- Community Home
- >
- Servers and Operating Systems
- >
- Legacy
- >
- Windows Server 2003
- >
- VPN in to Windows Server - timeouts
Windows Server 2003
1763079
Members
2636
Online
108909
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-11-2008 12:36 PM
тАО08-11-2008 12:36 PM
VPN in to Windows Server - timeouts
Calling all Microsoft Boffins
I have Server 2003 (Small Business Server edition, in this case, but it doesn't seem to make a difference) set up at a customer site, with Routing & Remote Access configured to allow incoming VPN connections.
The Internet connection is via DSL using a Netgear router with port forwarding set up, and with a Dynamic DNS client inside the network telling DynDNS the IP address. Client connection is using just what's built in to Windows XP.
It used to work brilliantly, first time, almost every time. Occasionally I would have to phone and get one of the employees to look up the correct IP address and I would be able to connect using the IP address instead of DynDNS DNS name, but that was (I assume[d]), only after recent address changes - i.e. I was just too impatient for the DynDNS update to propagate.
But now, almost every time I try to connect after s day or so, the status box gets only as far as "verifying user name & password" before the connection times out. By default Windows re-tries about 4 more times at one minute intervals - all these attempts time out. I then leave it for a few minutes and try again, and it works.
This happens, as I say, virtually every time someone tries to connect after not being on line for a while (say, a day or more).
It makes no difference if you establish another kind of direct connection to the server, eg accessing webmail, which works successfully every time.
If I am on site and someone else experiences this problem, I can observe the state of the listening ports in MS Routing & Remote Access service: when idle, all the WAN Miniports look the same (Inactive); when someone is trying to connect, one port will go to "authenticating" (you have to double-click the port to see this status) but it never gets beyond that to "authenticated" or showing Active on the main screen. In Windows' routing table, I see no default routes back to the client attempting to connect, until a successful connection takes place and I am pretty sure this must be at least part (or a symptom) of the problem; that is, the server doesn't know where to send the acknowledgements back to.
Anyone have any ideas?
I have Server 2003 (Small Business Server edition, in this case, but it doesn't seem to make a difference) set up at a customer site, with Routing & Remote Access configured to allow incoming VPN connections.
The Internet connection is via DSL using a Netgear router with port forwarding set up, and with a Dynamic DNS client inside the network telling DynDNS the IP address. Client connection is using just what's built in to Windows XP.
It used to work brilliantly, first time, almost every time. Occasionally I would have to phone and get one of the employees to look up the correct IP address and I would be able to connect using the IP address instead of DynDNS DNS name, but that was (I assume[d]), only after recent address changes - i.e. I was just too impatient for the DynDNS update to propagate.
But now, almost every time I try to connect after s day or so, the status box gets only as far as "verifying user name & password" before the connection times out. By default Windows re-tries about 4 more times at one minute intervals - all these attempts time out. I then leave it for a few minutes and try again, and it works.
This happens, as I say, virtually every time someone tries to connect after not being on line for a while (say, a day or more).
It makes no difference if you establish another kind of direct connection to the server, eg accessing webmail, which works successfully every time.
If I am on site and someone else experiences this problem, I can observe the state of the listening ports in MS Routing & Remote Access service: when idle, all the WAN Miniports look the same (Inactive); when someone is trying to connect, one port will go to "authenticating" (you have to double-click the port to see this status) but it never gets beyond that to "authenticated" or showing Active on the main screen. In Windows' routing table, I see no default routes back to the client attempting to connect, until a successful connection takes place and I am pretty sure this must be at least part (or a symptom) of the problem; that is, the server doesn't know where to send the acknowledgements back to.
Anyone have any ideas?
- Tags:
- vpn
4 REPLIES 4
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-14-2008 12:56 AM
тАО08-14-2008 12:56 AM
Re: VPN in to Windows Server - timeouts
Hi,
I had a simular problem long time ago, They only thing that also happend was that durring a VPN connection the connection timed out and was broken. But just like you you had to try muliple session of trying to connect to VPN.
That friend of mine had a linksys router and upgrading the firmware solved the prblem. also he had a Windows server in his network, but did not use DynDNS. He had a static IP adress. and only forwarded the port to that IP.
I'm not so familiar with DynDNS, never worked with it, but why do you use it?
If your server where you have Routing and remote acces installed on gets his IP from DHCP you can make a reseration or you can put in a static IP and forward the port tot that IP and it should work. Or are there more reasons in your network to use DynDNS?
