSL router) limitation. Please contact your router vendor for
| > further help.
| >
| > If the VPN connections still dropped, that means there is configuration
| > issue on SBS. Please perform the steps in my pervious reply and let me
know
| > the result.
| >
| > As you mentioned "I would be interested though in finding out which DSL
| > routers do support multi-pass, are there any lists?" we do not have any
| > 3rd-pary hardware list, I suggest you to contact your hardware vendor
to
| > confirm it.
| >
| > I look forward to hearing from you.
| >
| > Thanks and have a nice day!
| >
| > Best regards,
| >
| > Terence Liu(MSFT)
| >
| > Microsoft CSS Online Newsgroup Support
| >
| > Get Secure! - www.microsoft.com/security
| >
| > =====================================================
| > This newsgroup only focuses on SBS technical issues. If you have issues
| > regarding other Microsoft products, you'd better post in the
corresponding
| > newsgroups so that they can be resolved in an efficient and timely
manner.
| > You can locate the newsgroup here:
| > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| >
| > When opening a new thread via the web interface, we recommend you check
the
| > "Notify me of replies" box to receive e-mail notifications when there
are
| > any updates in your thread. When responding to posts via your
newsreader,
| > please "Reply to Group" so that others may learn and benefit from your
| > issue.
| >
| > Microsoft engineers can only focus on one issue per thread. Although we
| > provide other information for your reference, we recommend you post
| > different incidents in different threads to keep the thread clean. In
doing
| > so, it will ensure your issues are resolved in a timely manner.
| >
| > For urgent issues, you may want to contact Microsoft CSS directly.
Please
| > check http://support.microsoft.com for regional support phone numbers.
| >
| > Any input or comments in this thread are highly appreciated.
| > =====================================================
| >
| > This posting is provided "AS IS" with no warranties, and confers no
rights.
| >
| > --------------------
| > | Message-ID: <46066C94.9040003@xxxxxxxxxxxxxxxxxxxxxxx>
| > | Date: Sun, 25 Mar 2007 13:35:32 +0100
| > | From: "Adrian Marsh (NNTP)" <adrian.marsh@xxxxxxxxxxxxxxxxxxxxxxx>
| > | User-Agent: Thunderbird 1.5.0.10 (Windows/20070221)
| > | MIME-Version: 1.0
| > | Subject: Re: VPN drops
| > | References: <4602EA84.4010309@xxxxxxxxxxxxxxxxxxxxxxx>
| > <1174642573.571071.146430@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
| > <uFVDDUTbHHA.3272@xxxxxxxxxxxxxxxxxxxx>
| > | In-Reply-To: <uFVDDUTbHHA.3272@xxxxxxxxxxxxxxxxxxxx>
| > | Content-Type: text/plain; charset=ISO-8859-1
| > | Content-Transfer-Encoding: 7bit
| > | X-Antivirus: avast! (VPS 000727-1, 23/03/2007), Outbound message
| > | X-Antivirus-Status: Clean
| > | Newsgroups: microsoft.public.windows.server.sbs
| > | NNTP-Posting-Host: 213-162-121-253.adrian080.adsl.metronet.co.uk
| > 213.162.121.253
| > | Lines: 1
| > | Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP02.phx.gbl
| > | Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:25307
| > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > |
| > | Hmm...
| > |
| > | After a bit more research, I'm wondering whether or not the Draytek
does
| > | support multi-pass.. It certainly does allow the tunnels to be
created
| > | and data to pass, but I wonder if it gets confused..
| > |
| > | Anyway, I've now figured out how to lock the ethernet ports down to
MAC
| > | specific laptops, so I'm going to setup a LAN-LAN connection instead.
| > |
| > | I would be interested though in finding out which DSL routers do
support
| > | multi-pass, are there any lists?
| > |
| > | I found a "termination cause" column in the SBS logs, that suggests
the
| > | SBS server thinks the far end disconnected, so I dont think I'll see
| > | much more..
| > |
| > | A.
| > |
| > | Adrian Marsh (NNTP) wrote:
| > | > Its a Draytek 2800 on both ends, but I use VPN on the SBS2003 R1
server
| > | > as we reached the VPN limits of the Draytek.
| > | >
| > | > The Draytek does support multi-vpn client passthrough, and thats
fine
| > | > (I've seen 3 users online at the same time from the same site).
Whats
| > | > odd is why they keep getting kicked off.
| > | >
| > | > I was hoping that theres some extra logging in the SBS server that
I can
| > | > turn on to find out why this is... and most importantly, does the
SBS
| > | > server think its a graceful disconnect, or that the users just
| > | > "disappear"..
| > | >
| > | > ndohyycsqotchk@xxxxxxxxxxxxxx wrote:
| > | >> On Mar 23, 8:43 am, "Adrian Marsh (NNTP)"
| > | >> <adrian.marsh@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
| > | >>> Hi All,
| > | >>>
| > | >>> I've several XP users at a remote site, who VPN (PPTP) to the SBS
| > | >>> server.
| > | >>>
| > | >>> Generally, I'm happy with the VPN features of the SBS2003 R1
server
| > | >>> (though I'd still like to get IPSEC with UDP-encapsulation working
| > | >>> instead of PPTP).
| > | >>>
| > | >>> However these remote users are complaining that their PPTP
tunnels
| > keep
| > | >>> dropping.
| > | >>>
| > | >>> I can't do site-site VPN as its not a completely secured location.
| > | >>>
| > | >>> But I do need to diagnose more about why the PPTP sessions are
| > dropping.
| > | >>>
| > | >>> What are my options for diagnosing this more (either from the
servers
| > | >>> view, and/or the XP client itself??)
| > | >>>
| > | >>> I use IAS log viewer to interpret the current VPN server logs,
and all
| > | >>> that shows is that the user connected ok (not why they
disconnected).
| > | >>>
| > | >>> I'm monitoring simple ICMP pings to their DSL router, which shows
that
| > | >>> the internet connection stays alive, and our ISP tells me that
they
| > see
| > | >>> constant days of uptime, so I've ruled out internet connectivity
as an
| > | >>> issue.
| > | >>>
| > | >>> Looking at the IAS logs, I see that connection times vary from
<1min
| > to
| > | >>> <1 hour..
| > | >>>
| > | >>> Thanks,
| > | >>>
| > | >>> Adrian
| > | >>
| > | >> What make/model of router do you have? Some routers don't support
| > | >> multiple concurrent PPTP VPN sessions to the same host.
| > | >>
| > |
| >
|
.
- References:
- VPN drops
- From: Adrian Marsh (NNTP)
- Re: VPN drops
- From: ndohyycsqotchk
- Re: VPN drops
- From: Adrian Marsh (NNTP)
- Re: VPN drops
- From: Adrian Marsh (NNTP)
- Re: VPN drops
- From: Terence Liu [MSFT]
- Re: VPN drops
- From: Adrian Marsh (NNTP)
- VPN drops
- Prev by Date: RE: DNS problems after installing Server 2003 SP2
- Next by Date: Re: Roaming Profiles
- Previous by thread: Re: VPN drops
- Next by thread: Re: After using CEICW, port is still not open!??
- Index(es):
Relevant Pages
|
