Link to home
Create AccountLog in
Avatar of FASP
FASPFlag for United States of America

asked on

Windows SBS 2003 VPN stops functioning after a period of time (not client timeout)

I've run the Remote Access Server wizard and I'm able to connect and authenticate just fine from remote machines.  I'm able to browse the shared folder just fine from remote machines.  Basically, everything works just as it should.  
Now on to the problem.  After I disconnect my VPN connection, anywhere from a few hours to a day or more later, the VPN will just stop working.   What I mean is that I can still connect, authenticate, etc but the server does not seem to transmit any data to the client.  The remote client is sending bytes as normal but the server is not.  II am unable to browse network resources, (when I try to access the shared mapped drive I get the, "network path was not found," message.  This problem does not correct itself and I am unable to access any network resources.  Disconnecting and reconnecting does not fix this, no matter how many times I do it.
If I again run the remote access server wizard, (from To Do list on server management,) my VPN again works fine and I am able to browse network resources without a problem and this situation repeats itself all over again.  What is it about running this wizard that fixes this?  And what is it about having no active VPN connections for a period that breaks it again?
I have not had the connection, "go bad," per se while connected but I have not had a chance to test leaving a vpn connection going for days straight, (obviously setting the client not to disconnect after a period of time.)
Has anyone had a similar experience using VPN on Windows SBS and is there a fix or workaround I can use?  
A little background:  there is no router and I"m running ISA 2004, (and as far as I can tell everything is configured to allow the VPN to pass through.)  If ISA was not configured correctly would I even be able to use the VPN at all?  Because right now, after I run the wizard its working great.  
Avatar of Rob Williams
Rob Williams
Flag of Canada image

It is a long shot, but go to the routing and remote access control panel | expand the server name | right click on ports | highlight miniport (PPTP) and select configure | make sure maximum ports is set to 5 or more
It sounds to me like a DHCP issue.  Can you please post a COMPLETE ipconfig /all from the SBS as well as from the remote machine you are connecting with while the VPN connection is active?

Thanks.

Jeff
TechSoEasy
Avatar of FASP

ASKER

I ran the wizard on the server again off the To Do list.  I took my laptop. (which is not joined to the domain,) and connected to the internet via a verizon broadband usb modem.  I was able to map the shared drive and browse it, (I used the shared drive to transfer these files I linked.)  So the VPN is active.  I attached the ipconfig/all that I ran right after that on the client and the server.  Thanks.
serverIPconfig.txt
remoteIPconfig.txt
Avatar of FASP

ASKER

Robwill, there are 5 ports already dedicated to the RAS.
ASKER CERTIFIED SOLUTION
Avatar of Jeffrey Kane - TechSoEasy
Jeffrey Kane - TechSoEasy
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
I would agree with all of Jeff's suggestions, not that he needs my confirmation, but to add:
-When you make an "unsuccessful connection" can you connect to any resources by IP rather than NetBIOS name, such as \\192.168.1.1\ShareName  If so this helps to determine if it is a DNS issue possibly related to the comcast suffix.
-I assume the connection made from the "remoteIPconfig.txt" example is made using a wireless card such as an EVDO connection. Do you have the same issues when making a standard connection through a wired DSL/Cable modem connection? If not it may related to the routing by the EVDO(or equiv) PPP connection.
Avatar of FASP

ASKER

When I download the small business client connection manager and run it, I can connect but thats about it.  I can't ping anything or browse network resources at all.  When I just make a vpn connection with the wizard in XP, it still works, (but then I just reset the RAS again.)

It just feels like the problem is more when I'm not connected, than when I am.  Like sometime during a period of RAS inactivity, the VPN goes bad and no further connections get a response from the server until the RAS wizard is run again.  This is just the gut feeling I'm getting from playing with this for the past two weeks.   Here is a topic that really felt, "on-point," so to speak, but had no adequate resolution imho,   https://www.experts-exchange.com/questions/22864594/VPN-connection-going-bad-all-the-time.html   What this guy is trying to say is exaclty what I'm experiencing.  If it was DNS Gateway and subnets, etc would the VPN work so well when I am connected?
I'm at home now and I just reset the RAS on the server.  I then used a VPN shortcut I made, (with gateway DNS disabled so that my browser uses my local internet conneciton to surf the net instead of going through the servers ISA.)  I was able to connect fine and access server resources fine.  The connection is not slow, does not drop, its just after I disconnect it and try it again tommorow the odds are it will not work.  It will let me connect and aunthenticate but the server will not communicate with the remote computer.  I enclosed the ipconfig logs from this current connection from my home to the server.   Maybe it will help.
remoteIPconfig.txt
serverIPconfig.txt
Avatar of FASP

ASKER

sorry about that, I posted the wrong remote ipconfig file.  Here is the correct one.
remoteIPconfig.txt
>>" If it was DNS Gateway and subnets, etc would the VPN work so well when I am connected?"
DNS and subnet issues can cause irratic behavior more than anything. This is why I was asking about connecting by IP and not using the EVDO connection. It might help to rule out those issues.

The files added in your last post seem the same as the first.
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Yup.. you beat me to it Rob...

FASP, run the Change Server IP Address Wizard as I had suggested in my post above.

Jeff
TechSoEasy
Avatar of FASP

ASKER

good stuff here guys, appreciate it, a little busy with some other things atm but I'll revisit this issue and try this out asap