Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
VPN Connection Problem (PPTP)
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
VPN Connection Problem (PPTP) - 20.Jan.2004 4:36:00 PM
|
|
|
pretoriano05
Posts: 15
Joined: 17.Oct.2003
Status: offline
|
I have a strange VPN connection problem. 3 months ago I installed an
ISA Server (integrated mode). Ran the VPN wizard and everything was OK
until 2 weeks ago.
I connected without a problem from my home computer. But now it does
not work, the strange thing is that sometimes the connection works, the
other day, after 21 atempts, and yesterday after 17 atempts. On the
client I get this errors:
----------------------------
Verifying username and password...
Error 718: The connection timed out waiting for a valid response from
the remote computer.
Redial Cancel More info
---------------------------
Verifying username and password...
Error 930: The authentication server did not respond to authentication
requests in a timely fashion.
Redial Cancel More info
---------------------------
On the server, I get this error in system log:
Event Type: Error
Event Source: RemoteAccess
Event Category: None
Event ID: 20073
Date: 1/5/2004
Time: 9:01:09 PM
User: N/A
Computer: MYISA
Description:
The following error occurred in the Point to Point Protocol module on port:
VPN5-127, UserName: userok. The authentication server did not respond
to authentication requests in a timely fashion.
Data:
0000: a2 03 00 00 ó...
My ISA(ISA SP1 with all patches) server is a WIN2K Server, member of a
NT4 SP6A domain, my user has dial in privileges. I am connecting from
a WIN2K computer SP4.
I am using PPTP with MPPE 128 BITS.
I see the VPN ports awating connection OK on the RRAS console.
The thing is that I used this VPN server for 2 months without any
problems and I don't understand why this stopped working.
I connected a laptop to
the external ISA VPN switch interface, and configured it to the correct ip
addressing and I couldn't make a connection locally, I got the same errors.
Then I created a local account on the ISA VPN server, gave it dial in
permissions and I connected OK, then, I went home and connected from my home
office using this local account without a problem.
So the problem is that I cannot connect using a domain account, but as I
told you the other day, sometimes, after several attempts it works but just
in rare exceptions.
I don't get it, because a few months ago, I could connect using domain
accounts OK.
Thanks
|
|
|
|
RE: VPN Connection Problem (PPTP) - 20.Jan.2004 5:28:00 PM
|
|
|
winoto
Posts: 125
Joined: 10.Sep.2002
From: Montreal
Status: offline
|
Hi,
Have you check ms knowledgebase from www.eventid.net?
|
|
|
|
RE: VPN Connection Problem (PPTP) - 20.Jan.2004 5:50:00 PM
|
|
|
pretoriano05
Posts: 15
Joined: 17.Oct.2003
Status: offline
|
Hello Winoto, yes, I already checked in eventid and none of the solutions seems to help.
I have 2 years working with ISA Server and I have seem a lot of weird situations but not like this one. I checked both books of Dr. ISA and no solution there, and checked the MS knowledge base and nop.
If I can make a VPN connection with a local user, that tells me that my ISA VPN is functional and that it is working fine. And what is more rare, after running ISA vpn wizard, it worked OK for domain accounts for about 2 months, then suddenly, without any changes in the domain, it stopped working for domain accounts. As I stated later, sometimes, when I make a lot of attempts (30 or 40), it gets connected once. I tried conneting from several computers (w2k, wxp).
Restarted the server, services, domain controller and no solution.
I don't see any other event logged that can send me some light about the issue.
Well my friends, I think that this one is kind of difficult!
Think about it, local accounts connect fine, domain accounts don't!
What tha heck!
Thank you guys.
|
|
|
|
|
RE: VPN Connection Problem (PPTP) - 21.Jan.2004 2:03:00 AM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi NC,
What are the DNS settings on the ISA firewall's internal and external interfaces?
Thanks!
Tom
|
|
|
|
RE: VPN Connection Problem (PPTP) - 22.Jan.2004 3:09:00 PM
|
|
|
pretoriano05
Posts: 15
Joined: 17.Oct.2003
Status: offline
|
Hello Mr. Shinder, the internal interface does not have a DNS server (this is a NT4 domain), the external interface has the primary and secondary DNS servers from my ISP.
I am going nuts, working all days to find the solution cuz I can't assign a local account to all my remote users!
By the way, what happens if I have a W2K domain, I will need to configure the AD internal DNS in the internal interface and in the external my ISP DNS servers?
Thank you for you time and help
|
|
|
|
|
RE: VPN Connection Problem (PPTP) - 23.Jan.2004 12:00:00 AM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi NC,
WinNT was very dependent on WINS. Is your WINS database OK and does the internal interface of the ISA firewall have the WINS server address configured on it? Make sure that the internal interface of the ISA firewall is on the top of the interface list.
Thanks!
Tom
|
|
|
|
|
RE: VPN Connection Problem (PPTP) - 23.Jan.2004 4:28:00 PM
|
|
|
pretoriano05
Posts: 15
Joined: 17.Oct.2003
Status: offline
|
Hello Mr. Shinder, I have the internal interface configured with the correct WINS server (primary and secondary).
