We help IT Professionals succeed at work.

SBS 2003 VPN Connected, Intra-Network Connectivity Limited

CSharpe85
CSharpe85 asked
on
973 Views
Last Modified: 2008-08-06
My Setup:
------------
Server: Microsoft Small Business Server 2003 R2
--- VPN Access Enabled
--- Ethernet Port 0 - Active
--- Ethernet Port 1 - Disabled
Router: Adtran 608 Managed Through ISP
Firewall: No additional firewall

Internet --> Adtran --> PowerConnect switches --> Server & Clients

My Problem:
-----------------
I have previously had RAS running correctly without issue on this server, using one NIC port. I was able to connect via VPN, see every computer across our network, and use my remote control software (not MSTSC) to manage all systems. I was gone for a few weeks on a business trip, and a second tech was supporting my facility in my absence. When I returned, several things weren't acting right, VPN access is one of them, and I cant figure out what the issue is.

I disabled RAS on the server, and then ran the setup wizard again. I called my ISP and verified that all ports and protocols are opened correctly. The VPN connection will connect, and I am fully able to ping the SBS server by name, and run an RDP on the hostname without any issue. Once I try to connect, or even ping, any of the workstations or other servers (whether tied into the domain or not), I do not get replies on the pings. If I attempt to ping by name, the ping will pull the correct IP for that machine, but it just wont get any replies. Same is true for pinging by IP.

So, to recap, the only computer I have access to now is the SBS server. I can ping names and see their IP addresses, but get no response or connectivity from those machines.

Any advice and/or guidance would be beneficial.
Comment
Watch Question

CERTIFIED EXPERT
Top Expert 2013
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Okay, I disabled the RRAS and re-ran the wizard to set it up.

NAT/basic firewall are not listed.

Not sure what the problem could be, so I am attaching the IPCONFIG listings from both the server and my laptop.


======================================
BEGIN SERVER IPCONFIG
======================================
 
C:\Documents and Settings\Administrator>ipconfig /all
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : LDSSBS
   Primary Dns Suffix  . . . . . . . : lds.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : lds.local
 
Ethernet adapter Logix Local Area Connection:
 
   Connection-specific DNS Suffix  . : lds.local
   Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client)
   Physical Address. . . . . . . . . : 00-1E-C9-AB-6B-67
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 10.10.10.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.10.10.1
   DNS Servers . . . . . . . . . . . : 10.10.10.2
                                       66.196.216.10
                                       66.196.212.10
   Primary WINS Server . . . . . . . : 10.10.10.2
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
PPP adapter RAS Server (Dial In) Interface:
 
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
   Physical Address. . . . . . . . . : 00-53-45-00-00-00
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 10.10.10.113
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
C:\Documents and Settings\Administrator>
======================================
END SERVER IPCONFIG
======================================
 
 
 
======================================
BEGIN CLIENT IPCONFIG
======================================
C:\Documents and Settings\Christopher>ipconfig /all
 
Windows IP Configuration
 
        Host Name . . . . . . . . . . . . : CSharpe01
        Primary Dns Suffix  . . . . . . . : lds.local
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : lds.local
 
Ethernet adapter Wireless Network Connection:
 
        Media State . . . . . . . . . . . : Media disconnected
        Description . . . . . . . . . . . : Dell Wireless 1390 WLAN Mini-Card
        Physical Address. . . . . . . . . : 00-1E-8C-56-16-B3
 
Ethernet adapter Local Area Connection:
 
        Media State . . . . . . . . . . . : Media disconnected
        Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller
        Physical Address. . . . . . . . . : 00-1D-09-C0-F6-81
 
PPP adapter GSM:
 
        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
        Physical Address. . . . . . . . . : 00-53-45-00-00-00
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 166.128.145.234
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . : 166.128.145.234
        DNS Servers . . . . . . . . . . . : 209.183.50.151
        NetBIOS over Tcpip. . . . . . . . : Disabled
 
PPP adapter LDS  VPN:
 
        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
        Physical Address. . . . . . . . . : 00-53-45-00-00-00
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 10.10.10.113
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . :
        DNS Servers . . . . . . . . . . . : 10.10.10.2
                                            66.196.216.10
        Primary WINS Server . . . . . . . : 10.10.10.2
 
C:\Documents and Settings\Christopher>
======================================
END CLIENT IPCONFIG
======================================

Open in new window

CERTIFIED EXPERT
Top Expert 2013

Commented:
2 things:

The "PPP adapter LDS VPN:" appears to be fine but do you know where the "PPP adapter GSM:" adapter on the client comes from? Can you disable that while testing as you could have PPTP routing issues.

Not that it is necessarily related to your problem, but the server's network adapter shows 66.196.216.10 and 66.196.212.10 as alternate DNS servers. The server and all local and remote clients should only point to the SBS for DNS. The ISP's (public) DNS should only be added as a forwarder. Where it is SBS do not change this manually, but adjust the LAN card using server management | internet and e-mail | change server IP.  Then run the CEICW located on the same server management page under connect to the internet to add to the forwarders.

Author

Commented:
Okay, we are definately making some progress. I ran the wizard again and the server is only showing itself as DNS and WINS, but I noticed NetBIOS over TCP/IP was disabled, so I enabled that, and now I can ping it by name like normal.

The "PPP adapter GSM" on my client is my AT&T Wireless networking card. It is the only outside internet connection source I have while I am here at the office. I don't think that is the only thing causing the problem, because my boss is having the same symptom's I do when trying to connect to other computers across the network via VPN.

This goes back to the pinging example where it would discover the machine's IP address but we wouldn't get a reply.
CERTIFIED EXPERT
Top Expert 2013

Commented:
>>"noticed NetBIOS over TCP/IP was disabled"
There is something, possibly an update, that disables that on SBS. I have seen that about 4 times in the last few months. Interesting.

>>"it would discover the machine's IP address but we wouldn't get a reply."
That is normal. It resolves the IP from the server, then tries to ping, which is blocked....for some reason.

>>"boss is having the same symptom's"
Multiple PC's having the same problem? That is good to know, it means it is a server side issue.

Would it be possible to post the results of "route print " from the server, while the VPN is connected?

Author

Commented:
Per your request:
Here is the print out of the 'route print' command while I have my laptop connected to the SBS via VPN.

C:\>route print
 
IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1e c9 ab 6b 67 ...... Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client)
0x10003 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0       10.10.10.1       10.10.10.2      1
       10.10.10.0    255.255.255.0       10.10.10.2       10.10.10.2     10
       10.10.10.2  255.255.255.255        127.0.0.1        127.0.0.1     10
     10.10.10.113  255.255.255.255        127.0.0.1        127.0.0.1     50
     10.10.10.113  255.255.255.255     10.10.10.113     10.10.10.113      1
   10.255.255.255  255.255.255.255       10.10.10.2       10.10.10.2     10
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
    166.128.92.84  255.255.255.255       10.10.10.1       10.10.10.2      1
        224.0.0.0        240.0.0.0       10.10.10.2       10.10.10.2     10
  255.255.255.255  255.255.255.255       10.10.10.2       10.10.10.2      1
Default Gateway:        10.10.10.1
===========================================================================
Persistent Routes:
  None
 
C:\>

Open in new window

CERTIFIED EXPERT
Top Expert 2013

Commented:
The first thing I noticed that I missed earlier in you ID:21967181 post is the server and client PPP IP address are the same 10.10.10.113 This would definitely cause routing issues. Why this is the case, I don't know.
-in the RRAS console right click on the server name and choose properties, on the IP tab is there a static address pool defined, if so might it have only 1 IP? Make sure it is at least 6
-check your profile in ADUC under the DIAL-IN tab near the bottom and see if you are assigned a static IP
-open the DHCP console and make sure you have at least a few DHCP leases free if not using the static pool above.

As for the route print: This is on the server I assume?
It is not as I would expect, but I suspect due to the above issue.

These lines:
10.10.10.113          255.255.255.255     127.0.0.1            127.0.0.1 50
10.10.10.113          255.255.255.255     10.10.10.113     10.10.10.113 1
10.255.255.255     255.255.255.255     10.10.10.2          10.10.10.2 10

I would have expected to see:
10.10.10.113          255.255.255.255      127.0.0.1           127.0.0.1 50
10.10.10.114          255.255.255.255      10.10.10.113    10.10.10.114  
10.10.10.255          255.255.255.255      10.10.10.2         10.10.10.2
with 10.10.10.114 being the PPP client IP
CERTIFIED EXPERT
Top Expert 2013

Commented:
Thanks CSharpe85
Cheers !
--Rob

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.