Site VPN between SBS 2003 ISA200 and Windows 2003/ISA 2004

  • Thread starter Thread starter Ray Collins
  • Start date Start date
R

Ray Collins

Hi,

Our main Office is SBS 2003 with ISA 2000, we have a new branch site that
is Windows 2003
Std and ISA 2004. I have setup the VPN by following the steps in this guide
http://www.isaserver.org/articles/2004s2s2000.html.

I have two issues:

1. The ISA 2004 site can connect to SBS, the server can connect to shares in
the SBS site but no browsing. The workstations can't do anything !

2. If the SBS server initiates the connection while the ISA 2004 server
already has one the SBS RRAS gives error "An error occurred during
connection of the interface. The modem (or other connecting device) has
reported an error."
When this happens the RRAS on the ISA2004 server locks up and the server has
to be powered off and on (shut down doesn't work).

Any suggestions ?
 
Whichever side initiates, it is just one connection. So you cannot
connect from the "other" site if the connection is up. The interfaces on
both servers will already be connected.

Browsing a WAN is a bit tricky, and often doesn't just work
automatically. Can you ping by IP? If so, routing is working. Can you ping
by name (Netbios or FQDN)?
 
Hi,

The answer to part 2 was that for some reason RRAS didn't like the user name
Canberra_Melbourne. I changed the names of the RRAS connections and user
name to CanMelb and the connection is now up at both ends.

Workstations can resolve names and ping anything on either side of the link
(either Netbios or FQDN) but browsing still only shows machines at the site.
DNS and WINS are replicating and I have setup the DHCP scopes to include the
WINS entries.
 
If your WINS servers are replicating, browsing should settle down after
the connection has been up for a while (as long as you have at least one
domain controller. Browsing across routers/WANS depends on a domain
structure. Only the Domain Master Browser can merge browse lists).
 
Hi Bill,

Left it all day and no go.

I followed the instructions in KB292822, but something strange is happening
on the ISA 2004 server.
If I change the RRAS setting for the connection to disable NetBIOS and
remove file sharing and the Windows client and disconnect and reconnect then
WINS looks fine. If I restart the server then the RRAS settings revert i.e.
NetBIOS is enabled and the Windows Client and File sharing are checked. It
appears that ISA 2004 is resetting them, I don't know where in ISA to stop
that.

I know this is not an ISA group so I don't expect you to know :-)
 
You are right there, I don't know! But I agree that having multiple
entries in WINS for the RRAS/ISA server can cause problems, especially if it
is a DC. Is this the only DC in the site? Stopping the computer browser
service on it should help if there are other servers to take that role.

As far as browsing is concerned, the setup should look just like two
segments connected by a router. Each segment will build a browse list, and
the DMB will build a combined list, using WINS to find the segment browsers.
 
This is the answer from Microsoft. All I can say is what a crock of s#$t

1. ISA 2004 will not register WINS records across the tunnel on SBS SERVER,
ISA is blocking it in Kernel Mode. You may want to stop the Computer Browser
service on the ISA server and disable it. Then the network will have another
computer become the Master Browser for the subnet.
2. If WINS server is running on the accepting DOD (Dial-up On demand)
server, the NetBIOS, names will be registered in WINS (even with 292822
applied). To resolve the problem, you can either

a. move WINS to a different computer or

b. reconfigure DOD so it initiates the connection (Dial-Out).
 
Back
Top