I was able to connect to my ISA Server from Internet through VPN. But i don't know what is changed and i have started getting this error:
"Error 800: Unable to establish the VPN connection. The VPN server may be unreachable, or security parameters may not be configured properly for this connection".
My ISA Server is joined to domain. I am using MSCHAP-v2 Encryption method with PPTP.
1. if possible test from a workstation directly connected to the same segment as the ISA external interface. That should exclude all external dependencies.
2. take a network monitor trace to find out how far the PPTP call setup goes. Check out my blog Multiple PPTP VPN clients behind a NAT device for some tips to interpret that trace.
Yes! i connected the external interface directly to my Notebook computer and checked the vpn. It is giving same error. Can it be because of authentication. My isa is joined to domain.
I have noticed one thing before i go for the trace. I dialed the VPN Connection and checked the log of ISA where i found an entry of
"PPTP Initiated Connection with Rule Name of "[System] Allow VPN Client traffic to ISA Server, Source Network (External) " with my Dial-Up connection IP Address that i am getting from my ISP".
This means that it is reaching there but after that it is being rejected due to some reason.
you are very right! I make always sure that Receive Side Scaling and TCP Offload Support are disabled per KB article http://support.microsoft.com/kb/936594.
However the create_share didn't mention that the problem started after an update. So...
Posts: 69
Joined: 1.Jul.2005
From: Stockholm / Sweden
Status: offline
Hello Steefan
I got a hold of a document from a guy that called Micrsoft Support about the SP2 problem and VPN connection (among other things ofcource :-) )
Here is what Microsoft recommended:
After the installation of SP2 we must check the following steps: · Changed the following registry key: a) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters EnableRSS >>> change it to 0. EnableTCPA >>> change it to 0. b) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters In the right pane, make sure that the DisableTaskOffload registry entry exists. If this entry does not exist, follow these steps to add the entry: On the Edit menu, point to New, and then click DWORD Value, and then type DisableTaskOffload. Double-Click DisableTaskOffload, type 1, and then click OK. Exit Registry Editor. · Rebooted the ISA Server. · Enabled the RPC filter and restarted the ISA Services. · Tried connecting to VPN.
The B option is the first time i see and i can't really tell if that have anything to do with VPN or not, vould be worth a shoot if he have installed SP2.
< Message edited by rino01 -- 11.Aug.2007 3:38:13 AM >
Spouseele is also right but you know i was able to connect to it from the beginining becuase i installed sp-2 when i prepared the server. Now i have disabled these things and after restarting it started working.
Thankx Everybody.
I am going to publish my Exchange Server 2007 and i am sure i will face problems with SP-2. What do u think?
Posts: 69
Joined: 1.Jul.2005
From: Stockholm / Sweden
Status: offline
Glad to be of service.
I don't think you will face any big problems with SP2 and Exchange 2007. The biggest problem was the one you have taken care of. I recomend you to read Tom's article about publishing Exchange 2007 with ISA 2007 that will help you on your way.
< Message edited by rino01 -- 11.Aug.2007 3:41:16 AM >
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA 2006 Firewall] >> VPN >> Getting Error (Urgent) 
Getting Error (Urgent) - 
RE: Getting Error (Urgent) - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread