Discussion:
Isa server - PPTP & L2TP issues
(too old to reply)
Coigné Guillaume
2009-06-29 09:14:20 UTC
Permalink
Hi,

I'm currently experiencing a problem that PPTP connection no longer work on
my ISA server for VPN client access. It seems that only the WAN Miniport
PPPoE is listed in the ports section of RAS. (Even if i enabled both PPTP
and L2TP in the properties of the Ports.)

It's also strange that the ISA is not listening on 1723 and during
monitoring when someone tries to connect to PPTP it says "Connection attempt
Failed".

No Windows updates have been installed lately and the server is Windows 2003
(SP2)

We have had the same issue about a month ago due to crappy updates which
caused the same thing. But ofcourse these are no longer installed.

If I go back to what could have caused this, then the only thing that
changed was installation of an extra NIC with 2 interfaces.
FYI RSS is disabled for TCP / IP

Please help
--
Guillaume Coigné
MCP, MCTS, MCSA, MCSA Messaging

Cafe.be
Marksesteenweg 35
8500 Kortrijk
Mob: +32 (0) 496162505
Email: ***@cafe.be
Phillip Windell
2009-06-29 13:37:45 UTC
Permalink
One of MS's wonderful patches to fix a DNS issue trashes RRAS VPN ports.
Either remove the Patch or run the script listed in the article to fix it.
You may have to reboot the ISA afterwards.

(KB956570 stops PPTP in ISA VPN)
DNS queries that are passed through the ISA Server 2006 NAT do not use
random source ports
http://support.microsoft.com/kb/956570
--
Phillip Windell

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Post by Coigné Guillaume
Hi,
I'm currently experiencing a problem that PPTP connection no longer work
on my ISA server for VPN client access. It seems that only the WAN
Miniport PPPoE is listed in the ports section of RAS. (Even if i enabled
both PPTP and L2TP in the properties of the Ports.)
It's also strange that the ISA is not listening on 1723 and during
monitoring when someone tries to connect to PPTP it says "Connection
attempt Failed".
No Windows updates have been installed lately and the server is Windows
2003 (SP2)
We have had the same issue about a month ago due to crappy updates which
caused the same thing. But ofcourse these are no longer installed.
If I go back to what could have caused this, then the only thing that
changed was installation of an extra NIC with 2 interfaces.
FYI RSS is disabled for TCP / IP
Please help
--
Guillaume Coigné
MCP, MCTS, MCSA, MCSA Messaging
Cafe.be
Marksesteenweg 35
8500 Kortrijk
Mob: +32 (0) 496162505
Coigné Guillaume
2009-06-29 14:20:22 UTC
Permalink
i know but this one was not installed on the machine

it must be something else, nevertheless the L2TP ports come up ok.

This is a preview from the RASMan logfile: it shows that the L2TP ports come
up ok but the PPTP not !!

