RRAS Demand Dial not stable

  • Thread starter Thread starter Simon
  • Start date Start date
S

Simon

I have 3 Windows 2000 SP4 Servers with RRAS configured on
different sites. They are to the best of my knowledge
configured in an identical fashion except of course for
the IP adresses (local / IP pool / connection destination
etc). I have 4 proper (web)IP addresses in each static IP
pool.

My problem is that Server 3 connects to server 2 and
server 1. Server 2 connects to server 3 without any
problem. Server 1 will drop it's connection to server 2
and server 3 after just a few minutes. It has been stable
for the past few months. A few changes were made and then
it destablised. I have now completely reconfigured all
aspects of RRAS on server 1 and server 2 and it still
drops off after a few mintes. Server 3 keeps it's
connection to server 1 OK. That is the only connection to
or from server 1 that is stable.

Also, (this may be nothing or everything)
In server 3, the Remote Access Clients shows the server 2
connection. In server 2, the Remote Access Clients shows
the server 3 connection. However, in server 1, niether of
the connections from server 2 or 3 show up at all in the
Remote Access Clients.

The connection that is stable from server 1 to server 3
also does not show up in the ports on server 3. The
server 3 ports show the connection to be from server 3 to
server 1 even thought the server 1 Routing Interfaces
shows the server 3 as connected.

It does look like the problem lies on server 1 but I
cannot see where.
Any ideas or suggestions would be very much appreciated.
I am stumped.
I am certain the configuration on server 1 is as close to
server 2 as makes no difference. I reconfigured them both
at the same time in the same way.

Sorry it's such a long and complicated post but i can't
see any way of simplifying it.
 
Have you tried enabling all RRAS logging and reviewing the logs?

Have you considered testing the phone lines (can one assume that
no other devices are plugged into these telephone circuits?)
 
Yes, Unfortunately, not much help there. The
disconnections show up a User Requests. That is certainly
not the case.
As for the lines, I am using 1 x 2MB and 2 x 1MB ADSL
links. All three connection are fine, Internet access is
steady and I can connect to all three servers via remote
control software. It is RRAS on server 1 where my problem
lies, I just can't find it.
NO great suprise if it's an undocumented registry change
I need to make or something like that.
 
Since posting this, I have been doing lots of testing. It
now seems that it is the Microsoft Firewall that comes
with ISA server is the culprit. I still do not have a fix
but here is the fault.
If I stop all ISA services and then restart RRAS I get a
stable connection. At this point just ISA Service and
RRAS are running. If I start Microsoft Firewall, the RRAS
DOD connections become unstable and start disconnecting
on a 2 - 3 minute cycle. If I then stop the Microsoft
Firewall, the RRAS service continues to reset every 2 - 3
minutes until the RRAS and ISA service are again
restarted.

To any Microsoft Employees looking at these posts, your
help here would be greatly appreciated.

Simon.
 
It sound like ISA Server & RRAS are running on the same server this will
cause a race condition that is BAD. This can cause your problem.

Be sure ISA port filters are configured for VPN,
PPTP port TCP 1723 & Protocol 47
L2TP port UDP 500, UDP 1701

Set service Routing and Remote Access <Startup Type> manual. Create a
startup script to run at startup using Scheduled Tasks, to start RRAS
service 3 minutes later.

Script:

sleep 180
net start remoteaccess

Now RRAS will start with all ISA services running.

Something else to try.

Karl Mikesell MCSE
 
This is a bug. Please call Microsoft Support to receive a fix.

Thank you,
Mike Johnston
Microsoft Network Support
--

This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the
terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from
which they originated.
 
Hi Mike,
I have called Microsoft Support and they cannot send me a
HotFix without the Q document number. They will not
search unless I use the Pay Per Incident to get the
number. I know it's a bug, I know there's a fix, could
you assist any further by giving me the Q document number
as I can't find it in the support databases.

Many thanks,

Simon Lown.
-----Original Message-----
This is a bug. Please call Microsoft Support to receive a fix.

Thank you,
Mike Johnston
Microsoft Network Support
Click to expand...
confers no rights. Use of included script samples are
subject to the
terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all
Click to expand...
responses to this message are best directed to the
newsgroup/thread from
 
It really helps or ÄÏÍÙÓÌ? Under the documentation to ISA Server it is
possible to draw a conclusion, that support VPN in it is built - in and is
not the not documentary opportunity, therefore the given configuration, in
my opinion, should not be problem.

And in what language this is written this script?

Thank

Anton V. Denisevich
 
ISA supports VPN. You might consider the ISA groups if you have
ISA specific questions.

There are some REALLY smart ISA people who frequently answer and
seldom read this RRAS group.
 
No, I realize all. Thank that have answered.

Simply at me precisely same problem and me its(her) decision is the
extremely interesting. Or even ÏÓÏÚÎÏ×ÁÎÉÅ information what the
configuration of servers is not true or it is problems of OS?

Anton V. Denisevich

P.S. I'm read ISA group too.
 
Anton V. Denisevich said:
No, I realize all. Thank that have answered.

