Solved

SBS2008

Posted on 2013-12-02
6
343 Views
Last Modified: 2014-01-19
I had a momentary few minutes where I could not connect to the SB2008 Server through Teamviewer Client nor RDP through VPN, I was able to ping the SBServer from another Server successfully and  I could rdp to the other application servers, I was also told the Exchange 2007 was not functioning at that time as well. After a few minutes I was able to access the SBSServer2008 and everything was functioning as normal. I reviewed the Event logs and under System the only abnormality was: RasSstp Error (Event24) and Warning (Event 18).

I am not sure these Events are the culprit but wanted to pose this question out to see if anyone has had any similar situation with an interruption like this.  No DNS Issue found as well.
0
Comment
Question by:dtssupport
  • 4
6 Comments
 
LVL 28

Expert Comment

by:Bill Bach
ID: 39691326
There are many possible scenarios:
1) Network reconfiguration:  If the NIC was in the process of reconfiguring, you could get denied access like this.  A common reason for this is a faulty cable that is not true Cat5E(or higher) and attempting to use GbE connection.  I've seen the NIC reconfigure itself for 100Mbps, then switch back to GbE -- all on its own.
2) Busy NIC:  If a process was consuming all of the network bandwidth for a period of time (such as backup, large file copy, etc.), then connection-based processes can have problems connecting in a timely manner.  PING, which is a simple UDP packet, may be able to squeeze through.
3) Switching or networking problem: The problem may not be specific to the server, but rather to a switch to which it is connected. If someone created a switching loop, routing loop, or the like, then communications can fail.
4) Another machine came up with that IP address: This is the more scary option -- another PC could be trying to use the same IP address as the server.  The PING works, but you were actually pinging the wrong system.  If it happens again, check the ARP table after the PING to verify that the correct machine responded.  This could also be indicative of an attempted Man-In-The-Middle attack, where network packets are being re-routed to a bad host.  
5) Major CPU issue: if the server CPU was very busy and unable to process the connection requests in a timely manner, then this symptom could be seen.  Again, PING replies are very easy and require little to no CPU time.  Setting up a new RDP session, OTOH, takes some real work.

To tell for sure, you can use Wireshark or some other network analysis tool connected to the same core switch, monitoring traffic from that server, and see what is responding (and what isn't) when the problem occurs.
0
 
LVL 6

Expert Comment

by:donnk
ID: 39691876
try this:

1) Run "Fix My Network"
2) Enable VPN (again)
3) run "netsh http show" check IPv6 is not missing
4) if it is add IPv6 run (xxx is your cert HashKey): netsh http add sslcert ipport=[::]:443 certhash=xxx appid={ba195980-cd49-458b-9e23-c84ee0adcd75} certstorename=MY
5) Reboot.
0
 

Author Comment

by:dtssupport
ID: 39706728
Wanted to elaborate a little more on this issue, I just had it happen again and it hangs up the SBS2008 DC and we cannot access it through RDP and the Exchange 2007 stops communicating and it hung for about 15minutes before we could access everything again.
in the Event log it said the Routing and Remote Access failed, and here is the actual Log Error:

Log Name:      System
Source:        Microsoft-Windows-RasSstp
Date:          12/9/2013 1:15:43 PM
Event ID:      24
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      SERVER01.xxxx.local
Description:
The certificates bound to the HTTPS listener for IPv4 and IPv6 do not match. For SSTP connections, certificates should be configured for 0.0.0.0:Port for IPv4, and [::]:Port for IPv6. The port is the listener port configured to be used with SSTP. The default listener port is 443.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-RasSstp" Guid="{6c260f2c-049a-43d8-bf4d-d350a4e6611a}" EventSourceName="RasSstp" />
    <EventID Qualifiers="0">24</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-12-09T18:15:43.000Z" />
    <EventRecordID>4019639</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>System</Channel>
    <Computer>SERVER01.consultrms.local</Computer>
    <Security />
  </System>
  <EventData>
  </EventData>
</Event>


Can you tell me if someone has any thoughts on the solution for this, not quite sure if the above answer is  the same for this one?

thx
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:dtssupport
ID: 39706777
* also an Added not, the Server had Team Viewer installed on it and I am wondering if this would cause the Routing and Remote Access Service to hang.

Any Thoughts?
0
 

Accepted Solution

by:
dtssupport earned 0 total points
ID: 39779819
I was able to fix the issue thru Windows Updates, I found that Exchange 2007 had a rollup available and I think it failed on the Windows Updates, so once I installed the Exchange Rollup and rebooted the Server that seem to resolve the issue.
0
 

Author Closing Comment

by:dtssupport
ID: 39791926
finding out about the Windows Updates and noticing the Exchange Rollup failed and installing and rebooting fix the issue.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Many admins will agree: WSUS is is a nice invention but using it on the client side when updating a newly installed computer is still time consuming as you have to do several reboots and furthermore, the procedure of installing updates, rebooting an…
This is a little timesaver I have been using for setting up Microsoft Small Business Server (SBS) in the simplest possible way. It may not be appropriate for every customer. However, when you get a situation where the person who owns the server is i…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now