Solved

Hyper-V 2012 and VPN on 2012 R2 breaking virtual switch

Posted on 2016-11-14
9
21 Views
Last Modified: 2016-11-15
Good Afternoon,

I have a client that uses VPN on a 2012 R2 server which is a VM running on a Hyper-V 2012 R2 server.  For some reason it will randomly stop working and basically time out while connecting to VPN and the only fix is to completely remove the External Virtual Switch and then Create a new one from scratch which basically means I need to be onsite to do it since it disconnects my remote session when I remove the virtual switch.

The bigger problem is that we now have a client that wants VPN setup with the same 2012 R2 Hyper-V and 2012 R2 server setup but they aren't local, so I need a fix for this before I set them up with VPN since I won't be able to get onsite.

If any of you have advice on the matter that would be great!

Thanks,
Adam
0
Comment
Question by:blue92lx
  • 5
  • 4
9 Comments
 
LVL 38

Expert Comment

by:Philip Elder
ID: 41886600
Where is RRAS installed?
0
 

Author Comment

by:blue92lx
ID: 41886792
It's on a Server that is being used for files, PC Law, and Printers and is a Virtual Machine.  No roles have been installed on the server, however, except RRAS
0
 
LVL 38

Expert Comment

by:Philip Elder
ID: 41886804
So RRAS is installed in a VM.

Does the host have Broadcom physical NIC ports? If yes, has VMQ been disabled in the driver for all ports? If not, do so and that should help with the network issues.
0
 

Author Comment

by:blue92lx
ID: 41886815
It has HP Ethernet 1Gb 2-port 332i Adapter installed on the host server.  In the physical LAN drivers VMQ is turned off, on the Hyper-V team the VMQ is turned on.  I'm guessing the Hyper-V Team "NIC" it should be turned off as well correct?  Or does it only matter on the physical hardware drivers.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 38

Expert Comment

by:Philip Elder
ID: 41886853
VMQ needs to be turned off in the adapter's properties (driver). The 332i is a Broadcom chip. The OS settings do not need to be touched.
0
 

Author Comment

by:blue92lx
ID: 41886862
OK then yeah it's turned off for both 332i units in the driver properties.
0
 
LVL 38

Accepted Solution

by:
Philip Elder earned 500 total points
ID: 41886874
Most edge devices have a one or two user freebie license for SSL VPN included. Maybe that would be a better way?
0
 

Author Comment

by:blue92lx
ID: 41887113
Yeah we use Ubiquiti routers so I'll give that a shot.  It's still a bit concerning that this doesn't work through the server due to the NiC's in some way, or due to Hyper-V.  Whichever is the issue.   I feel like using the router as the solution for VPN is not actually fixing the real issue.  It bugs me but I suppose if that works then it works.
0
 
LVL 38

Expert Comment

by:Philip Elder
ID: 41887138
We've not used RRAS for VPN connections for at least ten years. PPTP and L2TP are a pain to use at the best of times and have huge overhead.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

This is an issue that we can get adding / removing permissions in the vCSA 6.0. We can also have issues searching for users / groups in the AD (using your identify sources). This is how one of the ways to handle this issues and fix it.
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now