Do you mean the binding order of the interfaces in the advanced menu??
Thanks
|
|
|
|
|
RE: VPN Connection Problem (PPTP) - 23.Jan.2004 7:12:00 PM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi NC,
Yes, the internal interface should be on the top of that binding order.
HTH,
Tom
|
|
|
|
RE: VPN Connection Problem (PPTP) - 27.Jan.2004 5:35:00 PM
|
|
|
pretoriano05
Posts: 15
Joined: 17.Oct.2003
Status: offline
|
I changed the binding order, now the internal interface is the first in the list.
But the problem persists, I could not make a connection with a domain account.
Thanks anyway and still searching.
NC
|
|
|
|
|
RE: VPN Connection Problem (PPTP) - 28.Jan.2004 1:27:00 AM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi NC,
Is the ISA firewall a ember of the domain?
Thanks!
Tom
|
|
|
|
|
RE: VPN Connection Problem (PPTP) - 28.Jan.2004 3:38:00 PM
|
|
|
pretoriano05
Posts: 15
Joined: 17.Oct.2003
Status: offline
|
Hello
Yes, it is, of course.
I still don't get it, yesterday I connected once after 41 attempts! Then it just failed again. But with local accounts everything works just fine.
Thank you!
|
|
|
|
|
RE: VPN Connection Problem (PPTP) - 29.Jan.2004 1:03:00 AM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi NC,
I'm out of ideas. I haven't worked with NT much since 1999, so it might be an NT issue. Maybe removing and rejoining the domain would help?
HTH,
Tom
|
|
|
|
|
RE: VPN Connection Problem (PPTP) - 30.Jan.2004 12:41:00 PM
|
|
|
humpty694
Posts: 22
Joined: 15.Jan.2002
From: UK
Status: offline
|
The reason why your connection has not worked is that your ISP blocked ICMP to prevent the spread of a particular virus. You should find that most ISPs (as of yesterday) have removed any blocking.
ED
|
|
|
|
|
RE: VPN Connection Problem (PPTP) - 30.Jan.2004 6:43:00 PM
|
|
|
pretoriano05
Posts: 15
Joined: 17.Oct.2003
Status: offline
|
Hello ED, that is not the problem because I could connect using a local account every single day. The problem is with domain accounts. I tried today and is the same behavior.
I don't understand what is going on! People want me to get this fixed, but I don't know how! Tried everything, the ISA server is associated with the PDC.
I want to know if somebody has experience working ISA server VPN with NT4 domains. If any of you knows who can help me, let me know.
Thank you
NC
|
|
|
|
|
RE: VPN Connection Problem (PPTP) - 30.Jan.2004 9:33:00 PM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi NC,
Can you log onto the ISA firewall using an NT domain account?
Also, you might have a whacked WINS. Try creating LMHOSTS file entries on the ISA firewall to help it find the DC for the NT domain.
HTH,
Tom
|
|
|
|
|
RE: VPN Connection Problem (PPTP) - 4.Feb.2004 8:02:00 PM
|
|
|
pretoriano05
Posts: 15
Joined: 17.Oct.2003
Status: offline
|
Hello
Yes I can log on to the ISA server using a domain account.
I have all workstations in my LAN running windows 2000 and XP, and several W2K member servers.
There is something weird going on, when you start up a workstation or a W2K member server, I get the "RPC not available" event in the event log (system) of that computer. Is a netlogon event.
This is really bad because I have to associate the computer using NETDOM, the computers, after several minutes (20 or 30) associate themselves with a DC. But in many cases I have to do that myself.
The ISA server is associated with the PDC. Both located in the Headquarters
NC
|
|
|
|
|
RE: VPN Connection Problem (PPTP) - 6.Mar.2008 9:49:27 AM
|
|
|
intersimi
Posts: 27
Joined: 12.May2007
Status: offline
|
This issue looks like it was a while ago and no solution...
I have the same issue, however everything is Windows 2003 SP2 and ISA server 2006 Standard.
I attempt to log in and get Error 718. Once in every 10's of attempts I successfully log in. If I use a local account to the ISA server, I can log in instantly.
I have run wireshark on the DC and can see traffic from ISA when I attempt to login, so the login is initiating some kind of communication with the DC.
.....
Update (middle of typing thread)...
I have turned off the 'Enable RSS' registry setting and rebooted ISA. Now this works fine.
_____________________________
regards,
Intersimi
|
|
|
|
|
RE: VPN Connection Problem (PPTP) - 17.Mar.2008 12:24:16 AM
|
|
|
AHIT
Posts: 1561
Joined: 22.Jul.2002
From: Sydney, Australia
Status: offline
|
Intersimi,
glad to see you've managed to troubleshoot and solve your own issue - well done!
_____________________________
http://www.ahit.com.au/isa
(Previous nick: Tolk)
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
