VPN and LAN conflicts

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have configured my SBS 2003 server to allow the routing and remote access
service to be a Route Access server only (i.e. not to act as a router) and we
are able to VPN in and everything works great. But when we go to log into our
network via a LAN connection (when we startup our computers at work), the log
on process is VERY slow (the boot up process on the XP clients "applying
personal settings" for example takes an extraordinarily long time) and the
connection is spotty (i.e. Outlook’s exchange connection is dropped
frequently.) Then if I disable the routing and remote access service, our LAN
connections work great but we cannot VPN in. FYI, all of our SBS 2003
infrastructure is on the same computer. We have a router that connects us to
the Internet but the SBS 2003 server performs DHCP, DNS and NAT. Any ideas
how I can configure the RRAS to make the LAN connections to work more
efficiently while enabling the VPN?
 
Sounds like name resolution issue. Open the DNS Manager and check the A record. Is it possible the server registered two different IP addresses, one for the LAN IP and another for the VPN?

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
I have configured my SBS 2003 server to allow the routing and remote access
service to be a Route Access server only (i.e. not to act as a router) and we
are able to VPN in and everything works great. But when we go to log into our
network via a LAN connection (when we startup our computers at work), the log
on process is VERY slow (the boot up process on the XP clients "applying
personal settings" for example takes an extraordinarily long time) and the
connection is spotty (i.e. Outlook’s exchange connection is dropped
frequently.) Then if I disable the routing and remote access service, our LAN
connections work great but we cannot VPN in. FYI, all of our SBS 2003
infrastructure is on the same computer. We have a router that connects us to
the Internet but the SBS 2003 server performs DHCP, DNS and NAT. Any ideas
how I can configure the RRAS to make the LAN connections to work more
efficiently while enabling the VPN?
 
Let me ask you this. When I expand my forward lookup zones, there are 2 sub
folders: (1) mydomainname.local and a second for _msdcs.mydomainname.local.
Then when I go to the reverse lookup zones and expand my subnet, there are 2
A records the same local IP address that assocate the same IP address with
_msdcs.mydomainname.local. and mydomainname.local. Could that be an issue?
Why do I have 2 instead of just one sub folder in the forward lookup zones?
 
Have not head back re my post - and the problem still occurs. I tried to fix
by implementing the steps in the article
http://www.howtonetworking.com/casestudy/rraswithdcdnswins1.htm (even though
we are not experiencing the symptoms it is a computer that runs both RRAS and
DC, DNS and WINS).

It just seems very odd that the VPN works great but logging onto the network
when plugged in the LAN each stage of the process (Preparing network
connections, applying computer settings and applying your personal settings)
takes forever! If I stop the RRAS service then the logon time is normal.

I’ve tried searching the web for other solutions but have had no luck –
please try again to help. Thanks.
 
Any errors in the event viewer after establishing the VPN? Do the DNS have two A records with different IP addresses pointing to the same server? Or posting the result of ipconfig /all here may help.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
Have not head back re my post - and the problem still occurs. I tried to fix
by implementing the steps in the article
http://www.howtonetworking.com/casestudy/rraswithdcdnswins1.htm (even though
we are not experiencing the symptoms it is a computer that runs both RRAS and
DC, DNS and WINS).

It just seems very odd that the VPN works great but logging onto the network
when plugged in the LAN each stage of the process (Preparing network
connections, applying computer settings and applying your personal settings)
takes forever! If I stop the RRAS service then the logon time is normal.

I’ve tried searching the web for other solutions but have had no luck –
please try again to help. Thanks.
 
Here is the ipconfig /all results:

Windows IP Configuration

Host Name . . . . . . . . . . . . : LSC-SERVER
Primary Dns Suffix . . . . . . . : lakestreetcapital.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : lakestreetcapital.local

Ethernet adapter Server Local Area Connection:

Connection-specific DNS Suffix . : lakestreetcapital.local
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
Physical Address. . . . . . . . . : 00-11-11-29-BA-60
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.16.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.16.1
DNS Servers . . . . . . . . . . . : 192.168.16.2
Primary WINS Server . . . . . . . : 192.168.16.2

I have another NIC as well on the system but it is diabled.

