Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1621
  • Last Modified:

VPN on SBS 2008 not working

Hi,

Got a SBS 2008 server. VPN is used pretty well daily. No hardware/software has been added to the network/server and nothing has been configured on the server - I'm the only one with access.

external VPN users can get to the server shares by using \\server.domain.local.
The other day, they could only get access by using the IP address. Figured some sort of DNS issue.

Rebooted server.

After reboot, client's connect to VPN but get no IP (automatic IP address). DHCP is up and running fine and internal clients obtain IP ok.

I had a look at the settings in RRAS MMC and I changed from DHCP to static address pool. This works, however I can still only access server via IP UNC path and not with hostnames.

I cross checked settings with another client who has SBS 2008 and a working VPN. - All settings looked the same.

Any suggestions? Thanks

Server error log
20167
No IP address is available to hand out to the dial-in client.

20253
CoId={AC68E7BA-8718-4EEA-92D9-2C52ACD9116C}: The user domain\user connected to port VPN2-4 has been disconnected because no network protocols were successfully negotiated.
0
Talds_Alouds
Asked:
Talds_Alouds
  • 8
  • 5
  • 2
  • +1
2 Solutions
 
Olaf De CeusterCommented:
Did you run out of vpn connections it can hand out?
http://technet.microsoft.com/en-us/library/cc733687(v=ws.10).aspx

Olaf
0
 
Olaf De CeusterCommented:
SBS is not using your DHCP but are issuing IPs from the RA server. If you open up the properties of the VPN the IP range being used should be listed and can be changed.
Olaf
0
 
Talds_AloudsAuthor Commented:
Well from what I understand, RRAS can use DHCP but only when DHCP is on another server (via the DCHP relay protocol).

However, if I look at the DHCP list, I can see DHCP leases for internal and VPN clients, thus indicating that it comes out of DHCP.

As stated, another client's SBS 2008 uses the DHCP and not static addresses.

Also as stated, it connects with the static pool, but doesn't resolve hostnames.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
David AtkinIT ProfessionalCommented:
Any errors in the DHCP logs?

How have you configured the remote clients DNS?

Add an entry into the client machines host files with the servers IP address.

Have you tried clearing a couple of the old DHCP leases of the VPN clients to see if they re-obtain them?
0
 
Talds_AloudsAuthor Commented:
Ok,

So there is two network adapters in the server. 1 was disabled and the other is the adapter that is actually used on the server. Because it's an IBM server, it has another USB over Ethernet adapter. I disabled this and it now gets an IP from the DHCP (which I can see in the DHCP leases).

When I run an IPconfig /all on the client, I see the IP address and DNS server...however, the client doesn't receive a default gateway address and I can't ping anything on the server network.
0
 
David AtkinIT ProfessionalCommented:
Having two NICs is common.  SBS will only want to use one though.  They aren't designed for dual NIC's really.  Trunking two NICs etc can upset them.

Are you running the ipconfig on the remote vpn client?  You wouldn't want the remote client using the office default gateway anyway, it wants to go out of the sites gateway.

Not sure about the USB over Ethernet adaptor :S.

Can you ping IPs? Could you previously?
0
 
Talds_AloudsAuthor Commented:
Thanks.

Well last night I was mucking around and was able to ping the server's internal IP via the VPN.

Since then, I don't know what's happened and now I can't ping anything.
IPconfig attached of the client attached as well as the server.

Now, I get an IP, minus the gateway - which seems to be correct. But there's no traffic flowing to the office network.

Tried disabling firewall on server and client - not that.
Any help would be great!

The USB over Ethernet is just an IBM thing and shouldn't be anything to worry about as it's been disabled now anyway - there's only one enabled adapter.
server.txt
client.txt
0
 
David AtkinIT ProfessionalCommented:
Thanks for that.

The ipconfig looks ok.  I can see its getting an address successfully.

Can you confirm - Are you still able to access shares or is this also causing a problem as well?
0
 
Talds_AloudsAuthor Commented:
No so get no traffic through at all.
UNC path to IP of server - nothing
Ping server IP - nothing.

Previously I could ping the server's IP and get a response.

It's out of hours now and I can reboot/do whatever with the server so I'm open to more suggestions. Just installing a few updates then going to do a reboot.
0
 
David AtkinIT ProfessionalCommented:
Let us know the outcome of the reboot.

Can you do a route print from the client as well?

Any AV on the client that would be preventing traffic to the main site?  BullGuard is bad for this.
0
 
Talds_AloudsAuthor Commented:
Ok,
I've fixed it but not entirely sure how.
I ran some Windows updates, rebooted.
Tested - Computers were getting automatic private address
Changed IP allocations from DHCP to static range (I think that's what it was called).
Tested, IP assigned, can ping server, can access shares via hostnames.

I don't trust making changes and only restarting the service. Reboots seemed to be far more effective for me. Either that or there were just coincidences.

I'm not going to touch it again. But a default config for SBS 2008 RRAS is DHCP. Doesn't explain to me either why prior to the reboot, when set to DHCP, it was actually assigning addresses fine.

I'm done.
0
 
Talds_AloudsAuthor Commented:
Thanks for everyone's input.
0
 
David AtkinIT ProfessionalCommented:
Thanks for letting us know.  You are right about the reboot as it restarts all dependencies etc.
0
 
hecgomrecCommented:
Sorry I'm kind of late for this comment but hope it helps...

By restarting the server, you restart your main services... DNS, DHCP and RAS connections.

This mean you have no issues, but you will have then again soon.

Here are the facts, if you do not assign your RAS with a static IP pool that is out of your DHCP scope you will run out of IPs to hand out by your DHCP as it will keep them alive for some time to allow them to renew but when users connects using VPN they will get another.  Using a scope only for the RAS will prevent this as when the user disconnect the IP is released automatically.

Also, DNS errors could be caused by this as the server will have several names for the same IP.  Remember to keep servers with static IP and leave those IPs out of the DHCP scope.  In the same issue if the remote user remove or change the options to use DHCP and DNS from the connection settings; they will not be able to ping anything to the LAN they just connect to.
0
 
Talds_AloudsAuthor Commented:
Thanks Hecgomrec,

Great in depth info! SBS VPN was running fine for years with these guys and they were being allocated out of the main DHCP server's pool. I just enabled VPN on another server via the SBS console and the default options as my last sentence.

I notice in the DHCP leases, that I can see about 5/6 that are allocated under the server's name and they have a yellow phone on it to symbolise that it's for a VPN connection.

There's only around 10 users in total and only about 70 addresses in the lease list companywide and around 200 addresses in the total available pool.

I'm just curious on how that works because it doesn't make sense to me - but I'm sure you're right. Either way, the static pool is working for me now.
0
 
Talds_AloudsAuthor Commented:
Partly self solved.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 8
  • 5
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now