[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 595
  • Last Modified:

RRAS and RWW go down after reboot

I have a buggy SBS 2003 server that i took over administration for and It sometimes hangs and reboots .. after the server reboots everything starts working properly again.

except RRAS and RWW ... at the moment RRAS is more critical for me as the company president is on the road alot and needs to vpn in.

my server just rebooted and I am afraid i have the same problem again ... how do i verify RRAS is working and how can i fix it is not ?

the way i can immediately tell that VPN is down .. is when i open the task manager on the network tab .. it shows up as a separate interface when it is up and running and is completely missing when it is not there.

when i goto administrative tools -> routing and remote access .. the service is running but the ports are all inactive (about 5 of them)

another thing that i have noticed which has changed is the pictur below .. there was an ip address in the empty boxes

I am absolutely positive that this issue is not the firewall side because i verified all the ports are being forwarded correctly and vpn was working fine before the server reboot and nothing has been changed on the firewall

help please ??


0
Eng-
Asked:
Eng-
  • 3
  • 3
1 Solution
 
Jerry SolomonNetwork AdministratorCommented:
There was a recent microsoft security update that really made a mess of SBS servers. It specifically messed up a bunch of listening ports, including RRAS.  There is a registry hack to fix it. the microsoft technet article is at:
http://blogs.technet.com/sbs/archive/2008/07/17/some-services-may-fail-to-start-or-may-not-work-properly-after-installing-ms08-037-951746-and-951748.aspx

See if that is the issue.
0
 
suppsawsCommented:
Hello Eng-,

I think the best thing is to cleanup the SBS and rerun most of the wizards so you have a stable server.
First run the BPA for sbs 2003, which can be found here: http://sbs.editme.com/SBSintro
Do everything it asks, rerun the wizards, clean the eventlogs and show the most important errors to me.

It could also be interesting to give an ipconfig /all of the server and one clients to see if the previous guy hasn't messed up that also.

Regards,

suppsaws
0
 
Eng-Author Commented:

I've followed both pieces of advice and still no change.

below is the ipconfig /all output for both the server and one of the clients if it helps.




**Windows IP Configuration for the server**



   Host Name . . . . . . . . . . . . :[servername]

   Primary Dns Suffix  . . . . . . . : [domain.local]

   Node Type . . . . . . . . . . . . : Unknown

   IP Routing Enabled. . . . . . . . : Yes

   WINS Proxy Enabled. . . . . . . . : Yes

   DNS Suffix Search List. . . . . . : [domain.local]



Ethernet adapter Server Local Area Connection:



   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client)

   Physical Address. . . . . . . . . : [MAC address]

   DHCP Enabled. . . . . . . . . . . : No

   IP Address. . . . . . . . . . . . : 192.168.16.2

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Default Gateway . . . . . . . . . :

   DNS Servers . . . . . . . . . . . : 192.168.16.2

   Primary WINS Server . . . . . . . : 192.168.16.2



Ethernet adapter Internet Connection:



   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) #2

   Physical Address. . . . . . . . . : [MAC address]

   DHCP Enabled. . . . . . . . . . . : No

   IP Address. . . . . . . . . . . . : 192.168.111.254

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Default Gateway . . . . . . . . . : 192.168.111.1

   DNS Servers . . . . . . . . . . . : 192.168.16.2

   Primary WINS Server . . . . . . . : 192.168.16.2

   NetBIOS over Tcpip. . . . . . . . : Disabled




**Windows IP Configuration for client **

   Host Name . . . . . . . . . . . . : [client hostname]
   Primary Dns Suffix  . . . . . . . : [domain.local]
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : [domain.local]

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : [domain.local]
   Description . . . . . . . . . . . : Intel(R) 82566DM-2 Gigabit Network Connec
tion
   Physical Address. . . . . . . . . : [MAC address]
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::dd5a:ecdb:86ae:132e%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.16.34(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, November 03, 2008 7:58:52 AM
   Lease Expires . . . . . . . . . . : Wednesday, November 12, 2008 8:03:59 AM
   Default Gateway . . . . . . . . . : 192.168.16.2
   DHCP Server . . . . . . . . . . . : 192.168.16.2
   DNS Servers . . . . . . . . . . . : 192.168.16.2
   Primary WINS Server . . . . . . . : 192.168.16.2
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : domain.local
   Description . . . . . . . . . . . : isatap.domain.local
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : [MAC address]
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes







0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
Jerry SolomonNetwork AdministratorCommented:
I would get a real good feel for what your server is doing--I looks like it is acting as your proxy server.
I personally don't run routing through the SBS, mostly because I like to A) get the load off, and B) let something else deal with security.

It is interesting to not that the WAN (192.168.11.254) side is not a public address, which means you are double-natting everything, which is inefficient and a waste.
I woul reprogram the Internet router (192.168.11.1) to have an IP of 192.168.16.1 (no DHCP) and just forget about routing through the SBS. Revise DHCP on the SBS to have the 192.168.16.1 as the router.

Then rerun the "connect to the internet" wizard.
0
 
Eng-Author Commented:
thanks jerry for the advice i have been told something very similar by someone else.

I have some downtime scheduled for the server next weekend to apply some patches but right now i need to get the vpn back up and running like it was before.

there are alot of thins that are not as they should be .. some of them i did not even consider .. which came up through the best practice analyzer .. i will eventually take care of them .. but if whenever the server reboots vpn goes offline and i cant figure how to get it back up .. that ties my hands of doing majore changes untill i can find out how to resolve this
0
 
Eng-Author Commented:
woohoo I have finally got this resolved.

i connected to my server via remote desktop connection ... to view the event monitor when i attempt to connect to the vpn and it showed up on ISA firewall that my user account was trying to connect via vpn and that i did not have the permission to do so.

which is crazy because i am a member of the remote access group who do have permission to vpn in. ... i manually gave myself the permission on the 'dial in' tab of the user property which was previously set to grant access through 'remot access policy'

I tried again and it worked ...which raises another why would a server reboot cause a security group to lose permission it had before the server reboot and how can i go about finding out and fixing it ?
0
 
Jerry SolomonNetwork AdministratorCommented:
DNS issues often preven group policies from loading properly. The server's primary DNS in its LAN connection should be its own IP address.
Check that.
0

Featured Post

Transaction-level recovery for Oracle database

Veeam Explore for Oracle delivers low RTOs and RPOs with agentless transaction log backup and transaction-level recovery of Oracle databases. You can restore the database to a precise point in time, even to a specific transaction.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now