Solved

Troubleshoot VPN to Windows 2003 SBS Premium with ISA 2004 and Trend Micro WFBS

Posted on 2010-08-18
8
720 Views
Last Modified: 2012-05-10
I've been painstakingly creating a virtual duplicate of our physical Windows 2003 Small Business Server Premium, and I've finally got everything working except the VPN connections. This is despite having restored an exact backup of the ISA 2004 configuration from the physical server (known good) to the virtual server.

When attempting to connect via VPN to the virtual server using a laptop that can connect to the physical server without a problem, the connection times out and a message is displayed saying that the L2TP security could not be negotiated.

Research led me to suspect that Trend Micro Worry-Free Business Security might be the factor, so I tried disabling the Trend Micro Personal Firewall Service, which may have been adding layers of confusion and over-restriction on top of the ISA 2004 firewall. I still could not VPN in at that point (from a machine that VPN's into the physical server without a problem). So, I learned how to uninstall the Personal Firewall component of Trend Micro WFBS.

I will try standing up the virtual server tonight when our users are off the network. Until then, does anyone have any possible suggestions that could improve my chances of success with this VPN?

Thank you.

- Jason
0
Comment
Question by:upcjdidner
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
8 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 33468860
Define 'Cannot Connect' - do you get no result or an error message?
What do you see in the ISA real time log monitor? Is the client vpn traffic even getting to the virtual ISA/SBS box?
0
 
LVL 2

Author Comment

by:upcjdidner
ID: 33469022
Hmmm....

When I filter for Failed VPN connections or Initiated VPN Connections for the last 7 days, I get no results.

Do you think this supports the notion that the Trend Micro firewall was blocking VPN connection attempts before they even got to ISA?

Thanks,

Jason
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 33469108
Yes - it is likely but your planned tests will prove that one way or another.
0
Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

 
LVL 2

Author Comment

by:upcjdidner
ID: 33469600
I just ran the same logging query in ISA Server on the physical SBS server and sure enough, that one correctly lists the VPN connections. This further proves that my VPN connection attempts weren't even reaching ISA last night.

Do you suspect any other variables aside from the Trend Micro firewall?
0
 
LVL 2

Author Comment

by:upcjdidner
ID: 33470434
OK - here's what I have from the client: Error 792: The L2TP connection attempt failed because security negotiation timed out.

And from the ISA Server logging, each connection attempt yielded the following:

Action: Denied Connection
Client IP: 75.193.145.194
Protocol: IKE Client

The client is using a Verizon Wireless mobile broadband hotspot (with which I connect just fine to the physical server). When I do an IPConfig on my computer, I get the IP address 192.168.1.2. I suppose Verizon is NATing for me?

Your thoughts on a cause or remedy?
0
 
LVL 2

Accepted Solution

by:
upcjdidner earned 0 total points
ID: 33859052
With the help of a consultant we came to the conclusion that ISA wasn't designed to be a VPN device in a virtualized environment; we went with a dedicated VPN appliance sitting outside the virtual server, and that worked.

Thanks all for your input.

- Jason
0
 
LVL 2

Author Comment

by:upcjdidner
ID: 33859079
The resolution for this question may be instructive to other people with a similar issue. It would have saved me many hours if it was out there in a search result.
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
windows firewall + remote registry/ system 8 41
VPN problems 4 92
VPN Server 5 79
Can I have 2 essentials servers in one doamin? 4 52
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question