locked
SSL VPN drops immediately 0x80004005 RRS feed

  • Question

  • Good afternoon,

    I'm attempting to deploy Network Connector and the connection is immediately dropped, 0x80004005. I'm assuming it's a networking issue, my clients network is quite complex and traffic is NAT'd several times before it hits the UAG public interface. My question is how do I know which ip address to assign to the Server Settings Arguments {External IP}. I've included the relevant section, I think, from the client log below. I'm assuming it's to do with the setup of my clients network since I have no problem deploying SSL VPN in my lab and have deployed SSL VPN without problems before this. I'm not a networking expert by the way, so keep it simple if possible.

    19.05.11 14:47:46.032              CWioPeer0::JoinSession enter
    19.05.11 14:47:46.032              CWioPeer0::JoinSession leave {0}

    19.05.11 14:47:46.032  session params processed from 127.0.0.174 {0}


    19.05.11 14:47:46.219  wait for reply {0}

    19.05.11 14:47:46.219              input ip                 = 192.168.15.2
    19.05.11 14:47:46.219              input class              = 192.168.15.0 / 255.255.255.128
    19.05.11 14:47:46.219              input policies (servers) = 0x1 (arps); 0xff (dhcps, with static fallback)
    19.05.11 14:47:46.219              input policies (other)   = 0x3 (nsplit); 1 (anti-spoof)
    19.05.11 14:47:46.219              CNcRouteTable::Load enter
    19.05.11 14:47:46.219                  CNcRouteTable::_AllocArrays enter
    19.05.11 14:47:46.219                      ::WU_RouteLoadTable enter
    19.05.11 14:47:46.219                          get size {0x7a, 1580 bytes}
    19.05.11 14:47:46.219                          alloc {0}
    19.05.11 14:47:46.219                          get array {0}
    19.05.11 14:47:46.219                          log entries {8}
    19.05.11 14:47:46.219                          ..01 00000002> 0.0.0.0/0.0.0.0 <> 192.168.30.2 (10)
    19.05.11 14:47:46.219                          ..02 00000001> 127.0.0.0/255.0.0.0 <> 127.0.0.1 (1)
    19.05.11 14:47:46.219                          ..03 00000002> 192.168.30.0/255.255.255.0 <> 192.168.30.129 (10)
    19.05.11 14:47:46.219                          ..04 00000001> 192.168.30.129/255.255.255.255 <> 127.0.0.1 (10)
    19.05.11 14:47:46.219                          ..05 00000002> 192.168.30.255/255.255.255.255 <> 192.168.30.129 (10)
    19.05.11 14:47:46.219                          ..06 00000002> 224.0.0.0/240.0.0.0 <> 192.168.30.129 (10)
    19.05.11 14:47:46.219                          ..07 00000002> 255.255.255.255/255.255.255.255 <> 192.168.30.129 (1)
    19.05.11 14:47:46.219                          ..08 00020004> 255.255.255.255/255.255.255.255 <> 192.168.30.129 (1)
    19.05.11 14:47:46.219                      ::WU_RouteLoadTable leave {0}
    19.05.11 14:47:46.219                      set base len {8}
    19.05.11 14:47:46.235                      ..loop: add ip interface {192.168.30.129 / 255.255.255.0}
    19.05.11 14:47:46.235                      ..check entry 0.0.0.0 / 0.0.0.0 -> 192.168.30.2 | 0x2
    19.05.11 14:47:46.235                      -> dGW
    19.05.11 14:47:46.235                      ..check entry 127.0.0.0 / 255.0.0.0 -> 127.0.0.1 | 0x1
    19.05.11 14:47:46.235                      -> IPlbk
    19.05.11 14:47:46.235                      ..check entry 192.168.30.0 / 255.255.255.0 -> 192.168.30.129 | 0x2
    19.05.11 14:47:46.235                      -> LAN
    19.05.11 14:47:46.235                      ..check entry 192.168.30.129 / 255.255.255.255 -> 127.0.0.1 | 0x1
    19.05.11 14:47:46.235                      -> IP
    19.05.11 14:47:46.235                      ..check entry 192.168.30.255 / 255.255.255.255 -> 192.168.30.129 | 0x2
    19.05.11 14:47:46.235                      -> BC1
    19.05.11 14:47:46.235                      ..check entry 224.0.0.0 / 240.0.0.0 -> 192.168.30.129 | 0x2
    19.05.11 14:47:46.235                      -> MC
    19.05.11 14:47:46.235                      ..check entry 255.255.255.255 / 255.255.255.255 -> 192.168.30.129 | 0x2
    19.05.11 14:47:46.235                      -> BC
    19.05.11 14:47:46.235                      ..check entry 255.255.255.255 / 255.255.255.255 -> 192.168.30.129 | 0x20004
    19.05.11 14:47:46.235                      -> BC
    19.05.11 14:47:46.235                  CNcRouteTable::_AllocArrays leave {0}
    19.05.11 14:47:46.235              CNcRouteTable::Load leave {0}
    19.05.11 14:47:46.235              CWioClient::_CheckRoutingConflicts enter
    19.05.11 14:47:46.235                  check route: 192.168.15.0 / 255.255.255.128 {type = virtual interface}
    19.05.11 14:47:46.235                  check route: 10.0.0.0 / 255.0.0.0 {type = optional}
    19.05.11 14:47:46.235              CWioClient::_CheckRoutingConflicts leave {0}

    19.05.11 14:47:46.235  check for conflicts {0}


    19.05.11 14:47:46.235  analyze access modes {local=0,remote=1}


    19.05.11 14:47:46.235  -> no local gw access {SetPortalFr returned 0}


    19.05.11 14:47:46.235  -> limited office gw access


    19.05.11 14:47:46.235  verifying RRAS status for potential collision {reason = session mode is non-split}

    19.05.11 14:47:46.235              CWioService::QueryStatus enter
    19.05.11 14:47:46.235                  CWioService::_OpenService enter
    19.05.11 14:47:46.235                      open SCM {0}
    19.05.11 14:47:46.235                  CWioService::_OpenService leave {0}
    19.05.11 14:47:46.235                  control interrogate {0x426}
    19.05.11 14:47:46.235                  close handle {0}
    19.05.11 14:47:46.235                  close SCM handle {0}
    19.05.11 14:47:46.235              CWioService::QueryStatus leave {0x426}
    19.05.11 14:47:46.235              CWioSession::_ConnectVirtualDevice enter
    19.05.11 14:47:46.235                  IP / Mask       = 192.168.15.2 / 255.255.255.128
    19.05.11 14:47:46.235                  DNS (Primary)   = 10.144.37.4
    19.05.11 14:47:46.235                  DNS (2nd)       = 10.144.37.5
    19.05.11 14:47:46.235                  Wins (Primary)  = 10.144.37.4
    19.05.11 14:47:46.235                  Wins (2nd)      = 10.144.37.5
    19.05.11 14:47:46.235                  GW              = 0.0.0.0
    19.05.11 14:47:46.251                  DHCP (V)        = 192.168.15.1
    19.05.11 14:47:46.251                  Alloc Type      = dhcps = 0xff, sfallback = 1
    19.05.11 14:47:46.251                  CWioNIC::ReleaseDhcpAddress enter
    19.05.11 14:47:46.251                  CWioNIC::ReleaseDhcpAddress leave {0x2}
    19.05.11 14:47:46.251                  CWioService::QueryStatus enter
    19.05.11 14:47:46.251                      CWioService::_OpenService enter
    19.05.11 14:47:46.251                          open SCM {0}
    19.05.11 14:47:46.251                      CWioService::_OpenService leave {0}
    19.05.11 14:47:46.251                      control interrogate {0}
    19.05.11 14:47:46.251                      close handle {0}
    19.05.11 14:47:46.251                      close SCM handle {0}
    19.05.11 14:47:46.251                  CWioService::QueryStatus leave {0}

    19.05.11 14:47:46.251  allocation loop flags: dynamic=1; static=0; reg_dhcp=1; msdhcpc=1

    19.05.11 14:47:46.251                  register notification {0}
    19.05.11 14:47:46.251                  CWioVaProxy::Set enter
    19.05.11 14:47:46.251                  CWioVaProxy::Set leave {0x57}
    19.05.11 14:47:46.251              CWioSession::_ConnectVirtualDevice leave {0x57}

    19.05.11 14:47:46.251  connect device {0x57}

    19.05.11 14:47:46.251              CWioSession::_SetSessionErrorInternal enter
    19.05.11 14:47:46.251                  input msg  = '(null)'
    19.05.11 14:47:46.251                  input msgId  = '8024'
    19.05.11 14:47:46.251                  input code = 0x57
    19.05.11 14:47:46.251                  indicated = 0
    19.05.11 14:47:46.266              CWioSession::_SetSessionErrorInternal leave {0}
    19.05.11 14:47:46.266              CWioSession::_SetSessionErrorInternal enter
    19.05.11 14:47:46.266                  input msg  = '(null)'
    19.05.11 14:47:46.266                  input msgId  = '8038'
    19.05.11 14:47:46.266                  input code = 0x57
    19.05.11 14:47:46.266                  indicated = 1
    19.05.11 14:47:46.266              CWioSession::_SetSessionErrorInternal leave {0xb7}
    19.05.11 14:47:46.266              CWioClient::StopSession enter
    19.05.11 14:47:46.266                  sync = 0
    19.05.11 14:47:46.266                  CNcOS::GetIsVistaOrLater enter
    19.05.11 14:47:46.266                      Type = 0x20
    19.05.11 14:47:46.266                      IsVistaOrLater: No
    19.05.11 14:47:46.266                  CNcOS::GetIsVistaOrLater leave {}
    19.05.11 14:47:46.266                  CWioVaProxy::Set enter
    19.05.11 14:47:46.266                  CWioVaProxy::Set leave {0x40}
    19.05.11 14:47:46.266                  CWioPeer::Term enter
    19.05.11 14:47:46.266                      state  = 3
    19.05.11 14:47:46.266                      reason = 2
    19.05.11 14:47:46.266                      CWioPeer0::LeaveSession enter
    19.05.11 14:47:46.266                      CWioPeer0::LeaveSession leave {0}
    19.05.11 14:47:46.266                      CWioDTunnel::Close enter
    19.05.11 14:47:46.266                          shutdown {0, ignored}
    19.05.11 14:47:46.266                          CWioPeer::Term enter
    19.05.11 14:47:46.266                              closesocket {0, ignored}
    19.05.11 14:47:46.266                          CWioDTunnel::Close leave {0}
    19.05.11 14:47:46.266                          state  = 2
    19.05.11 14:47:46.266                      reason = 1
    19.05.11 14:47:46.266                  CWioPeer::Term leave {0}

    19.05.11 14:47:46.266  disconnected from server


    19.05.11 14:47:46.266  tunnel thread (0x14c) exits


    19.05.11 14:47:46.266                  CWioPeer::Term leave {0}
    19.05.11 14:47:46.266  service thread exits

    19.05.11 14:47:46.766                  CWioPeer::Term enter
    19.05.11 14:47:46.766                      state  = 1
    19.05.11 14:47:46.766                      reason = 2
    19.05.11 14:47:46.766                  CWioPeer::Term leave {0x6}
    19.05.11 14:47:46.766                  CWioClient::_FullTunnelingUNSET enter
    19.05.11 14:47:46.766                      CNcRouteTable::Export enter
    19.05.11 14:47:46.766                          data flag = 0
    19.05.11 14:47:46.766                      CNcRouteTable::Export leave {0}
    19.05.11 14:47:46.766                  CWioClient::_FullTunnelingUNSET leave {0}
    19.05.11 14:47:46.766              CWioClient::StopSession leave {0}
    19.05.11 14:47:46.766          CWioClient::StartSession leave {0x57}

    19.05.11 14:47:46.766  <StartSession {57}>

    19.05.11 14:47:46.766          CWioSession::Term enter
    19.05.11 14:47:46.766              sync = 1
    19.05.11 14:47:46.766              CWioClient::StopSession enter
    19.05.11 14:47:46.766                  sync = 0
    19.05.11 14:47:46.766                  CNcOS::GetIsVistaOrLater enter
    19.05.11 14:47:46.766                      Type = 0x20
    19.05.11 14:47:46.766                      IsVistaOrLater: No
    19.05.11 14:47:46.766                  CNcOS::GetIsVistaOrLater leave {}
    19.05.11 14:47:46.766                  CWioVaProxy::Set enter
    19.05.11 14:47:46.766                  CWioVaProxy::Set leave {0x40}
    19.05.11 14:47:46.766                  CWioPeer::Term enter
    19.05.11 14:47:46.766                      state  = 0
    19.05.11 14:47:46.766                      reason = 2
    19.05.11 14:47:46.766                  CWioPeer::Term leave {0x6}
    19.05.11 14:47:46.766                  CWioClient::_FullTunnelingUNSET enter
    19.05.11 14:47:46.766                      nothing to undo..
    19.05.11 14:47:46.766                      CNcRouteTable::Export enter
    19.05.11 14:47:46.766                          data flag = 0
    19.05.11 14:47:46.766                      CNcRouteTable::Export leave {0}
    19.05.11 14:47:46.766                  CWioClient::_FullTunnelingUNSET leave {0}
    19.05.11 14:47:46.766              CWioClient::StopSession leave {0}
    19.05.11 14:47:46.766              set event0 {0}
    19.05.11 14:47:46.766              close event1 {0}
    19.05.11 14:47:46.766              CWioThread::Stop enter
    19.05.11 14:47:46.766                  wait {0}
    19.05.11 14:47:46.766                  close {0}
    19.05.11 14:47:46.766              CWioThread::Stop leave {0}
    19.05.11 14:47:46.766              CWioCompletionPort::Close enter
    19.05.11 14:47:46.766                  ..GetQueuedCompletionStatus {0x102}
    19.05.11 14:47:46.766                  ..PostQueuedCompletionStatus {0}
    19.05.11 14:47:46.766              CWioCompletionPort::Close leave {0}
    19.05.11 14:47:46.766              CWioThread::Stop enter
    19.05.11 14:47:46.766                  wait {0}
    19.05.11 14:47:46.766                  close {0}
    19.05.11 14:47:46.782              CWioThread::Stop leave {0}
    19.05.11 14:47:46.782              CWioVaProxy::Close enter
    19.05.11 14:47:46.782              CWioVaProxy::Close leave {0}
    19.05.11 14:47:46.782              CWioThread::Stop enter

    19.05.11 14:47:47.188  device thread exits

    19.05.11 14:47:47.188                  wait {0}
    19.05.11 14:47:47.188                  close {0}
    19.05.11 14:47:47.188              CWioThread::Stop leave {0}
    19.05.11 14:47:47.188              CWioNIC::Close enter
    19.05.11 14:47:47.188              CWioNIC::Close leave {}
    19.05.11 14:47:47.188              CWioIoBuffersPool::Term enter
    19.05.11 14:47:47.188              CWioIoBuffersPool::Term leave {}
    19.05.11 14:47:47.188          CWioSession::Term leave {0}
    19.05.11 14:47:47.188      CNcSession::Start leave {0x80004005}

    Thanks in advance.

    Thursday, May 19, 2011 1:46 PM

Answers

All replies

  • Hi Neil,

    Is it possible you are hitting the issue described here:

    http://blogs.technet.com/b/philbevan/archive/2010/03/16/iag-uag-network-connector-may-be-impossible-to-configure.aspx

    (Basically, NC may not work as expected if the MAC address of the internal NIC of the UAG does not start with 00 ...

    HTH,

               Ophir.

     

    • Marked as answer by NeilCC1 Sunday, May 22, 2011 3:21 PM
    Sunday, May 22, 2011 12:00 PM
  • Hi Orphir,

    Thanks for your input.

    I don't believe this is the same issue documented above. In my case the NC comes up, the client is assigned an ip address from the allocated range and the connection is then reset.

    The relevant section from the TMG log is below, I know it's a litlle awkward to read;

    UAG Reverse Proxy TCP The application VPN was accessed on trunk vpn; Secure=1 with user name xxxx.nhs.uk\xxx and session ID 190CC0A3-9EB5-473D-981C-428255B67A37. - 5/22/2011 12:12:14 PM 5/22/2011 1:12:14 PM - - 0 VPN 0 The operation completed successfully.  xxxxx Web Proxy Filter
    UAG Reverse Proxy TCP The user xxx.nhs.uk\xxx has a remote VPN connection and was allocated IP address: 192.168.15.2. - 5/22/2011 12:12:16 PM 5/22/2011 1:12:16 PM - - 0 0 The operation completed successfully.  xxxxx Web Proxy Filter
    TCP - 86.147.94.123 5/22/2011 12:12:16 PM 5/22/2011 1:12:16 PM 86.147.94.123 192.168.14.130 443 PublishingRule::Tcp443 Initiated Connection PublishingRule::Trunk#002 0x0 SUCCESS External Local Host xxxxx Firewall
    TCP - 86.147.94.123 5/22/2011 12:12:16 PM 5/22/2011 1:12:16 PM 86.147.94.123 192.168.14.130 443 PublishingRule::Tcp443 Initiated Connection PublishingRule::Trunk#002 0x0 SUCCESS External Local Host xxxxx Firewall
    TCP - 86.147.94.123 5/22/2011 12:12:16 PM 5/22/2011 1:12:16 PM 86.147.94.123 192.168.14.130 443 PublishingRule::Tcp443 Initiated Connection PublishingRule::Trunk#002 0x0 SUCCESS External Local Host xxxxx Firewall
    TCP - 86.147.94.123 5/22/2011 12:12:18 PM 5/22/2011 1:12:18 PM 86.147.94.123 192.168.14.130 443 PublishingRule::Tcp443 Closed Connection PublishingRule::Trunk#002 0x80074e21 FWX_E_ABORTIVE_SHUTDOWN External Local Host xxxxx Firewall
    TCP - 86.147.94.123 5/22/2011 12:12:18 PM 5/22/2011 1:12:18 PM 86.147.94.123 192.168.14.130 443 PublishingRule::Tcp443 Closed Connection PublishingRule::Trunk#002 0x80074e20 FWX_E_GRACEFUL_SHUTDOWN External Local Host xxxxx

    Firewall

     

    Once again thanks for your help.

    Any further ideas are more than welcome.

    Regards.

    Sunday, May 22, 2011 12:38 PM
  • Hi Neil,

    The symptom of the above issue is very similar. Can you confirm the MAC address of your internal NIC starts with 00 (This should be very simple test).

     

    Ophir.

    Sunday, May 22, 2011 12:44 PM
  • Hi Orphir,

    I've changed the MAC address on the internal NIC to start with 00 and the Network Connector has started working. Thanks for your help. Great tip.

    Many thanks.

    Sunday, May 22, 2011 3:22 PM
  • Great post, thank you!

    This works for us as well now.


    regards, Alexey
    Wednesday, June 15, 2011 11:59 AM