I've upgraded one old and reliable ISA Server 2004 to 2006 (running on WS2003R2, nothing else runs on that server), it is an edge firewall and VPN provider. Later this year, it will be replaced by Forefront (and new hardware), but now, I need to keep it running. This upgrade was due to devices that require L2TP.
After the upgrade, whatever I do, VPN doesn't work - L2TP, PPTP - from logs I can see user correctly authenticates, gets IP from DHCP server, and then the connection fails, on the following error in Event log (on ISA Server):
*The user [...] connected to port VPN3-4 has been disconnected because no network protocols were successfully negotiated.*
I reset TCP/IP stack, cleared ARP cache, went through all RAS settings I can think of - but this event keeps happening and users can't use VPN.
The only problem I found was in IPRouterManager.LOG:
 15:43:05: Error adding route, Stack bit == 0  15:43:05: ProcessDefaultRouteChanges: Not default route [external IP]/32  15:43:05: AddInterface: Adding [user name]  15:43:05: ICB number for [user name] is 11  15:43:05: ENTERED SetMcastLimitInfo for If ffffffff  15:43:05: LEFT SetMcastLimitInfo  15:43:05: ENTERED SetBoundaryInfo for If ffffffff  15:43:05: LEFT SetBoundaryInfo  15:43:05: AddInterface: Added [user name]: Type- 0, Index- -1, ICB 0x1583dc8  15:43:14: DeleteInterface: Deleting [user name]
(in the log, [external IP] and [user name] represent actual external IP and user name)
Please, do you have any idea at least where to look, or do you have any experience with such error?