Solved

ISA 2006 PPTP VPN - PPTP Miniports gone

Posted on 2009-07-07
11
1,228 Views
Last Modified: 2012-05-07
I have an ISA 2006 standard edtion with PPTP VPN access configured. It was working fine until the last reboot. Eversince then PPTP is no longer working.
There is no process listening on port 1723. Checking the RRAS configuration reveals that there are no PPTP miniports configured anymore.
- They are not configurable via the RRAS console.
- Removing and reinstalling the PPTP miniport using devcon.exe did not help.
- Reconfiguring the NICs did not help.

Restoring the server from a backup made at a point of time where the PPTP was still working shows up the same problem now.
0
Comment
Question by:Yossarian-22
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
11 Comments
 
LVL 29

Expert Comment

by:pwindell
ID: 24798622
RRAS was screwed up by the KB956570 Windows Update patch.  Either remove the update or fix it with the script indicated in this article.
KB956570 stops PPTP in ISA VPN
DNS queries that are passed through the ISA Server 2006 NAT do not use random source ports
http://support.microsoft.com/kb/956570
 
0
 
LVL 3

Author Comment

by:Yossarian-22
ID: 24801192
I had removed that update already, but the miniports are still gone.
Also the possible RSS issue has been fixed by turning it off in the registry.

Windows 2003 runs on SP2, ISA on SP1.
0
 
LVL 3

Accepted Solution

by:
Yossarian-22 earned 0 total points
ID: 24812670
One protocol definition contained a port range which covered port 1723. A rule bound to the main external IP contained that protocol definition. Even though though there was no active listing on that port going on according to netstat, the port was blocked and the miniports could not be created.
0
Defend Your Organization from The Greatest Threats

Looking to fill the gaps in your security? Bring together information from the network, endpoint and threat intelligence feeds to really see what's happening in your organization. Join the WatchGuardians in their adventures fighting cyber crime!

 

Expert Comment

by:dchorobski
ID: 34853574
OK.  This is exactly the problem I'm having and I found the same description of the problem and the solution somewhere else (no details though).  How exactly do I solve this?
0
 
LVL 29

Expert Comment

by:pwindell
ID: 34853782
It is not likely that you have the same problem as Yossarian-22,....what you most likely have is the same symptoms,...not the same problem.  His Protocol issue is unusual, unlikely, and unique to him only.  

What I described in my previous post is the very common and well established and verified problem with PPTP Ports and Windows Updates.   Here is is again:

RRAS was screwed up by the KB956570 Windows Update patch.  Either remove the update or fix it with the script indicated in this article.

KB956570 stops PPTP in ISA VPN
DNS queries that are passed through the ISA Server 2006 NAT do not use random source ports
http://support.microsoft.com/kb/956570



0
 

Expert Comment

by:dchorobski
ID: 34854442
Thanks a lot.
This was exactly what I needed.
Why would Microsoft push-out a screwed-up update and fail to push a fix with next round of updates?
0
 
LVL 29

Expert Comment

by:pwindell
ID: 34854599
I've annoyed an MS employee a time or two,  with that same question  :-)

Well the script from that article that fixes it was the "update" that fixed it, and the response before the script came out was to just remove the patch which also worked.  MS did respond pretty quickly with that.  This problem is probably almost a year old by now,...but you probably just recently allowed that one patch to apply and ended up with the problem.

When you consider the 100's of OS Patches that come out over time,...this is the only one that I know of that has caused a problem like this,...so in the big picture they haven't done that bad.  But I have to admit that knocking out the PPTP Ports was kind of a big one to trip and fall into  :-)
0
 

Expert Comment

by:dchorobski
ID: 34854719
Actually, i had the problem with that patch just about a year ago - maybe little longer.  So, at that time, I uninstalled all patches one-by-one, until there was none and VPN still didn't work.  Somewhere I found that restarting RRAS solves the problem, and it did.  Then, I reinstalled patches until that infamous  KB956570 killed VPN again.  After removal I marked it to never appear in my update list.  
Every time I run ISA updates I get chills up my spine and this time it happened again.  I think what happened is that some remnant settings must have been left in the registry and one of the new updates either used them or enabled it.  As far as I know no KB956570 is on my ISA but the issue was solved by the fix.

Thanks again,
Daniel
0
 
LVL 29

Expert Comment

by:pwindell
ID: 34854772
Even when you remove the patch (even if you hit the right one the first time) it still requires a reboot to take effect,...which you restarting RRAS probably accomplished the same thing.

I just applied the patch then adjusted it with the script,...so now I don't have to worry about the patch applying again or accidentally being re-enabled to apply because it is already there.  I'm not sure that the script disabled everything the patch did but rather adjusted it to correct the problem,...the patch was to correct DNS issues and may have fixed other things not including the PPTP thing,...so I wanted it applied.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 34854845
I did leave a copy of the Script right on the ISA's Desktop in case I ever had to repeat it  :-)
0
 

Expert Comment

by:dchorobski
ID: 34854866
I think its a good Idea.  It will stay there as a reminder.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let’s list some of the technologies that enable smooth teleworking. 
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question