Here is an event entry that cocured right after I disabled RRAS (not sure if
its related):
Event Type: Information
Event Source: MSExchangeTransport
Event Category: Routing Engine/Service
Event ID: 994
Date: 7/19/2006
Time: 2:22:46 PM
User: N/A
Computer: LSC-SERVER
Description:
Following connector's linkstate is suppressed because it either points to or
comes from a leaf RG node. <CN=SmallBusiness SMTP
connector,CN=Connections,CN=first routing group,CN=Routing Groups,CN=first
administrative group,CN=Administrative Groups,CN=First
Organization,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=lakestreetcapital,DC=local>

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

There were no event errors in the log.

Let me also mention this if it will be helpful: When I boot up conected to
the LAN I cannot get passed applying your personal settings. Then I unplug
the LAN cable, boot up and plug the cable back in. I can now ping all
machines and access the web but I cannot connect the the Exchange server.
Even my mobile phone cannot activesync with the exchnage server. After I stop
the RRAS service evything returns to normal. FInally, I only have RRAS
configured to act as a romte access server (i.e. no routing).

Thank you very much for your help.
 
After connecting to the RRAS, the server should have PPTP IP information. I don't see it.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
Here is the ipconfig /all results:

Windows IP Configuration

Host Name . . . . . . . . . . . . : LSC-SERVER
Primary Dns Suffix . . . . . . . : lakestreetcapital.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : lakestreetcapital.local

Ethernet adapter Server Local Area Connection:

Connection-specific DNS Suffix . : lakestreetcapital.local
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
Physical Address. . . . . . . . . : 00-11-11-29-BA-60
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.16.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.16.1
DNS Servers . . . . . . . . . . . : 192.168.16.2
Primary WINS Server . . . . . . . : 192.168.16.2

I have another NIC as well on the system but it is diabled.

Here is an event entry that cocured right after I disabled RRAS (not sure if
its related):
Event Type: Information
Event Source: MSExchangeTransport
Event Category: Routing Engine/Service
Event ID: 994
Date: 7/19/2006
Time: 2:22:46 PM
User: N/A
Computer: LSC-SERVER
Description:
Following connector's linkstate is suppressed because it either points to or
comes from a leaf RG node. <CN=SmallBusiness SMTP
connector,CN=Connections,CN=first routing group,CN=Routing Groups,CN=first
administrative group,CN=Administrative Groups,CN=First
Organization,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=lakestreetcapital,DC=local>

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

There were no event errors in the log.

Let me also mention this if it will be helpful: When I boot up conected to
the LAN I cannot get passed applying your personal settings. Then I unplug
the LAN cable, boot up and plug the cable back in. I can now ping all
machines and access the web but I cannot connect the the Exchange server.
Even my mobile phone cannot activesync with the exchnage server. After I stop
the RRAS service evything returns to normal. FInally, I only have RRAS
configured to act as a romte access server (i.e. no routing).

Thank you very much for your help.
 
Hi Craig!

I have the same problem on my SBS server. When I connect the laptop in the
network everything is slow, especially the outlook 2003, The only diffrence
is that I have 2 NICs in the server and I am not running ISA.

Would be really glad if you find something that you can share with me?

Surfarn
 
Since you have two NICs enabled, make sure they are setup correctly. Or posting the result of ipconfig /all here may help.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
Hi Craig!

I have the same problem on my SBS server. When I connect the laptop in the
network everything is slow, especially the outlook 2003, The only diffrence
is that I have 2 NICs in the server and I am not running ISA.

Would be really glad if you find something that you can share with me?

