ISA Server 2006 VPN/RDP problems
Hi,
The ISA server went down unexpectedly over the weekend and after a clean shutdown/restart RDP is failing to connect as well as VPN connections are being blocked. The remote access services are running as well as everything else associated. Does anyone have a good idea as to where to start troubleshooting this?
Thank you,
Brian
The ISA server went down unexpectedly over the weekend and after a clean shutdown/restart RDP is failing to connect as well as VPN connections are being blocked. The remote access services are running as well as everything else associated. Does anyone have a good idea as to where to start troubleshooting this?
Thank you,
Brian
Kash
have you double checked the rules ?
ASKER
Everything looks correct. We did have an internet provider change a while ago but have since rebooted. What gets me is that the internal RDP is not working either.
Check your event logs, and also check Monitoring in ISA (either Live or otherwise) so you can see how the connection was processed, whether it was blocked by a rule, allowed, etc., no you know whether to look at ISA as the problem or another Windows component.
ASKER
first with the RPD I get an initiated connection followed by
Closed Connection XXX10 5/22/2012 2:02:25 PM
Log type: Firewall service
Status:
Rule: Allow access between XXXL2TP and Internal
Source: Internal (192.168.2.139:61237)
Destination: Local Host (192.168.2.10:3389)
Protocol: RDP (Terminal Services)
User:
Additional information
Number of bytes sent: 48 Number of bytes received: 40
Processing time: 0 ms Original Client IP: 192.168.2.139
Client agent:
Here is the VPN Errors
Failed Connection Attempt XXX10 5/22/2012 2:06:03 PM
Log type: Firewall service
Status:
Rule: [System] Allow VPN client traffic to ISA Server
Source: External (XXX.XXX.XXX.250:1195)
Destination: Local Host (XXX.XXX.XXX.154:1723)
Protocol: PPTP
User:
Additional information
Number of bytes sent: 0 Number of bytes received: 0
Processing time: 906 ms Original Client IP: XXX.XXX.XXX.250
Client agent:
Then immediately
Denied Connection XXX10 5/22/2012 2:06:08 PM
Log type: Firewall service
Status:
Rule: [Enterprise] Default rule
Source: External (XXX.XXX.XXX.250:2263)
Destination: Local Host (XXX.XXX.XXX.154:500)
Protocol: IKE Client
User:
Additional information
Number of bytes sent: 0 Number of bytes received: 0
Processing time: 0 ms Original Client IP: XXX.XXX.XXX.250
Client agent:
Closed Connection XXX10 5/22/2012 2:02:25 PM
Log type: Firewall service
Status:
Rule: Allow access between XXXL2TP and Internal
Source: Internal (192.168.2.139:61237)
Destination: Local Host (192.168.2.10:3389)
Protocol: RDP (Terminal Services)
User:
Additional information
Number of bytes sent: 48 Number of bytes received: 40
Processing time: 0 ms Original Client IP: 192.168.2.139
Client agent:
Here is the VPN Errors
Failed Connection Attempt XXX10 5/22/2012 2:06:03 PM
Log type: Firewall service
Status:
Rule: [System] Allow VPN client traffic to ISA Server
Source: External (XXX.XXX.XXX.250:1195)
Destination: Local Host (XXX.XXX.XXX.154:1723)
Protocol: PPTP
User:
Additional information
Number of bytes sent: 0 Number of bytes received: 0
Processing time: 906 ms Original Client IP: XXX.XXX.XXX.250
Client agent:
Then immediately
Denied Connection XXX10 5/22/2012 2:06:08 PM
Log type: Firewall service
Status:
Rule: [Enterprise] Default rule
Source: External (XXX.XXX.XXX.250:2263)
Destination: Local Host (XXX.XXX.XXX.154:500)
Protocol: IKE Client
User:
Additional information
Number of bytes sent: 0 Number of bytes received: 0
Processing time: 0 ms Original Client IP: XXX.XXX.XXX.250
Client agent:
First thought is I don't see a problem. "Closed connection" is normal if it didn't succeed. And for VPN, PPTP was allowed, but then it looks like it tried using IKE.
What type of VPN connection are you trying to use? I would try setting the client to use the specific method that you want. Are you getting an error message on the client when trying to connect?
For RDP, same question RE: errors. Double-checked that Remote Desktop is enabled?
Have you checked your Windows Event Logs? Is ISA a member of the domain? If authenticating via IAS (RADIUS) I would also check your IAS logs in C:\Windows\system32\LogFil
What type of VPN connection are you trying to use? I would try setting the client to use the specific method that you want. Are you getting an error message on the client when trying to connect?
For RDP, same question RE: errors. Double-checked that Remote Desktop is enabled?
Have you checked your Windows Event Logs? Is ISA a member of the domain? If authenticating via IAS (RADIUS) I would also check your IAS logs in C:\Windows\system32\LogFil
ASKER
ISA is setup for IPsec Nat Client and PPTP and it is all set to allow traffic. When I set the connection to specifically PPTP instead of automatic it returns an error 807. I checked the certificates and everything looks correct. There is nobody connected to the VPN so it is not at capacity. A few errors but nothing out of the ordinary:
The number of HTTP requests per minute from the source IP address 192.168.2.200 exceeded the configured limit. ISA Server will block new HTTP requests sent from this IP address. This event indicates that this IP address probably belongs to an infected host. See the product documentation for more information about ISA Server flood resiliency.
The number of concurrent TCP connections from the source IP address 192.168.2.150 exceeded the configured limit. As a result, ISA Server will not allow the creation of new TCP connections from this source IP. This IP address probably belongs to an attacker or an infected host. See product documentation for more info about ISA flood resiliency.
Remote desktop is enabled on the server.
I also checked the windows event logs and did not see anything out of the ordinary. The only thing that stuck out was:
Terminal Server session creation failed. The relevant status code was 0x2740.
I went through and checked everything listed here http://support.microsoft.com/kb/555382
and still didn't come up with anything useful. Everything is configured correctly, registry and all from what I can tell.
The number of HTTP requests per minute from the source IP address 192.168.2.200 exceeded the configured limit. ISA Server will block new HTTP requests sent from this IP address. This event indicates that this IP address probably belongs to an infected host. See the product documentation for more information about ISA Server flood resiliency.
The number of concurrent TCP connections from the source IP address 192.168.2.150 exceeded the configured limit. As a result, ISA Server will not allow the creation of new TCP connections from this source IP. This IP address probably belongs to an attacker or an infected host. See product documentation for more info about ISA flood resiliency.
Remote desktop is enabled on the server.
I also checked the windows event logs and did not see anything out of the ordinary. The only thing that stuck out was:
Terminal Server session creation failed. The relevant status code was 0x2740.
I went through and checked everything listed here http://support.microsoft.com/kb/555382
and still didn't come up with anything useful. Everything is configured correctly, registry and all from what I can tell.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Well after not being able to find anything regarding this we went ahead and put a Cisco ASA 5505 in. The ISA server still is not accepting VPN or RDP connections for no apparent reason, could be related to the update but I am not going to spend any more time trying to troubleshoot. That ISA box is going to get reformatted and re-purposed for something else. Thank you for all your help footech.
Thanks. Sorry we weren't able to find the root cause for you.