Unstable VPN
-
Monday, October 08, 2012 1:07 PM
I have a problem that is causing much impact on the company. I have a server with TMG 2010 (SP2) + Windows Server 2008 R2.
I enabled the feature in TMG VPN client.
The VPN (RRAS specifically) is very unstable, failing to accept any new VPN client connection 5 to 10 times a week.
When this occurs, people already connected continue working normally, but those who try to make a new connection fail, the event is 20209.
Some situations I noticed when the problem occurs:
* The RRAS is "unmanageable", if I try to disconnect a user right-clicking on it and chosing disconnect , nothing happens, the user remains connected.
* If I try to restart the RRAS service it hangs on "stopping".
* The only way I can make everything work again is by restarting the server, then, all users can connect to the VPN again for another few hours or days.
Thanks to all who can help.
MCP/MCSA/MCSE/MCTS & ITIL HBSIS - Soluções em TI
- Edited by Diogo Alfredo Maul Monday, October 08, 2012 1:08 PM
All Replies
-
Monday, October 08, 2012 4:27 PM
Go to the VPN properties. In task "Configure VPN client access "
General TAB. Increase the number of connections here.
- Edited by Namrata Thorve Monday, October 08, 2012 4:28 PM
-
Monday, October 08, 2012 5:11 PM
Hi, thanks for the answer,
The number of allowed connections is configured to 100, and there is no more than 15 daily simultaneous connections.
MCP/MCSA/MCSE/MCTS & ITIL HBSIS - Soluções em TI
-
Tuesday, October 09, 2012 7:22 AM
Check your NIC drivers on the TMG and get them updated, this is especially important if you are using Broadcom based nics.
Furthermore, make sure that you are on Rollup 2 for TMG as well on top of SP2.
Hth, Anders Janson Enfo Zipper
-
Tuesday, October 09, 2012 12:33 PM
Although the server has a Broadcom NIC's, I've installed one Intel PRO/1000 Dual Port Adapter and it's updated with the last driver from the Intel's site.
The version of the TMG is 7.0.9193.540, or Service Pack 2 with Update Rollup 2.
Regards
Diogo Maul
MCP/MCSA/MCSE/MCTS & ITIL HBSIS - Soluções em TI
-
Thursday, October 11, 2012 5:02 AMModerator
Hi,
Thank you for the post.
Please checked the live logging and see if there is any failed or denied connections. And is there any error message which you are getting on the client while trying to connect to VPN?
Regards,
Nick Gu - MSFT
-
Monday, October 15, 2012 12:34 PM
Monitoring at the TMG it shows a log with an "Open Connection" at the 1723, then, nothing happens for about 15 seconds and it shows other log with Closed Connection at the same port.
The error for the client is 800.
MCP/MCSA/MCSE/MCTS & ITIL HBSIS - Soluções em TI
-
Thursday, October 18, 2012 2:01 PM
I'd say that you have an issue between the TMG server and the client.
As you mention port 1723 above, PPTP is used. Check if the upstream routers allow GRE through (and that the PPTP filter is active on TMG for that matter, should be - but double check).
For ref see http://technet.microsoft.com/en-us/library/cc772616(v=WS.10).aspx#BKMK_1
Hth, Anders Janson Enfo Zipper
-
Wednesday, October 31, 2012 11:41 AM
As it Works 99% of the time and when it fails the RRAS "hangs up", I guess the internet router is OK. Don't?
MCP/MCSA/MCSE/MCTS & ITIL HBSIS - Soluções em TI
-
Wednesday, October 31, 2012 12:39 PMModeratorYou may not appreciate this response, but I would recommend you move away from using PPTP and look at something like L2TP/IPsec and/or SSTP. PPTP provides a poor level of security...
Jason Jones | Microsoft MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
.png)