Surfarn
 
Ethernet adapter Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100+ Management Adapter
Physical Address. . . . . . . . . : 00-90-27-65-A1-B3
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 81.226.99.4
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 81.226.99.1
DHCP Server . . . . . . . . . . . : 81.226.99.1
DNS Servers . . . . . . . . . . . : 192.168.1.100
NetBIOS over Tcpip. . . . . . . . : Disabled
Lease Obtained. . . . . . . . . . : den 23 oktober 2006 08:56:50
Lease Expires . . . . . . . . . . : den 23 oktober 2006 09:16:50

Ethernet adapter Server Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
Physical Address. . . . . . . . . : 00-15-F2-08-20-75
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.1.100
Primary WINS Server . . . . . . . : 192.168.1.100

Here is the ipconfig/all from the server. I have to errors in the eventlog
4004 and 4015. Just ask if you need something more!

surfarn
 
Thank you for the information. It is possible the multihomed computer registered two A records on the DNS. This search result may help,
Event ID 4004 The Event Viewer displays Event ID 4004 - The DNS server was unable to complete directory service enumeration of zone %1. This DNS server is configured to ...
www.chicagotech.net/troubleshooting/eventid4004.htm


Event ID Troubleshooting Event ID 3210 - Failed to authenticate with \\DOMAINDC, a Windows NT domain controller for domain DOMAIN. Event ID 4004 - The DNS server was unable to ...
www.chicagotech.net/wineventid.htm



Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
Ethernet adapter Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100+ Management Adapter
Physical Address. . . . . . . . . : 00-90-27-65-A1-B3
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 81.226.99.4
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 81.226.99.1
DHCP Server . . . . . . . . . . . : 81.226.99.1
DNS Servers . . . . . . . . . . . : 192.168.1.100
NetBIOS over Tcpip. . . . . . . . : Disabled
Lease Obtained. . . . . . . . . . : den 23 oktober 2006 08:56:50
Lease Expires . . . . . . . . . . : den 23 oktober 2006 09:16:50

Ethernet adapter Server Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
Physical Address. . . . . . . . . : 00-15-F2-08-20-75
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.1.100
Primary WINS Server . . . . . . . : 192.168.1.100

Here is the ipconfig/all from the server. I have to errors in the eventlog
4004 and 4015. Just ask if you need something more!

surfarn
 
I\ve looked and the errors in dns is old. But everytime i connect the laptop
the exchange is hopeless slow on the other computers. Know I have uninstalled
both the AV and Outlook 2003 on the client, but exchange is still slow for
the other user, about 30 min for one send/recieve. If I disconnect the
network cable from the laptop or turn it down, it runs fast again.

Surfarn
 
I've spend 8 hours yasterday troubleshooting this error. What I found out was
that one computer running VPN and 3g mobile accesscard was causing the error
with the exchange server going slow. I reinstalled the computer from scratch,
connect it to the server with the same computername and the network was slow
againg. I took it out from the network and created another computer on the
network and connected the computer again. Now everything was fast. I've
installed all software and it was good till I installed the 3G card and
restared the system after this. The 3G Card installs odysses client under the
network protocol list. Now it was slow. I took the computer out of the domain
again to a workgroup and again it is fast. This is how I run it now till I
have a solution. Now they just called and said it is slow again.

surfarn
 
This is an error I get in the event veiwer when trying to use eseutil

Event Type: Error
Event Source: ESE
Event Category: General
Event ID: 489
Date: 2006-10-25
Time: 10:47:28
User: N/A
Computer: FS1
Description:
eseutil (3680) An attempt to open the file "c:\program
files\exchsrvr\mdbdata\priv1.stm" for read only access failed with system
error 32 (0x00000020): "The process cannot access the file because it is
being used by another process. ". The open file operation will fail with
error -1032 (0xfffffbf8).

The exchange server is slow all the time now, and when using message
tracking it was really slow. I've scanned all the mailboxes and excangeserver
 
Back
Top