From: Berlin / Germany
Tom, what is the background why ISA should have an issue with non "business class lines" ? In Germany it is very popular to have branch offices connected to DSL with dynamic IP addresses. However, as others here stated it also makes the main office ISA crash that is on a business class line. I guess everybody agrees that any internet connection may have short outages. Under no circumstances this should cause a sophisticated product like ISA to crash.
Do you have some backround information why MS makes such statements? Is there a fix to come?
At the HQ side I have a 1.5Mbs ADSL with 16 static (public) IP's.
At the first remote branch I have a 512k ADSL line with 8 static (public) IP's, and at the second remote branch I have a 448k leased line with 16 static (public) IP's.
So I assume this qualifies as 'business' links.
As far as manually disconnecting, at this stage I usually wait until the RAS hangs (for which I haven't found the cause, potentially the line drops temporarily or something). Anyhow, when it hangs, I reboot the ISA server. The problem is that my machines are in 3 different time zones (GMT-8, GMT +2, GMT +8), so usually only 1 server can be rebooted at a time because the others are sleeping. Cheers Olaf
[ October 06, 2004, 11:42 PM: Message edited by: Olaf Wagner ]
To add to all of this.
I eventually got my Site to Site VPN working (or thought i had) using the Microsoft VPN kit instructions.
The problem is that after it was connected for a few seconds one of the two ISA 2004 servers hung and after a hard reboot appears to have corrupted the registry/OS. I have an image backup and will restore the OS then my ISA config but it appears this type of hang is a common problem (maybee the OS corruptions was just bad luck)?
The MS vpn kit tells you to allow both ends to initiate the connection however i get the feeling that this is a problem, should i disable initiate at one end??
To add to the business class stuff if ADSL at either ends both with static IP addresses counts as business class then that config still gives the same issue.
I agree that with static addresses, it qualifies as business class.
I've set it up both ways -- with both sides dialing and with one side dialing and it seems stable both ways. Although, I prefer to set it up with only one side dialing, most customers demand that I make both sides capable of the redial.
That said, I wrote the MS VPN kit, so I know it works
Hi ALL. I have the same problem with RAS that stop responding while there are temporarily no Internet Connection on Main or Branch Office. Win2k2/ISA2k4 on both sides. I have some statistics that I monitored: if there are 30 secconds without iNET then VPN connection goes up by itself after 2-3 minutes. if there are 2-4 minutes withous iNET then VPN connection goes up by itself after 15-30 minutes. Hmmm... :/ With longer no internet connections periods I have hanging RAS on one or both of the sides. Only reset or hard reset needed to bring VPN back working again. The trick - if VPN is hanging and the machine don't want to go on soft reboot - try to kill all svchost.exe processes - this should crash the Windows and the machine goes on reboot even with hanging RAS
Logged call with Microsoft about this - and luckily hotfix released today [should be about 1 week before released to public]. Problem is specifically with the TCP stack under Windows 2003 - even though ISA 2004 causes problem. If you want patch log call with Microsoft and quote KB Article: 888090 - this should appear in their searches in about 1 week according to Microsoft Support. I still have not tested patch but will let you know.
Still all running after the weekend, so i guess this patch fixes it. I have seen this problem in quite a number of newsgroups etc but no response from Microsoft to any questions posed. Must have been driving quite a few people crazy as well as me.