Simply at me precisely same problem and me its(her) decision is the
extremely interesting. Or even ÏÓÏÚÎÏ×ÁÎÉÅ information what the
configuration of servers is not true or it is problems of OS?
Click to expand...

It's likely a translation problem but I did not understand.

You might benefit from help in translating into English -- my Russian (??)
is practically worthless after twenty years of disuse.
 
Yes, you are right. My native language - Russian. It is some problem for
dialogue, but the problem is so interesting also its decision important to
me on so many that this small inconvenience which I can go through.

Let's return to the decision of a problem?

Anton V. Denisevich
 
Anton V. Denisevich said:
Yes, you are right. My native language - Russian. It is some problem for
dialogue, but the problem is so interesting also its decision important to
me on so many that this small inconvenience which I can go through.
Click to expand...

Your English is much better than my Russian of course.
Let's return to the decision of a problem?
Click to expand...

We didn't understand your last technical post.
 
Thank for your diplomatically answer about my foreign language.

My problem is very similar on considered in the given branch. I bring a part
of a configuration servers:
Is present more than 3 servers. One - the basic, located in the other
geographical region. On it is established ISA, Terminal Service. Others are
connected to it on PPTP VPN server ISA with the help gateway-to-gateway
link. Others of a server are just similar "clients". DOD interfaces are
adjusted so that the basic server only accepted connections, and "clients" -
only caused. RRAS it is adjusted on distribution of static addresses in a
range of a local network of each server accordingly. On servers static
routes are established.
Thus all perfectly works up to any uncertain moment. One can be told
precisely - at like steady connection as soon as the client from a local
network tries to be connected on RDP to the basic server VPN connection is
broken off. Other script is possible: break goes about each 55 seconds.
Sometimes helps restart servers (not restart services, even ISA Contol).
There is a question - in what a problem? Many materials are investigated,
personally I do not see a mistake. I shall be grateful, if somebody can help
with the decision of the given problem. In case of need, I can specify
technical details.
I shall answer at once: tried to include trace RRAS - breakage goes " simply
so ", ostensibly owing to breakage of communication. On both ends there is
no time of separation on inactivity.

Anton V. Denisevich
 
Anton V. Denisevich said:
Thank for your diplomatically answer about my foreign language.
Click to expand...

Certainly, but I was entirely candid. Your English is far superior my
Russian
which is very rusty (poor from disuse.)

I only mentioned it as a fact we must consider in trying to assist you.
Just
another technical issue with which we must deal to be successful.
Is present more than 3 servers. One - the basic, located in the other
geographical region. On it is established ISA, Terminal Service. Others are
connected to it on PPTP VPN server ISA with the help gateway-to-gateway
link. Others of a server are just similar "clients". DOD interfaces are
adjusted so that the basic server only accepted connections, and "clients" -
only caused. RRAS it is adjusted on distribution of static addresses in a
range of a local network of each server accordingly. On servers static
routes are established.
Click to expand...
Thus all perfectly works up to any uncertain moment. One can be told
precisely - at like steady connection as soon as the client from a local
network tries to be connected on RDP to the basic server VPN connection is
broken off. Other script is possible: break goes about each 55 seconds.
Click to expand...

Maybe an (intermediate) router is going down and you are waiting for
reconfiguration and convergence (RIP, OSPR, EIGRP?)
Sometimes helps restart servers (not restart services, even ISA Contol).
There is a question - in what a problem? Many materials are investigated,
personally I do not see a mistake. I shall be grateful, if somebody can help
with the decision of the given problem. In case of need, I can specify
technical details.
Click to expand...

Not enough technical information -- and we need a bit more clarity of
English
probably too.
I shall answer at once: tried to include trace RRAS - breakage goes " simply
so ", ostensibly owing to breakage of communication. On both ends there is
no time of separation on inactivity.
Click to expand...

Since this is intermittent it will be a difficult problem. Start with
NetDiag on each machine.

Try TraceRt or PathPing when problem occurs.

Try NetCat (nc.exe) too; Netcat allows connections on any port or even UDP.
 
Herb Martin said:
Certainly, but I was entirely candid. Your English is far superior my
Russian
which is very rusty (poor from disuse.)

I only mentioned it as a fact we must consider in trying to assist you.
Just
another technical issue with which we must deal to be successful.



Maybe an (intermediate) router is going down and you are waiting for
reconfiguration and convergence (RIP, OSPR, EIGRP?)
Click to expand...

Not, router have one path - default gateway on ISP gateway.
Not enough technical information -- and we need a bit more clarity of
English
probably too.
Click to expand...

What technical infrormation is need?
Since this is intermittent it will be a difficult problem. Start with
NetDiag on each machine.
Click to expand...

I'm trying many tools, nc, netdiag, pathping, tracert, ping, tcpdump,
ethereal - I don't know.
 
Maybe an (intermediate) router is going down and you are waiting for
Not, router have one path - default gateway on ISP gateway.
Click to expand...

I was suggesting a router at the ISP -- something in the network that
you use to connect to the Internet.
What technical information is need?
Click to expand...

A clear explanation of when and how the problem occurs. Specially
what happens (and does not happen) and any error messages.

Perhaps your network configuration and how it all connects.
 
Back
Top