[1012] 06-29 16:04:06:278: PortOpen (188). OpenInstances = (0)
[1012] 06-29 16:04:06:293: PortOpen: failed to open port VPN5-137.
0x80000048
[1012] 06-29 16:04:06:293: PortOpen (189). OpenInstances = (0)
[1012] 06-29 16:04:06:293: PortOpen: failed to open port VPN5-138.
0x80000048
[1012] 06-29 16:04:06:293: PortOpen (190). OpenInstances = (0)
[1012] 06-29 16:04:06:293: PortOpen: failed to open port VPN5-139.
0x80000048
[1012] 06-29 16:04:06:293: PortOpen (191). OpenInstances = (0)
[1012] 06-29 16:04:06:293: PortOpen: failed to open port VPN5-140.
0x80000048
[1012] 06-29 16:04:06:293: PortOpen (192). OpenInstances = (0)
[1012] 06-29 16:04:06:293: PortOpen: failed to open port VPN5-141.
0x80000048
[1012] 06-29 16:04:06:293: PortOpen (193). OpenInstances = (0)
[1012] 06-29 16:04:06:293: PortOpen: failed to open port VPN5-142.
0x80000048
[1012] 06-29 16:04:06:293: PortOpen (194). OpenInstances = (0)
[1012] 06-29 16:04:06:293: PortOpen: failed to open port VPN5-143.
0x80000048
[1012] 06-29 16:04:06:293: PortOpen (195). OpenInstances = (0)
[1012] 06-29 16:04:06:293: PortOpen: failed to open port VPN5-144.
0x80000048
[1012] 06-29 16:04:06:293: PortOpen (196). OpenInstances = (0)
[1012] 06-29 16:04:06:293: d:\nt\net\rras\ras\rasman\rasman\request.c: 3077:
port 196 state chg: prev=4, new=4
[1012] 06-29 16:04:06:293: PortOpen (196) : OpenInstances = 1
[1012] 06-29 16:04:06:293: PortOpen (197). OpenInstances = (0)
[1012] 06-29 16:04:06:293: d:\nt\net\rras\ras\rasman\rasman\request.c: 3077:
port 197 state chg: prev=4, new=4
[1012] 06-29 16:04:06:293: PortOpen (197) : OpenInstances = 1
[1012] 06-29 16:04:06:293: PortOpen (198). OpenInstances = (0)
[1012] 06-29 16:04:06:293: d:\nt\net\rras\ras\rasman\rasman\request.c: 3077:
port 198 state chg: prev=4, new=4
[1012] 06-29 16:04:06:293: PortOpen (198) : OpenInstances = 1
[1012] 06-29 16:04:06:293: PortOpen (199). OpenInstances = (0)
[1012] 06-29 16:04:06:293: d:\nt\net\rras\ras\rasman\rasman\request.c: 3077:
port 199 state chg: prev=4, new=4
[1012] 06-29 16:04:06:293: PortOpen (199) : OpenInstances = 1
[1012] 06-29 16:04:06:293: PortOpen (200). OpenInstances = (0)
Post by Phillip Windell
One of MS's wonderful patches to fix a DNS issue trashes RRAS VPN ports.
Either remove the Patch or run the script listed in the article to fix it.
You may have to reboot the ISA afterwards.
(KB956570 stops PPTP in ISA VPN)
DNS queries that are passed through the ISA Server 2006 NAT do not use
random source ports
http://support.microsoft.com/kb/956570
--
Phillip Windell
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Post by Coigné Guillaume
Hi,
I'm currently experiencing a problem that PPTP connection no longer work
on my ISA server for VPN client access. It seems that only the WAN
Miniport PPPoE is listed in the ports section of RAS. (Even if i enabled
both PPTP and L2TP in the properties of the Ports.)
It's also strange that the ISA is not listening on 1723 and during
monitoring when someone tries to connect to PPTP it says "Connection
attempt Failed".
No Windows updates have been installed lately and the server is Windows
2003 (SP2)
We have had the same issue about a month ago due to crappy updates which
caused the same thing. But ofcourse these are no longer installed.
If I go back to what could have caused this, then the only thing that
changed was installation of an extra NIC with 2 interfaces.
FYI RSS is disabled for TCP / IP
Please help
--
Guillaume Coigné
MCP, MCTS, MCSA, MCSA Messaging
Cafe.be
Marksesteenweg 35
8500 Kortrijk
Mob: +32 (0) 496162505
Phillip Windell
2009-06-29 20:46:09 UTC
Permalink
I really don't have any idea then.
--
Phillip Windell

