Unknown cause of VPN routing issue - Please Help!!!

  • Thread starter Thread starter Dean Williams
  • Start date Start date
D

Dean Williams

I apologize if this is a long post..... My orgainization has RRAS setup as a
remote access server for VPN. Everything was and had been working fine for
months until 2 days ago, when without any changes being made to any settings
that I am aware of, clients who VPN'd in to the network suddenly started
complaining they could not connect to any resources including the Exchange
server (which is the system that RRAS is set up on, I should add.) Pinging
any server by name on the internal network is returning an address for a
Verisign server (64.94.110.11) but it gets weirder.... If you ping any
network server within say 30 seconds of connecting the VPN - it resoves
correctly!!! then it goes back to resolving to the 64.94.110.11 address
again. Checking my error logs, shows the following:

WinMgmt EventID 61 - WMI ADAP was unable to process the RemoteAccess
performance library due to a time violation in the open function

This is the only log entry that I can find relating to RRAS. I have
checked, rechecked, and checked again my IP settings and DNS settings. I've
flushed the DNS cache and reset the routing tables (which seemed to have
worked only for a couple of minutes though when the problem reappeared).
And I have run out of ideas of what to try next. Any help would be very
appreciated!!!

Dean Williams
Compass Environmental
(e-mail address removed)
(e-mail address removed)
 
posting vpn client ipconfig here will help.

--
For more and other information, go to http://www.ChicagoTech.net

Don't send e-mail or reply to me except you need consulting services.
Posting on MS newsgroup will benefit all readers and you may get more help.

Robert Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on
http://www.ChicagoTech.net
This posting is provided "AS IS" with no warranties.
 
VPN Clients are using MS dialup networking W2k/WXP with default settings and
DHCP client. IP address is their gateway, DNS servers are internal DNS
servers.

Dean
 
Perhaps you should post this to the DNS newsgroup. There has been a
heated discussion there about changes made by Verisign to their DNS
structure.
 
Dean,

How do I fix this problem. It work right when I connect
with a Win XP client. Help

Frank
 
Frank,

I am having the problem myself and I can't figure out what's causing it.

Here's what I am currently experiencing:

1. Internal DNS on our network is fine. All host names/FQDN/alias'/IP
addresses resolve correctly when when pinged.
2. Users that connect to the network thru VPN can only ping the following,
and the responses are not always correct:
a: the RRAS server by hostname, which returns the VPN gateway address it
is holding and not the IP assigned to the network card on the network as it
should.
b: No other systems on the network can be pinged by hostname only - an
Unknown Host Name message appears.
c: All systems pinged by FQDN return a correct response.

I cannot understand what is causing this problem. I have completely
reconfigured DNS, DHCP, and RRAS on my network. Even more important, I
still have not found the cause of this problem, as I stated in my original
post - we made NO settings changes on our network servers that would have
caused this. Anyone's ideas would be greatly appreciated!!!

Regards,

Dean Williams
Technologic Networks, Inc.
(e-mail address removed)
 
In the TCP/IP properties of the VPN connection on the client, check that
you have specified the correct domain suffix (ie the suffix of the domain to
which it connects).
 
i can't believe this, i have exactly the same problem,
scouring the internet for a fix as we speak, i had to use
hosts files for a patch to the prob
 
exact same prob as listed below, all settings are
correct, it just started happening.

"I have a weird problem. My VPN clients can't resolve DNS
names through RRAS. Central LAN has no problems. IP
resolution is not a prob for VPN clients. To patch the
problem i had to run hosts files. When they ping
a DNS name (main server) we get a return for an incorrect
IP (totally wrong). So it seems they are not resolving
dns nameS from our dns server BUT FROM A dns SERVER ON
THE NET. I have tried changing the 'Default gateway on
remote network' setting on the VPN properties, no joy.
Ipconfig reveals that the have got the correct DNS
servers configured from the DHCP relay agent.

Main server is now upgraded to 2003 and still the problem
persists.
 
Haggis,

You are the first person to respond to my posting that actually related to
understood the problem correctly! I have to say that I have not figured out
the cause of the problem, which is much to my chagrin, but I have fixed it.
I completely deleted my internal DNS structures and rebuilt them from
scratch (I had suspected this is where the problem originated but I don't
know for sure, especially after what I found next).

I also completely reconfigured RRAS on the server. Also, in the RRAS MMC
under IP Routing/IGMP, I changed both the Local Area Connection and Internal
interfaces to be Router V2 protocols instead of Router V2 and Proxy.

I don't know if it's related because the two problems happened so closely
together, but I then found that two of our VPN dialup clients were infected
with the Welchia worm (I didn't discover this until the middle of this past
week). This caused everyone internally and externally to lose their
internet connections. I don't know if their infections sparked the problem
or not, but I can't rule it out. You may want to start looking for that as
well - Infected machines are running a process in the task manager called
dllhost.exe, and when they connect to the LAN via VPN they cause ping times
of all the clients to rise around 700ms+ then completely crap out. You can
download a fix for the virus at Symantec's website (www.symantec.com).

This problem drove me nuts for the past two weeks to figure out what the
hell was wrong - at least I found the virus problem. If you need more help,
please feel free to ask me questions. Let me know how things turn out.

Regards,

Dean
 
Back
Top