Solved

Windows 2008 R2 server restarts when access remotely via VPN

Posted on 2014-12-16
16
157 Views
Last Modified: 2015-01-16
Hey Experts!  I have a riddle for you that I'm haven't been able to figure out.  

I have a Windows 2008 R2 server that has LANGuard installed which I use for software deployment and Windows/Microsoft patch management.  When I access the server at the office via RDP and deploy updates through LANGuard, I have no problems.  However, when I am at home, make a VPN connection to that server and begin deploying updates via LANGuard, the server restarts after several minutes.

The VPN software is from Avaya and my laptop I use at home and desktop I use at work are the same OS.  The updates aren't related to the server as that was my first guess as to why the server restarted.  The updates are Windows software updates for a different OU group.

I would greatly appreciate any help you can provide on this.  I can provide log files or anything else if that would help.  Thanks.
0
Comment
Question by:samiam41
  • 6
  • 5
  • 3
  • +1
16 Comments
 
LVL 61

Accepted Solution

by:
btan earned 250 total points
Comment Utility
if that server with LanGuard is patched to latest then the patch will not be of relevance. instead of i am thinking

a) during that period after vpn is established what is the default gateway as compared to RDP connection or any changes to the NIC in specific to addressing.
b) what other events (like apps, security and error) happened and log in the event viewer before and after the restart.
c) any differences on (or does it even) restart behavior after VPN established and without you sending over the patch
d) any difference if login vpn user account is not administrator or any other user..
e) any difference if the client with vpn (into server), is not connected to the internet or have split tunnel enabled/disabled
f) restart is persistent and consistent regardless as long as you vpn login
g) any scheduled restart job in the server and condition for job task that may cause restart

this restart seems strange though and hard to find out without much leads ...or LanGuard has certain background script asking to restart system
0
 
LVL 46

Assisted Solution

by:noxcho
noxcho earned 250 total points
Comment Utility
Does it do a normal restart or crash (BSOD)? I assume it is crashing and your recovery options in System Advanced Settings are configured to restart the server in case of crash.
Reconfigure it to create minidump file and see what is causing these crashes.
0
 
LVL 61

Expert Comment

by:btan
Comment Utility
this MS link will also be handy to configure the actions that Windows takes when a system error (also referred to as a bug check, system crash, fatal system error, or stop error) occurs.
0
 
LVL 20

Expert Comment

by:Iain MacMillan
Comment Utility
do you not VPN into your firewall system/core switch (gateway) first, then try RDP to the server as before, or do you have to VPN into that specific server?

Do you have the server fully patched and service packed?
 
Does it have a static IP?
 
Does it have any internal firewall and/or security/AV software installed (that makes allowances for remote/VPN ip range connections?
Are you using the latest version of your VPN client (or try a 3rd party open source one like Shrewsoft)?

If you have the ability to assign an external IP and NAT config on your firewall, you could setup a restricted rule to allow you to RDP direct to to the server from your home, to take the VPN aspect out of the equation/process.
0
 
LVL 9

Author Comment

by:samiam41
Comment Utility
Hey everyone.  Thanks for your suggestions.  I was out on Wed for a little hand surgery (piece of glass removal) and I am trying to catch up without the use of one hand so I am pecking the keyboard.  

I will try out your suggestions and get back to you if you requested more information.  Thanks for your patience!
0
 
LVL 46

Expert Comment

by:noxcho
Comment Utility
Take care man.
Nox
0
 
LVL 61

Expert Comment

by:btan
Comment Utility
rest well for a longer journey
0
 
LVL 9

Author Comment

by:samiam41
Comment Utility
Greetings everyone!

I believe I narrowed down the problem as being one that relates to LANGuard and installing updates on the server.  I'm not completely sold on that idea so i am going to answer your questions and respond to your replies to verify that I have tried your suggestions and there isn't something else going on that I missed.  I appreciate your patience and I will do my best to get back to you ASAP!
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 9

Author Comment

by:samiam41
Comment Utility
a) during that period after vpn is established what is the default gateway as compared to RDP connection or any changes to the NIC in specific to addressing.
---Not sure but I will make a connection this evening and let you know

b) what other events (like apps, security and error) happened and log in the event viewer before and after the restart.
---That's the kicker.  Nothing else listed in the event viewer that appears to be consistent with the restart.  No services that are unexpectedly shutting down or faults detected.

c) any differences on (or does it even) restart behavior after VPN established and without you sending over the patch
---Good question!  The LANGuard service is set to start at startup so it isn't the service that is causing the reboot but once I open the app and deploy the updates, the server restarts.  Even when I deploy the updates to the other non-server OU's, this server (and only this server) will restart

d) any difference if login vpn user account is not administrator or any other user..
---I've only tried my AD credentials.  I can try logging in with the local admin account (unless I misunderstood your question)

e) any difference if the client with vpn (into server), is not connected to the internet or have split tunnel enabled/disabled
---It's the state's VPN system and I don't know if split tunnel is enabled/disabled

f) restart is persistent and consistent regardless as long as you vpn login
---Restart on the server only happens when I log in with my laptop from home with VPN and open the LANGuard app

g) any scheduled restart job in the server and condition for job task that may cause restart
---none

this restart seems strange though and hard to find out without much leads ...or LanGuard has certain background script asking to restart system
---I'm wondering if the LANGuard server had a left over update that wasn't deployed until the previous patch was installed and server restarted.  Long shot but it may be the culprit.  Thanks for the great questions!
0
 
LVL 9

Author Comment

by:samiam41
Comment Utility
Does it do a normal restart or crash (BSOD)? I assume it is crashing and your recovery options in System Advanced Settings are configured to restart the server in case of crash.
Reconfigure it to create minidump file and see what is causing these crashes.
---Not related to BSOD (or I didn't think until now) so I will make that change and see if I can re-create the issue.  Good thought!
0
 
LVL 9

Author Comment

by:samiam41
Comment Utility
do you not VPN into your firewall system/core switch (gateway) first, then try RDP to the server as before, or do you have to VPN into that specific server?
---VPN connection is into the state's VPN connector.  From there, I remote into the server.

Do you have the server fully patched and service packed?
---I've audited the server and notice there are several updates which need to be installed which I am working on now.  Because of this, I believe that the server has updates that need to be installed following other updates installing and server restarts.  I'm guessing that the server doesn't restart during the day as I don't push updates during normal business hours.  When I push them in the evening, the updates are pushed out but I'm not updating the "server" OU, just all of the PC's.  Somehow when LANGuard is running, an update that was pending or waiting on the server to restart is installed and prompts another restart after installation.
 
Does it have a static IP?
---Yes
 
Does it have any internal firewall and/or security/AV software installed (that makes allowances for remote/VPN ip range connections?  
---Sophos installed and Windows FW enabled which is how the other servers are configured but don't have the restart issue.

Are you using the latest version of your VPN client (or try a 3rd party open source one like Shrewsoft)?
---Good question!  I found out last week that I am using a version that is a couple of patches behind.  I'm working on getting the update and will test again to see if I can trigger the restart.

If you have the ability to assign an external IP and NAT config on your firewall, you could setup a restricted rule to allow you to RDP direct to to the server from your home, to take the VPN aspect out of the equation/process.
---Good suggestion but I don't have this access.

Thanks for your help and questions!!
0
 
LVL 61

Assisted Solution

by:btan
btan earned 250 total points
Comment Utility
Looks like we still need to see if the restart for that unique case from home to that only server with patch pushed down have to confirm the below
a) Any BSOD occurs (dump created?) during patch push down from home?
b) If no BSOD, remaining patch(es) from Languard, each will required restart and possibly the restart symptom? But that seems to differ for that server if you push same patch from office (RDP) and from home (VPN)?
c) Upgraded VPN client still cause that server with same patch restart (via VPN from home)?
d) Remove the VPN out of the context for isolation - I was even thinking using other server with this VPN client, then from that other server, RDP into the "problem" server to dump the patch...wondering if that make sense or feasible as FW may restrict it ?
e) For the using of other account, local login using local admin to upgrade should be expected to be fine (restart as req). And we can retry the push down using new patch from home (via VPN) to see any restart (again)?

Thanks for sharing
0
 
LVL 46

Assisted Solution

by:noxcho
noxcho earned 250 total points
Comment Utility
If the restart is not a normal restart by closing all tasks and doing reboot then it is crash. Please check with dump,creation configuring. This is task number one at the moment.
0
 
LVL 9

Author Closing Comment

by:samiam41
Comment Utility
Greetings Experts!

After many side projects that ate up any free time I thought I had, I was finally able to look into this issue further.  Thank you in advance for your patience with this as I know it can be frustrating waiting for someone to reply back.

From the testing that I ran with your suggestions and posts in mind, I found that the restart issue was occurring in the evenings when I would remote in and deploy updates via LANGuard (LG).  I intentionally connected to other W2K8 servers from the same VPN connection to see if I could trigger a restart or crash similar to what happened with the LG server.  I wasn't able to duplicate the restart so I tested the LG access from my office.  When I deployed updates through LG from the office, I targeted the other OU's and by chance, I found that I could restart the server.  Long story short (too late), in the LG interface, I had selected it to get the updates when I deployed the others and thereby restarting it after updates were installed.  I chalk it up to user error which explains why it didn't happen all the time.

Rather than close the question out or delete it, I want to reward you all for your time and trouble-shooting advice that will help others with similar questions or experiences.  If you feel I've cheated you on points, please let me know and I will request they be changed as I did my best to be fair to you.  I greatly appreciate your help and time (and patience) with me on this question and I look forward to working with you all in the near future!

-Aaron
0
 
LVL 61

Expert Comment

by:btan
Comment Utility
appreciate your kind sharing and learning
0
 
LVL 20

Expert Comment

by:Iain MacMillan
Comment Utility
well done and glad you got it sorted.  we tend to isolate some servers when doing patches for this very reason, so they don't auto restart, though i think we used GPO's on the later server OS's to stop auto restarts.  We also use the PDQ suit for deploy/inventory for 3rd part patches like Java, Flash and such.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This Micro Tutorial will teach you the basics of configuring your computer to improve its speed. It will also teach you how to disable programs that are running in the background simultaneously. This will be demonstrated using Windows 7 operating…
This Micro Tutorial will give you a basic overview of Windows Live Photo Gallery and show you various editing filters and touches to photos you can apply. This will be demonstrated using Windows Live Photo Gallery on Windows 7 operating system.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now