?
Solved

Routing and Remote Access VPN Stops Answering After a While

Posted on 2008-10-21
15
Medium Priority
?
607 Views
Last Modified: 2012-05-05
My routing and remote access service is congiured for VPN and works, but after a while, it stops answering client's requests to connect.

The VPN server is on a domain and is on a member server.

When making a failed connection, no messages appear in the event log.  If I check netstat -aon, it shows the system is still listening on port 1723 as it should.  Restarting the Routing and Remote Access service does not resolve the problem.

If I restart the server, it fixes the problem.

How can I prevent this from happening?  How can I troubleshoot deeper what's happening when the VPN server does not answer?
0
Comment
Question by:mikewurtz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 7
15 Comments
 
LVL 5

Expert Comment

by:JBart_17
ID: 22770117
0
 

Author Comment

by:mikewurtz
ID: 22770168
It looks like that only applies to situations where the DHCP server is unavailable.  There is no problem with my DHCP server.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 22771994
Is there any chance you are running out of DHCP addresses? Are you using the DHCP relay agent and your standard DHCP server, or a DHCP static address pool within RRAS?

You might also be running out of available PPTP ports. You can change this within the RRAS console. Most Win server O/S's default to 128, but some are only 5, and then it is always possible it was somehow changed.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:mikewurtz
ID: 22772047
We do have 50+ available DHCP addresses left.  Also, I don't think running out of ports is an issue because I'm the only one that has used this server for VPN since I set it up.

Also, attached is the error that is received by the client when the connection fails.

Also remember..  If I reboot it works again..  Weird.
0
 

Author Comment

by:mikewurtz
ID: 22772068
error:  
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 22772079
It is due to the reboot I suspected DHCP leases or ports as a reboot resets these.

You mentioned "attached is the error". Sorry I don't see that?
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 22772094
Is 800 the error you are referring to? If so that is a basic connection failure. No handshaking is taking place at all. Are you always connecting from the same site?
0
 

Author Comment

by:mikewurtz
ID: 22772169
I tried to attach an image but for some reason it didn't work.

Yes sometimes an 800 error sometimes 678.  

Yes I can connect just fine from one place and then later it doesn't work from that same place.  Nothing in the envirment is changing.  It's as if the Service isn't even listening but it is..  Need someone who knows how to trace what's going on.

I was unable to attach the error the last couple times..  I just uninstalled IE8 Beta and now I can attach lol.


error.JPG
0
 

Author Comment

by:mikewurtz
ID: 22772447
I've investigated further using the PortQry tool to scan the VPN server from a remote location..  What I've found is bizaare..

The VPN server was not working,  I did a scan of port 1723, and this is what PortQry returned:
TCP port 1723 (pptp service): FILTERED

Then I rebooted, and scanned the port again.  This is the PortQry output:
TCP port 1723 (pptp service): LISTENING

So somehow, for some reason, while the server is just sitting there, the PPTP port just becomes blocked somehow, and rebooting opens the port back up...

HELP!
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 22772777
That is very bizarre.
Do you have any other services open on that IP, such as RDP? If so next time it happens test for that service as well, to see if it too stops responding. I am wondering if the port is "going to sleep". I would verify in device manger that the network adapter doesn't have "allow the computer to turn off this device to save power" enabled.

Is there ant third party security software installed? Many software firewalls, security suites and a few anti-virus softwares can play havoc with PPTP VPN's though they would likely be consistent.

I would also double check the number of enabled ports in RRAS just as a safety:  RRAS | right click on ports and choose properties | verify at least 4 are open. It's possible it is set to one and it is not releasing.
0
 

Author Comment

by:mikewurtz
ID: 22772817
Great idea with device manager.  The device WAS checked to allow the OS to put it to sleep.  Time will tell if that is the solution.

There is no 3rd party security software installed on this server.  Just SpiceWorks which is free software we use for network health and asset tracking.

attached is the ports properties you talked about..  I assume they are correct.
ports.JPG
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 22773290
Ports look good, and I agree Spiceworks wouldn't cause an issue. Let's hope it had to do with power management.
Let us know how you make out.
--Rob
0
 

Accepted Solution

by:
mikewurtz earned 0 total points
ID: 22778653
Bad news.  I've confirmed that the starting of SpiceWorks is what causes the VPN server to stop working..  Weird..  I'm Moving RAS to another server.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 22778980
Really! I would never have suspected that. I have used Spiceworks on several occasions and would have thought where it is primarily monitoring it would have no effect except possibly web based services, due to its web management interface.
Good information to know. I wonder why.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 22779063
Spiceworks scans all connected devices. It is possible to access a connected VPN client from the server, I wonder if Spiceworks is doing so or at least somehow trying and holding the connection open or locked.

Very bizarre.
0

Featured Post

Four New Appliances. Same Industry-leading Speeds.

But don't take it from us.  The Firebox M370 is Miercom tested and Miercom approved, outperforming its competitors for stateless and stateful traffic throughput scenarios.  Learn more about the M370, M470, M570 and M670 and find the right solution for your organization today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let’s list some of the technologies that enable smooth teleworking. 
Resolve DNS query failed errors for Exchange
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question