Posts: 12
Joined: 28.Apr.2004
From: Berlin / Germany
Status: offline
Tom, what is the background why ISA should have an issue with non "business class lines" ? In Germany it is very popular to have branch offices connected to DSL with dynamic IP addresses. However, as others here stated it also makes the main office ISA crash that is on a business class line. I guess everybody agrees that any internet connection may have short outages. Under no circumstances this should cause a sophisticated product like ISA to crash.
Do you have some backround information why MS makes such statements? Is there a fix to come?
At the HQ side I have a 1.5Mbs ADSL with 16 static (public) IP's.
At the first remote branch I have a 512k ADSL line with 8 static (public) IP's, and at the second remote branch I have a 448k leased line with 16 static (public) IP's.
So I assume this qualifies as 'business' links.
As far as manually disconnecting, at this stage I usually wait until the RAS hangs (for which I haven't found the cause, potentially the line drops temporarily or something). Anyhow, when it hangs, I reboot the ISA server. The problem is that my machines are in 3 different time zones (GMT-8, GMT +2, GMT +8), so usually only 1 server can be rebooted at a time because the others are sleeping. Cheers Olaf
[ October 06, 2004, 11:42 PM: Message edited by: Olaf Wagner ]
Posts: 107
Joined: 26.Feb.2004
From: UK
Status: offline
To add to all of this.
I eventually got my Site to Site VPN working (or thought i had) using the Microsoft VPN kit instructions.
The problem is that after it was connected for a few seconds one of the two ISA 2004 servers hung and after a hard reboot appears to have corrupted the registry/OS. I have an image backup and will restore the OS then my ISA config but it appears this type of hang is a common problem (maybee the OS corruptions was just bad luck)?
The MS vpn kit tells you to allow both ends to initiate the connection however i get the feeling that this is a problem, should i disable initiate at one end??
To add to the business class stuff if ADSL at either ends both with static IP addresses counts as business class then that config still gives the same issue.
I agree that with static addresses, it qualifies as business class.
I've set it up both ways -- with both sides dialing and with one side dialing and it seems stable both ways. Although, I prefer to set it up with only one side dialing, most customers demand that I make both sides capable of the redial.
That said, I wrote the MS VPN kit, so I know it works
RE: Crashing RAS Service - 13.Oct.2004 11:17:00 PM
Guest
Hi All. I have exactly the same problem. RRAS bombs out after about 24 hours. Only the branch is configured to call, the HO is confiugured to answer only.
When RAS bombs out I can genrally do a shutdown -r -f, sometimes I need a hard reset. This is a problem for me as I am championing ISA 2004 against checkpoint, but the VPN's do not seem as reliable.
Anyone got stable site to site vpn's using isa 2004?
We have had this problem since upgrading the remote sites from 2000 to 2004. Have just reported it to Microsoft and am waiting for them to do some digging and get back to me.
Posts: 107
Joined: 26.Feb.2004
From: UK
Status: offline
Another crash here
Seems like if you have a VPN connection up and one end goes down ie you reboot a ISA machine etc then the other end is quite likely to hang about 1 in 5 times from my experience!
Not good as i assume any internet outage etc would have same chance of hanging the firewall at one or both ends.
Also need a hard reset so hardly convenient for branch offices. Hope they sort this one out soon!
Posts: 1
Joined: 30.Jul.2004
From: Russia
Status: offline
Hi ALL. I have the same problem with RAS that stop responding while there are temporarily no Internet Connection on Main or Branch Office. Win2k2/ISA2k4 on both sides. I have some statistics that I monitored: if there are 30 secconds without iNET then VPN connection goes up by itself after 2-3 minutes. if there are 2-4 minutes withous iNET then VPN connection goes up by itself after 15-30 minutes. Hmmm... :/ With longer no internet connections periods I have hanging RAS on one or both of the sides. Only reset or hard reset needed to bring VPN back working again. The trick - if VPN is hanging and the machine don't want to go on soft reboot - try to kill all svchost.exe processes - this should crash the Windows and the machine goes on reboot even with hanging RAS
Logged call with Microsoft about this - and luckily hotfix released today [should be about 1 week before released to public]. Problem is specifically with the TCP stack under Windows 2003 - even though ISA 2004 causes problem. If you want patch log call with Microsoft and quote KB Article: 888090 - this should appear in their searches in about 1 week according to Microsoft Support. I still have not tested patch but will let you know.
Posts: 478
Joined: 3.Jun.2003
From: Albuquerque NM USA
Status: offline
Hi Olaf,
Read JurgenR's message carefully:
quote:If you want patch log call with Microsoft and quote KB Article: 888090 - this should appear in their searches in about 1 week according to Microsoft Support.
I did read the message carefully, but was hoping there was a faster method for obtaining this file.
Anyhow, I have since contacted Microsoft, and applied the patch to all the Win2003/ISA2004 servers. I will let this run a few days, and report back whether this addresses the issue.
Posts: 107
Joined: 26.Feb.2004
From: UK
Status: offline
Also installed it here as i had the same problems, been on for 2 days now and no crashes, if it's still ok after the weekend i would say it solves the problem.
Posts: 107
Joined: 26.Feb.2004
From: UK
Status: offline
Still all running after the weekend, so i guess this patch fixes it. I have seen this problem in quite a number of newsgroups etc but no response from Microsoft to any questions posed. Must have been driving quite a few people crazy as well as me.
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA Server 2004 Firewall] >> VPN >> RE: Crashing RAS Service 
RE: Crashing RAS Service - 
![[Smile]](/image/smiles/smile.gif)
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread