Re-enabling VPN breaks the Network

  • Thread starter Thread starter John
  • Start date Start date
J

John

Hey all,

I've had a W2k vpn working for the past couple years with no problems.
Yesterday my remote users get an error about a certificate (781 I
believe) and can't get in.

I disabled and re-enabled the VPN through R-RAS...The whole network
stopped talking...And the VPN worked. When I would try to ping out to
another local server I would get "Destination Unreachable" instantly.
The IP and Subnets are all fine. I restarted the DNS service and such
with no luck.

I disabled the VPN and configured R-RAS in "Internet server" mode and
the network came back online...But the VPN is of course down
again....Grrrrrr.

What am I missing here?

Thanks in advance =)
 
quoted from http://www.ChicagoTech.net
Internal clients can't access the Internet after a remote client connects to
RRAS
Symptoms: After a remote client establishes a connection on a RRAS which is
installed on a domain controller with DNS, one or more of the following
symptoms may occur:
1) Internal clients may no longer be able to browse the Web through Internet
Security and Acceleration (ISA) Server, regardless of whether or not Web
Proxy or the Firewall Client is being used for Web browsing.
2) A "The page cannot be displayed" error message is generated when you use
a Web browser.
3) A "cannot find server or DNS" error occurs.
4) From an internal client, if you use PING to ping the name of the server,
PING returns any other address other than the IP address that is bound to
the server's internal adapter.
5) You cannot browse through the list of computers in Network Neighborhood
or My Network Places.
6) You cannot connect to the following Web page:
http://server_name/myconsole
7) You may receive the following event message: Event ID: 4319, Source:
Netbt, Description: A duplicate name has been detected on the tcp network.
The IP address of the machine that sent the message is in the data. Use
NBTSTAT with a switch of N in a command window to see which name is in a
conflict state.
8) When a client clicks Update Now from the Firewall Client applet in
Control Panel, the client may receive the following error message:

The server is not responding when client requests an update.
Possible causes:
-The server is not an ISA Server.
-The server is down.
9) Windows 2000 LAN clients cannot map a network drive to the server. The
client may receive the following error message: No Logon Servers Available
to Service your Logon Request.

Resolutions: This issue can occur if the client computer receives a response
from DNS that includes the wrong Internet Protocol (IP) address. This
address is only returned in a query after a remote client has connected by
using Dial-Up Networking. This IP address is registered with DNS if network
basic input/output system (NetBIOS) is bound to the RRAS server's dial-in
interfaces or if DNS is configured to listen on all interfaces. To resolve
this problem, obtain the latest service pack for Windows 2000.

-
For more and other information, go to http://www.ChicagoTech.net

Don't send e-mail or reply to me except you need consulting services.
Posting on MS newsgroup will benefit all readers and you may get more help.

Robert Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on
http://www.ChicagoTech.net
This posting is provided "AS IS" with no warranties.
 
Thanks Robert,

I've seen that article and that isn't quite whats going on. No one
connects to the VPN when the network goes down, its at the moment that
I configure it. I know its something with DNS but I just can't see it.

Servers are up
All IPs are correct
All service packs are up to date

Once again, thanks for trying =)
 
I've had a W2k vpn working for the past couple years with no problems.
Yesterday my remote users get an error about a certificate (781 I
believe) and can't get in.

I disabled and re-enabled the VPN through R-RAS...The whole network
stopped talking...And the VPN worked. When I would try to ping out to
another local server I would get "Destination Unreachable" instantly.
The IP and Subnets are all fine. I restarted the DNS service and such
with no luck.

I disabled the VPN and configured R-RAS in "Internet server" mode and
the network came back online...But the VPN is of course down
again....Grrrrrr.
Click to expand...

Can you post the output from a "ROUTE PRINT" command on the RRAS server
before and after the VPN is established?

Massimo
 
Back
Top