ISA 2006 PPTP VPN - PPTP Miniports gone

I have an ISA 2006 standard edtion with PPTP VPN access configured. It was working fine until the last reboot. Eversince then PPTP is no longer working.
There is no process listening on port 1723. Checking the RRAS configuration reveals that there are no PPTP miniports configured anymore.
- They are not configurable via the RRAS console.
- Removing and reinstalling the PPTP miniport using devcon.exe did not help.
- Reconfiguring the NICs did not help.

Restoring the server from a backup made at a point of time where the PPTP was still working shows up the same problem now.
LVL 3
Yossarian-22Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

pwindellCommented:
RRAS was screwed up by the KB956570 Windows Update patch.  Either remove the update or fix it with the script indicated in this article.
KB956570 stops PPTP in ISA VPN
DNS queries that are passed through the ISA Server 2006 NAT do not use random source ports
http://support.microsoft.com/kb/956570
 
0
Yossarian-22Author Commented:
I had removed that update already, but the miniports are still gone.
Also the possible RSS issue has been fixed by turning it off in the registry.

Windows 2003 runs on SP2, ISA on SP1.
0
Yossarian-22Author Commented:
One protocol definition contained a port range which covered port 1723. A rule bound to the main external IP contained that protocol definition. Even though though there was no active listing on that port going on according to netstat, the port was blocked and the miniports could not be created.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

dchorobskiCommented:
OK.  This is exactly the problem I'm having and I found the same description of the problem and the solution somewhere else (no details though).  How exactly do I solve this?
0
pwindellCommented:
It is not likely that you have the same problem as Yossarian-22,....what you most likely have is the same symptoms,...not the same problem.  His Protocol issue is unusual, unlikely, and unique to him only.  

What I described in my previous post is the very common and well established and verified problem with PPTP Ports and Windows Updates.   Here is is again:

RRAS was screwed up by the KB956570 Windows Update patch.  Either remove the update or fix it with the script indicated in this article.

KB956570 stops PPTP in ISA VPN
DNS queries that are passed through the ISA Server 2006 NAT do not use random source ports
http://support.microsoft.com/kb/956570



0
dchorobskiCommented:
Thanks a lot.
This was exactly what I needed.
Why would Microsoft push-out a screwed-up update and fail to push a fix with next round of updates?
0
pwindellCommented:
I've annoyed an MS employee a time or two,  with that same question  :-)

Well the script from that article that fixes it was the "update" that fixed it, and the response before the script came out was to just remove the patch which also worked.  MS did respond pretty quickly with that.  This problem is probably almost a year old by now,...but you probably just recently allowed that one patch to apply and ended up with the problem.

When you consider the 100's of OS Patches that come out over time,...this is the only one that I know of that has caused a problem like this,...so in the big picture they haven't done that bad.  But I have to admit that knocking out the PPTP Ports was kind of a big one to trip and fall into  :-)
0
dchorobskiCommented:
Actually, i had the problem with that patch just about a year ago - maybe little longer.  So, at that time, I uninstalled all patches one-by-one, until there was none and VPN still didn't work.  Somewhere I found that restarting RRAS solves the problem, and it did.  Then, I reinstalled patches until that infamous  KB956570 killed VPN again.  After removal I marked it to never appear in my update list.  
Every time I run ISA updates I get chills up my spine and this time it happened again.  I think what happened is that some remnant settings must have been left in the registry and one of the new updates either used them or enabled it.  As far as I know no KB956570 is on my ISA but the issue was solved by the fix.

Thanks again,
Daniel
0
pwindellCommented:
Even when you remove the patch (even if you hit the right one the first time) it still requires a reboot to take effect,...which you restarting RRAS probably accomplished the same thing.

I just applied the patch then adjusted it with the script,...so now I don't have to worry about the patch applying again or accidentally being re-enabled to apply because it is already there.  I'm not sure that the script disabled everything the patch did but rather adjusted it to correct the problem,...the patch was to correct DNS issues and may have fixed other things not including the PPTP thing,...so I wanted it applied.
0
pwindellCommented:
I did leave a copy of the Script right on the ISA's Desktop in case I ever had to repeat it  :-)
0
dchorobskiCommented:
I think its a good Idea.  It will stay there as a reminder.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Forefront ISA Server

From novice to tech pro — start learning today.