Announcement

Collapse
No announcement yet.

VPN Connection to Server 2008 Stopped Working

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • VPN Connection to Server 2008 Stopped Working

    We have a Server 2008 R2 SP1 server which staff VPN to in order to access the file shares from home or when traveling. The server is a Domain Controller in a multi-DC single domain environment, and sits behind a Cisco router which is connected to the Internet. The server has an internal IPv4 address, external Internet IPv4 address and external DNS name. VPN access is from Windows client laptops mainly, and the server is using Routing and Remote Access to manage the connections. This has been working correctly for months but has recently stopped working. However, the problem is a very strange one.

    For the sake of discussion the addresses are:

    Internal server address: 192.168.100.1
    External server address: 70.30.30.1
    External DNS name: office.server.com

    The symptoms are:

    If I VPN from a Windows 7 client located on the Internet to the external server address, the VPN connection fails to logon. It sits at the Verifying username/password window before failing with an Error 800
    If I VPN from a Windows 7 client located on the Internet to the external DNS name, the VPN connection works. Both of these tests have been completed on the same laptop, and using the same VPN connection settings, other than changing between the direct IP address and DNS name.
    I have also tested VPN access from two different Vista clients, one of which does exactly the same as above, i.e. it fails to connect when trying the external IP address but succeeds when using the DNS name. However, the second client successfully connects when using either the IP address or DNS name.

    A Cisco engineer has checked the switch and can see the traffic being passed through port 1723 to the server with no packet drops, so it appears the switch is working correctly.

    One other piece of information that may possibly be relevant - the DNS name used above was initially registered to allow access to Outlook Web Access on the server. The security certificate used for OWA access expired recently, but we purchased a new one and installed it. This may have no bearing on the issue but the coincidence seemed worthy of note!

    As mentioned already this issue has just started appearing. Any Microsoft client could successfully connect via VPN before, whether to the external IP address or by DNS name. Iím at a loss to understand what could be going on here. Any suggestions?

  • #2
    Re: VPN Connection to Server 2008 Stopped Working

    Does the public ip assigned to the server match a dns lookup for that hostname? Is the public ip for the server a static ip or a dynamic ip? If dynamic it may have changed. With PPTP you also need to allow GRE (Protocol 47). I assume this is allowed as well if it works using the hostname.
    Last edited by auglan; 19th June 2012, 15:54.
    CCNA, CCNA-Security, CCNP
    CCIE Security (In Progress)

    Comment


    • #3
      Re: VPN Connection to Server 2008 Stopped Working

      Originally posted by auglan View Post
      Does the public ip assigned to the server match a dns lookup for that hostname? Is the public ip for the server a static ip or a dynamic ip? If dynamic it may have changed. With PPTP you also need to allow GRE (Protocol 47). I assume this is allowed as well if it works using the hostname.

      The external IP address of the server is a static IP. So, using the addresses I gave the DNS name office.server.com maps to static IP address 70.30.30.1. You are correct that GRE port 47 is also forwarded as connection using the DNS name works. It is only when using the static IP address that it fails.

      Comment


      • #4
        Re: VPN Connection to Server 2008 Stopped Working

        Hmm weird. Usually if anything it's the other way around. I would try rebooting the server when you get some time. If possible you can post the router config and I can take a look but I don't think the problem is there.
        CCNA, CCNA-Security, CCNP
        CCIE Security (In Progress)

        Comment


        • #5
          Re: VPN Connection to Server 2008 Stopped Working

          Originally posted by auglan View Post
          Hmm weird. Usually if anything it's the other way around. I would try rebooting the server when you get some time. If possible you can post the router config and I can take a look but I don't think the problem is there.
          I initially restarted the Routing and Remote Access service but that made no difference, so I restarted the server. That made no difference either, we still have the issue. The router is managed by a separate company so I can't post the config, however I am assured the config has not changed, and they have also watched the incoming VPN connection requests and can see the traffic being forwarded to the server.

          Comment


          • #6
            Re: VPN Connection to Server 2008 Stopped Working

            Thank you for your replies, but I can now close this one out. The issue was traced to the Cicso switch after all. Our Windows 7 clients were set to Automatic VPN types and tried connecting using PPTP initially, would fail, then try to connect using SSTP. The SSTP connection would only work with the DNS name in the address. I don't know the technicalities of SSTP but I presume this is normal for its connection method. So, the issue was specifically PPTP related. I confirmed the server was accepting PPTP connections by trying a PPTP VPN from a client on its internal network and it worked - the issue therefore had to be the switch. A new security config had been applied to the Cisco recently, but ports 1723 (PPTP) and GRE (47) were left open, so in theory it should have allowed PPTP VPN's through. The Cisco engineer backed-out the security config, then immediately re-applied it and everything started working again! I can now connect PPTP VPN's to the server from external clients.

            Comment

            Working...
            X