none
Unable to complete setup - NRPT working, IPHTTPS working but nothing gets past the DA-Server (STATUS_IPSEC_QUEUE_OVERFLOW) RRS feed

  • Question

  • Hello

    Hello I am having trouble with my setup and maybe someone has an idea what the hell is going wrong... I spent several days now on this and I am quiet tired.

    Network overview

    I am having trouble with the setup of my DA configuration. First my network has a global IPv6 prefix and every device has a global IPv6 IP-Address and a local IPv4 Address.

    I have a single public IPv4 address and due to the fact that my 443 port is overused I used NAT to map 443 port of my direct access server to another port (lets say 16774).

    Here I have a quick overview about my network.


    AS you can see my network is somewhat a star form and I want to assign DA Clients an address based on the prefix 2001:STH:STH:DA2. What is named Server here is the Network Location server. It is not reachable from the outside since the Sophos UTM would block the traffic.

    The current situation

    My IPHTTPS Service is working. The clients are connecting over IPHTTPS and receive an IPv6 Address with the configured prefix:

    However... the clients are able to ping the DA-Server (even the address 2001:STH:STH:DA1::2) but they are unable to perform any DNS-Resolution on the DA-Server nor they are able to ping the DC or any other server in the network. If I perform a tracert the package only passes the 2001:STH:STH:DA2::1 (The IP-Adress of the IPHTTPS Interface on the DA-Server).

    The firewall rules appear to be configured on the DirectAccess server and the client but it seems like the rules never become activated. From the CAPI2 Log at least it doesn't look like the certificate.

    What looks really suspicious to me is the WPF-Log:

    <?xml version="1.0" encoding="utf-8"?>
    <?xml version="1.0" encoding="UTF-8" stanDA2lone="yes"?>
    <netEvents numItems="5">
    	<item>
    		<header>
    			<timeStamp>2016-11-14T19:24:17.477Z</timeStamp>
    			<flags numItems="6">
    				<item>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET</item>
    				<item>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET</item>
    				<item>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET</item>
    				<item>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET</item>
    				<item>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET</item>
    				<item>FWPM_NET_EVENT_FLAG_IP_VERSION_SET</item>
    			</flags>
    			<ipVersion>FWP_IP_VERSION_V6</ipVersion>
    			<ipProtocol>17</ipProtocol>
    			<localAddrV6.byteArray16>2001:STH:STH:DA2:1234:1234:9618:e889</localAddrV6.byteArray16>
    			<remoteAddrV6.byteArray16>2001:STH:STH:DA1::2</remoteAddrV6.byteArray16>
    			<localPort>53475</localPort>
    			<remotePort>53</remotePort>
    			<scopeId>0</scopeId>
    			<appId/>
    			<userId/>
    			<addressFamily>FWP_AF_INET</addressFamily>
    			<packageSid/>
    			<enterpriseId/>
    			<policyFlags>0</policyFlags>
    			<effectiveName/>
    		</header>
    		<type>FWPM_NET_EVENT_TYPE_IPSEC_KERNEL_DROP</type>
    		<ipsecDrop>
    			<failureStatus>0xC000A010 (STATUS_IPSEC_QUEUE_OVERFLOW)</failureStatus>
    			<direction>FWP_DIRECTION_OUTBOUND</direction>
    			<spi>4281809998</spi>
    			<filterId>9223372036854775838</filterId>
    			<layerId>0</layerId>
    		</ipsecDrop>
    	</item>
    	<item>
    		<header>
    			<timeStamp>2016-11-14T19:24:19.500Z</timeStamp>
    			<flags numItems="6">
    				<item>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET</item>
    				<item>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET</item>
    				<item>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET</item>
    				<item>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET</item>
    				<item>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET</item>
    				<item>FWPM_NET_EVENT_FLAG_IP_VERSION_SET</item>
    			</flags>
    			<ipVersion>FWP_IP_VERSION_V6</ipVersion>
    			<ipProtocol>17</ipProtocol>
    			<localAddrV6.byteArray16>2001:STH:STH:DA2:1234:1234:9618:e889</localAddrV6.byteArray16>
    			<remoteAddrV6.byteArray16>2001:STH:STH:DA1::2</remoteAddrV6.byteArray16>
    			<localPort>53475</localPort>
    			<remotePort>53</remotePort>
    			<scopeId>0</scopeId>
    			<appId/>
    			<userId/>
    			<addressFamily>FWP_AF_INET</addressFamily>
    			<packageSid/>
    			<enterpriseId/>
    			<policyFlags>0</policyFlags>
    			<effectiveName/>
    		</header>
    		<type>FWPM_NET_EVENT_TYPE_IPSEC_KERNEL_DROP</type>
    		<ipsecDrop>
    			<failureStatus>0xC000A010 (STATUS_IPSEC_QUEUE_OVERFLOW)</failureStatus>
    			<direction>FWP_DIRECTION_OUTBOUND</direction>
    			<spi>1123027516</spi>
    			<filterId>9223372036854775837</filterId>
    			<layerId>0</layerId>
    		</ipsecDrop>
    	</item>
    	<item>
    		<header>
    			<timeStamp>2016-11-14T19:24:19.500Z</timeStamp>
    			<flags numItems="6">
    				<item>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET</item>
    				<item>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET</item>
    				<item>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET</item>
    				<item>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET</item>
    				<item>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET</item>
    				<item>FWPM_NET_EVENT_FLAG_IP_VERSION_SET</item>
    			</flags>
    			<ipVersion>FWP_IP_VERSION_V6</ipVersion>
    			<ipProtocol>17</ipProtocol>
    			<localAddrV6.byteArray16>2001:STH:STH:DA2:1234:1234:9618:e889</localAddrV6.byteArray16>
    			<remoteAddrV6.byteArray16>2001:STH:STH:DA1::2</remoteAddrV6.byteArray16>
    			<localPort>53475</localPort>
    			<remotePort>53</remotePort>
    			<scopeId>0</scopeId>
    			<appId/>
    			<userId/>
    			<addressFamily>FWP_AF_INET</addressFamily>
    			<packageSid/>
    			<enterpriseId/>
    			<policyFlags>0</policyFlags>
    			<effectiveName/>
    		</header>
    		<type>FWPM_NET_EVENT_TYPE_IPSEC_KERNEL_DROP</type>
    		<ipsecDrop>
    			<failureStatus>0xC000A010 (STATUS_IPSEC_QUEUE_OVERFLOW)</failureStatus>
    			<direction>FWP_DIRECTION_OUTBOUND</direction>
    			<spi>4281809998</spi>
    			<filterId>9223372036854775838</filterId>
    			<layerId>0</layerId>
    		</ipsecDrop>
    	</item>
    	<item>
    		<header>
    			<timeStamp>2016-11-14T19:24:23.508Z</timeStamp>
    			<flags numItems="6">
    				<item>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET</item>
    				<item>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET</item>
    				<item>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET</item>
    				<item>FWPM_NET_EVE
    NT_FLAG_LOCAL_PORT_SET</item>
    				<item>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET</item>
    				<item>FWPM_NET_EVENT_FLAG_IP_VERSION_SET</item>
    			</flags>
    			<ipVersion>FWP_IP_VERSION_V6</ipVersion>
    			<ipProtocol>17</ipProtocol>
    			<localAddrV6.byteArray16>2001:STH:STH:DA2:1234:1234:9618:e889</localAddrV6.byteArray16>
    			<remoteAddrV6.byteArray16>2001:STH:STH:DA1::2</remoteAddrV6.byteArray16>
    			<localPort>53475</localPort>
    			<remotePort>53</remotePort>
    			<scopeId>0</scopeId>
    			<appId/>
    			<userId/>
    			<addressFamily>FWP_AF_INET</addressFamily>
    			<packageSid/>
    			<enterpriseId/>
    			<policyFlags>0</policyFlags>
    			<effectiveName/>
    		</header>
    		<type>FWPM_NET_EVENT_TYPE_IPSEC_KERNEL_DROP</type>
    		<ipsecDrop>
    			<failureStatus>0xC000A010 (STATUS_IPSEC_QUEUE_OVERFLOW)</failureStatus>
    			<direction>FWP_DIRECTION_OUTBOUND</direction>
    			<spi>1123027516</spi>
    			<filterId>9223372036854775837</filterId>
    			<layerId>0</layerId>
    		</ipsecDrop>
    	</item>
    	<item>
    		<header>
    			<timeStamp>2016-11-14T19:24:23.508Z</timeStamp>
    			<flags numItems="6">
    				<item>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET</item>
    				<item>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET</item>
    				<item>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET</item>
    				<item>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET</item>
    				<item>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET</item>
    				<item>FWPM_NET_EVENT_FLAG_IP_VERSION_SET</item>
    			</flags>
    			<ipVersion>FWP_IP_VERSION_V6</ipVersion>
    			<ipProtocol>17</ipProtocol>
    			<localAddrV6.byteArray16>2001:STH:STH:DA2:1234:1234:9618:e889</localAddrV6.byteArray16>
    			<remoteAddrV6.byteArray16>2001:STH:STH:DA1:::2</remoteAddrV6.byteArray16>
    			<localPort>53475</localPort>
    			<remotePort>53</remotePort>
    			<scopeId>0</scopeId>
    			<appId/>
    			<userId/>
    			<addressFamily>FWP_AF_INET</addressFamily>
    			<packageSid/>
    			<enterpriseId/>
    			<policyFlags>0</policyFlags>
    			<effectiveName/>
    		</header>
    		<type>FWPM_NET_EVENT_TYPE_IPSEC_KERNEL_DROP</type>
    		<ipsecDrop>
    			<failureStatus>0xC000A010 (STATUS_IPSEC_QUEUE_OVERFLOW)</failureStatus>
    			<direction>FWP_DIRECTION_OUTBOUND</direction>
    			<spi>4281809998</spi>
    			<filterId>9223372036854775838</filterId>
    			<layerId>0</layerId>
    		</ipsecDrop>
    	</item>
    </netEvents>
    I will take further look into this a little bit later but at the moment I am a bit lost. Hope someone can help me with this.



    Monday, November 14, 2016 7:32 PM