Accedi
 
HomeLibraryRisorseFormazioneDownloadSupportoCommunityForumBlog
Risorse per professionisti IT >
WFAS Connection Security Rules not working

Answered WFAS Connection Security Rules not working

  • mercoledì 23 maggio 2012 14:24
     
     
    Registrati per votare
    0

    Server: Windows Server 2008 R2 Standard

    Client: Windows 7 Professional

    I'm attempting to secure all CIFS traffic between the server and the client.  I can get this to work by creating server-to-server rules on each side on most clients.  I have one Windows 7 Pro client that I cannot get this to work at all.  My rules are very simple on each side.

    Server:
    Firewall: Allow Inbound/Outbound
    Endpoint 1= any
    Endpoint 2 = client IP
    Protocol = Any
    Authentication = Require inbound & outbound, advanced, PSK (for testing)

    Client:
    Firewall: Allow Inbound/Outbound
    Endpoint 1= any
    Endpoint 2 = server IP
    Protocol = Any
    Authentication = Require inbound & outbound, advanced, PSK (for testing)

    This same configuration works for other clients. I've been using RDP as a test.  I can see the main mode get established and the quick mode.  I never complete the connection though.

    Any ideas on where to start troubleshooting? 

     

Tutte le risposte

  • giovedì 24 maggio 2012 12:20
    Moderatore
     
     
    Registrati per votare
    0

    Hi,


    Please try to install the following hotfix to test:


    SMB/CIFS sessions leak in Windows Vista, in Windows Server 2008, in Windows 7 and in Windows Server 2008 R2
    http://support.microsoft.com/kb/2537589


    If the issue persist, please provide more information such as Event ID for further analysis:


    Hope this helps!


    Best Regards
    Elytis Cheng

    Elytis Cheng

    TechNet Community Support

     
  • giovedì 24 maggio 2012 12:31
     
     
    Registrati per votare
    0

    Thanks for the suggestion.  Unfortuantely neither main mode or quick mode establish now.  I did turn on logging through the advanced audit configuration.  I have this event in the log of the client (10.0.0.52):

    An IPsec main mode negotiation failed.

    Local Endpoint:

    Local Principal Name: -

    Network Address: 10.0.0.52

    Keying Module Port: 500

    Remote Endpoint:

    Principal Name: -

    Network Address: 10.0.0.113

    Keying Module Port: 500

    Additional Information:

    Keying Module Name: IKEv1

    Authentication Method: Unknown authentication

    Role: Initiator

    Impersonation State: Not enabled

    Main Mode Filter ID: 752925

    Failure Information:

    Failure Point: Local computer

    Failure Reason: Negotiation timed out

    State: Sent first (SA) payload

    Initiator Cookie: 40eb66d0ead938c8

    Responder Cookie: 0000000000000000

     
  • giovedì 24 maggio 2012 14:14
     
     
    Registrati per votare
    0

    Somehow the main mode & quick mode were established on subsequent tests:

    (from the client)

    An IPsec main mode security association was established. Extended mode was not enabled.  Certificate authentication was not used.

    Local Endpoint:
     Principal Name: -
     Network Address: 10.0.0.52
     Keying Module Port: 500

    Remote Endpoint:
     Principal Name: -
     Network Address: 10.0.0.113
     Keying Module Port: 500

    Security Association Information:
     Lifetime (minutes): 480
     Quick Mode Limit: 0
     Main Mode SA ID: 6

    Cryptographic Information:
     Cipher Algorithm: AES-128
     Integrity Algorithm: SHA1
     Diffie-Hellman Group: DH group 2

    Additional Information:
     Keying Module Name: IKEv1
     Authentication Method: Preshared key
     Role: Initiator
     Impersonation State: Not enabled
     Main Mode Filter ID: 754647

    --------

    An IPsec quick mode security association was established.
     
    Local Endpoint:
     Network Address: 10.0.0.52
     Network Address mask: 255.255.255.255
     Port:   0
     Tunnel Endpoint:  -

    Remote Endpoint:
     Network Address: 10.0.0.113
     Network Address Mask: 255.255.255.255
     Port:   0
     Private Address:  0.0.0.0
     Tunnel Endpoint:  -

     Protocol:  0
     Keying Module Name: -

    Cryptographic Information:
     Integrity Algorithm - AH: -
     Integrity Algorithm - ESP: SHA-1
     Encryption Algorithm: -

    Security Association Information:
     Lifetime - seconds: 3600
     Lifetime - data:  100000
     Lifetime - packets: 2147483647
     Mode:   Transport
     Role:   Initiator
     Quick Mode Filter ID: 754670
     Main Mode SA ID: 6
     Quick Mode SA ID: 6

    Additional Information:
     Inbound SPI:  1755269999
     Outbound SPI:  371512290
     Virtual Interface Tunnel ID:  0
     Traffic Selector ID:  0

     
  • venerdì 25 maggio 2012 11:54
     
     Con risposta
    Registrati per votare
    0

    I found what is causing this issue.  After bootign into safe mode with networking, I was able to get this to work.  On a chance, I uninstalled the Sonicwall Global VPN client.  After a reboot, it worked.  I reinstalled the VPN client and it stopped working.

    What I don't yet understand is why.  I know they both use IPSec, but I'm not sure why it breaks Windows IPSec.