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Post by Coigné Guillaume
i know but this one was not installed on the machine
it must be something else, nevertheless the L2TP ports come up ok.
This is a preview from the RASMan logfile: it shows that the L2TP ports
come up ok but the PPTP not !!
[1012] 06-29 16:04:06:278: PortOpen (188). OpenInstances = (0)
[1012] 06-29 16:04:06:293: PortOpen: failed to open port VPN5-137.
0x80000048
[1012] 06-29 16:04:06:293: PortOpen (189). OpenInstances = (0)
[1012] 06-29 16:04:06:293: PortOpen: failed to open port VPN5-138.
0x80000048
[1012] 06-29 16:04:06:293: PortOpen (190). OpenInstances = (0)
[1012] 06-29 16:04:06:293: PortOpen: failed to open port VPN5-139.
0x80000048
[1012] 06-29 16:04:06:293: PortOpen (191). OpenInstances = (0)
[1012] 06-29 16:04:06:293: PortOpen: failed to open port VPN5-140.
0x80000048
[1012] 06-29 16:04:06:293: PortOpen (192). OpenInstances = (0)
[1012] 06-29 16:04:06:293: PortOpen: failed to open port VPN5-141.
0x80000048
[1012] 06-29 16:04:06:293: PortOpen (193). OpenInstances = (0)
[1012] 06-29 16:04:06:293: PortOpen: failed to open port VPN5-142.
0x80000048
[1012] 06-29 16:04:06:293: PortOpen (194). OpenInstances = (0)
[1012] 06-29 16:04:06:293: PortOpen: failed to open port VPN5-143.
0x80000048
[1012] 06-29 16:04:06:293: PortOpen (195). OpenInstances = (0)
[1012] 06-29 16:04:06:293: PortOpen: failed to open port VPN5-144.
0x80000048
[1012] 06-29 16:04:06:293: PortOpen (196). OpenInstances = (0)
3077: port 196 state chg: prev=4, new=4
[1012] 06-29 16:04:06:293: PortOpen (196) : OpenInstances = 1
[1012] 06-29 16:04:06:293: PortOpen (197). OpenInstances = (0)
3077: port 197 state chg: prev=4, new=4
[1012] 06-29 16:04:06:293: PortOpen (197) : OpenInstances = 1
[1012] 06-29 16:04:06:293: PortOpen (198). OpenInstances = (0)
3077: port 198 state chg: prev=4, new=4
[1012] 06-29 16:04:06:293: PortOpen (198) : OpenInstances = 1
[1012] 06-29 16:04:06:293: PortOpen (199). OpenInstances = (0)
3077: port 199 state chg: prev=4, new=4
[1012] 06-29 16:04:06:293: PortOpen (199) : OpenInstances = 1
[1012] 06-29 16:04:06:293: PortOpen (200). OpenInstances = (0)
Post by Phillip Windell
One of MS's wonderful patches to fix a DNS issue trashes RRAS VPN ports.
Either remove the Patch or run the script listed in the article to fix
it. You may have to reboot the ISA afterwards.
(KB956570 stops PPTP in ISA VPN)
DNS queries that are passed through the ISA Server 2006 NAT do not use
random source ports
http://support.microsoft.com/kb/956570
--
Phillip Windell
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Post by Coigné Guillaume
Hi,
I'm currently experiencing a problem that PPTP connection no longer work
on my ISA server for VPN client access. It seems that only the WAN
Miniport PPPoE is listed in the ports section of RAS. (Even if i enabled
both PPTP and L2TP in the properties of the Ports.)
It's also strange that the ISA is not listening on 1723 and during
monitoring when someone tries to connect to PPTP it says "Connection
attempt Failed".
No Windows updates have been installed lately and the server is Windows
2003 (SP2)
We have had the same issue about a month ago due to crappy updates which
caused the same thing. But ofcourse these are no longer installed.
If I go back to what could have caused this, then the only thing that
changed was installation of an extra NIC with 2 interfaces.
FYI RSS is disabled for TCP / IP
Please help
--
Guillaume Coigné
MCP, MCTS, MCSA, MCSA Messaging
Cafe.be
Marksesteenweg 35
8500 Kortrijk
Mob: +32 (0) 496162505
-----------------------------------------------------------------------------
Our Peering Groups change
Visit : http://spacesst.com/peerin
Loading...