Have a nice day,
HTH, Ronald
I had a simular problem long time ago, They only thing that also happend was that durring a VPN connection the connection timed out and was broken. But just like you you had to try muliple session of trying to connect to VPN.
That friend of mine had a linksys router and upgrading the firmware solved the prblem. also he had a Windows server in his network, but did not use DynDNS. He had a static IP adress. and only forwarded the port to that IP.
I'm not so familiar with DynDNS, never worked with it, but why do you use it?
If your server where you have Routing and remote acces installed on gets his IP from DHCP you can make a reseration or you can put in a static IP and forward the port tot that IP and it should work. Or are there more reasons in your network to use DynDNS?
Have a nice day,
HTH, Ronald
The logic of Microsoft: "Press START to shut down the pc"
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-14-2008 01:42 PM
тАО08-14-2008 01:42 PM
Re: VPN in to Windows Server - timeouts
Thanks Ronald,
I will check if the DSL router maybe can do with a firmware upgrade, it has been in place for a while & I don't recall ever doing that. Oddly enough I was on site today and having trouble with the wireless connection to it, and wondering if perhaps an upgrade might fix that... :-)
Reason for DynDNS: In South Africa, your DSL connection gets a random public IP address, which can change arbitrarily (sort of like a dial-up connection). Apparently the reason for this is the then state-owned monopoly Telco didn't want DSL to compete with their hideously expensive leased lines, so this tactic was supposed to stop you running web servers on DSL lines. Obviously services like DynDNS get around that quite effectively, but there is a few minutes' hiatus after each address change.
In any event, the IP address part of the connection can not (?) logically be the reason for the problem, since I am correctly connecting to the server first time - it's the server which is not managing to connect back to me to complete the PPtP handshake.
Anyhow I'll check firmware versions tomorrow on site and let you know what happens!
Chris
I will check if the DSL router maybe can do with a firmware upgrade, it has been in place for a while & I don't recall ever doing that. Oddly enough I was on site today and having trouble with the wireless connection to it, and wondering if perhaps an upgrade might fix that... :-)
Reason for DynDNS: In South Africa, your DSL connection gets a random public IP address, which can change arbitrarily (sort of like a dial-up connection). Apparently the reason for this is the then state-owned monopoly Telco didn't want DSL to compete with their hideously expensive leased lines, so this tactic was supposed to stop you running web servers on DSL lines. Obviously services like DynDNS get around that quite effectively, but there is a few minutes' hiatus after each address change.
In any event, the IP address part of the connection can not (?) logically be the reason for the problem, since I am correctly connecting to the server first time - it's the server which is not managing to connect back to me to complete the PPtP handshake.
Anyhow I'll check firmware versions tomorrow on site and let you know what happens!
Chris
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-20-2008 09:48 PM
тАО08-20-2008 09:48 PM
Re: VPN in to Windows Server - timeouts
Well unfortunately upgrading the router firmware didn't fix the problem.
For a week or so it looked like it had done - connections happened faster than before and trouble-free, until this morning when it is back to its old tricks. And of course it happens when I am in a hurry to get something done before a deadline!
So apparently no-one else has any ideas on this! In a way that makes me feel not so stoopid for not being able to find a solution myself, but it does look like it mean I am going to be stuck with the issue, doesn't it!
For a week or so it looked like it had done - connections happened faster than before and trouble-free, until this morning when it is back to its old tricks. And of course it happens when I am in a hurry to get something done before a deadline!
So apparently no-one else has any ideas on this! In a way that makes me feel not so stoopid for not being able to find a solution myself, but it does look like it mean I am going to be stuck with the issue, doesn't it!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-18-2009 05:40 AM
тАО06-18-2009 05:40 AM
Re: VPN in to Windows Server - timeouts
It's not a solution, it's a workaround: I installed dedicated firewall / router hardware between the DSL router and the LAN. This now terminates VPN every time, and works very well.
I recommend Clark Connect to anyone in the small business support environment - the software is free, and you can run it on just about any old hardware (and what company doesn't have at least one redundant PC lying around) that has two network cards in it. Takes a bit of figuring out (the documentation is sketchy) but once running it's pretty much an "install and forget" box. Very versatile and useful.
I recommend Clark Connect to anyone in the small business support environment - the software is free, and you can run it on just about any old hardware (and what company doesn't have at least one redundant PC lying around) that has two network cards in it. Takes a bit of figuring out (the documentation is sketchy) but once running it's pretty much an "install and forget" box. Very versatile and useful.
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP