Microsoft PPTP VPN service stopped to respond

Hello!

I have the Routing and Remote Access service running to serve PPTP VPN connections for clients and suddenly the service stop working. The clients couldnt even give a telnet at 1723 port when testing. Looking for errors in he event viewer, the only thing was a warning message that appeared randomly. The event was from source RemoteAccess and ID 20192:

A certificate could not be found. Connections that use the L2TP protocol over IPSec  require the installation of a machine certificate, also known as a computer  certificate. No L2TP calls will be accepted.

The service was still running, but when I looked at opened port using netstat, the 1723 wasnt listening, even with the service started and responding to stop/start commands.

I restarted the service and there was no change. Based on the warning message, I opened the Remote Access snap-in and set the number of ports for the L2TP protocol to zero. Restarted the service again and everything went back to normal.

What could cause this behavior if nothing was changed? No patches to the OS, no program installations, no configuration changed, etc. The OS is MS Windows 2003 Standard Server with SP2 running on 32 bits. There was no hardware problem, like disk space or low memory by the time the event started.

Regards,
LVL 2
AbilisAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rob WilliamsCommented:
"setting the number of ports for the L2TP protocol to zero" would not make a difference, but doing so would force a re-start the RRAS service. It sounds like something was "locked-up" and the restart resolved the problem. I suspect a reboot of the server would have done the same thing. Make sure you have enough PPTP ports open?
0
AbilisAuthor Commented:
Before I setted up l2tp ports to zero, I restarted the service, but it satayed the same. After setting the ports to zero, then the restart again did solved the problem. I didn't try restarting the whole server as first option because it's a production server and provides other services.

PPTP ports are in default values, that being 128. I have at maximum, 30 user simultaneously, it ins't a concern. Unless the connections started to get stucked and consuming all the 128 ports. In this last case, I surely would have seen these connectins in the console e the first service restartad would also clear them.
0
Rob WilliamsCommented:
If PPTP ports are set to the default 128 there should be no problem. I have just seen cases of having it set to 5 ports and having 5 users and similar problems when one port is not released.

As for restarting the service, when you make a change to RRAS it forces a restart and forces reconfiguration of RRAS. It seems this does a little more than just restarting the service in the services management console, though I am not sure what.
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

AbilisAuthor Commented:
Uhm, the reconfiguration part is new and a good information. But I really need something more to understand what happened. What was the problema with the L2TP port being available and why it started to make de whole service crash? This is the same scenario that I have in other places that work just fine.
Is there any known bug os something like this? I searched in MS KBs but with no success.
0
Rob WilliamsCommented:
I think you will find it has nothing to do with the L2TP ports. Try re-enabling some L2TP ports, and I think you will find it still works fine.
0
AbilisAuthor Commented:
In this case, any ideas of what could have caused the problem?

I'll try to enable them again tonight to test.
0
Rob WilliamsCommented:
All I can suggest is some part of RRAS was in a suspended state and the changes forced a reset, much like a locked network adapter or switch port, locked for no apparent reason. Having some L2TP ports enabled, even though not used is the default configuration and should not cause problems.
0
AbilisAuthor Commented:
Well, I think we are really running out of options. By the way, is there any way to debug these kind of things or look at a more detailed log information?

About the switch port or NIC block, it couldn't be, because I was accessing the server by remote desktop connection.

I'll keep the question open for one or two days. If there are no others discussions, I'll accept as the solution.

Thanks
0
Rob WilliamsCommented:
You can enable logging by opening the RRAS console, right clicking on the server name, choose properties, and then select the Logging tab. The logs generated will be put in the windows directory in a folder named "Tracing Directory". However I doubt they would help in this situation.

I wasn't suggesting it could be a locked NIC or switch port but just saying it was likely a similar experiences. Some oddity locked it, it needed to be reset in some way, and may never happen again.

It's always tough to isolate the problem when it is working again. If enabling the L2TP ports doesn't 'break' it again, you may never know why it happened.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
AbilisAuthor Commented:
I'll try it tonigh and then report back tomorrow. If everything works, we end the discussion, otherwise, I will appreciate help for tracing the causes.

Thanks
0
Rob WilliamsCommented:
You are very welcome, though I know it wasn't very enlightening.
Good luck with it.
--Rob
0
AbilisAuthor Commented:
I opened 128 l2tp port again and restarted the service. It's up and running fine until now. I think that's it.

RobWill, thanks for the tips about the loggin' and for your opinions.
0
Rob WilliamsCommented:
You are very welcome, thank you.
You said; "It's up and running fine until now". Do you mean it stopped working when you opened the L2TP ports? It should be fine, though there is no need to do so.
--Rob
0
AbilisAuthor Commented:
No, no. When I said "until now" I was reffering to the time of my post. It's still running fine.
0
Rob WilliamsCommented:
Great. Glad to hear. Sorry I wasn't sure.
Cheers!
--Rob
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.