Remote Access / VPN Causes Major Login Problems

[CruJones]

I just built a Windows 2003 Server Standard Edition with the purpose of implementing a standalone Remote Access / VPN server on my domain. My server has two NIC's, each with a static IP address as recommended when running this type of server.

I added the Remote Access / VPN role to this server for just VPN (no NAT because I am running DHCP on a domain controller and I wanted my remote clients to get their DHCP from that server). I assigned the two different NIC's accordingly during the setup and completed the wizard.

I tested the VPN from a remote location and was able to connect to my new server just fine. I was able to browse my network and use all network functions (except connecting to the internet, but that's another issue). I tested from a few more clients with success.

Then a few hours later I had to reboot the server to move it. When I restarted the system, I entered the password and waited about 2 minutes. Then at the "Applying Personal Settings" screen, it took about 5-8 minutes to login from there. Once logged in, I could not access any network resources from that local system and none of the VPN users could authenticate (I assume because that VPN server could not see my domain controller).

I tried a ton of stuff suggested by Microsoft and others in their forums and nothing helped.

I removed the Remote Access / VPN role, rebooted and logged in quickly and had full access to all network resources.

I'm stumped. Any help would be greatly appreciated! Thanks!

 

[theravager]

You mentioned 2 nics. Did you manually configure the routing table and have only 1 default gateway?

 

[CruJones]

I did not manually configure the routing table. I saw that option in the RRAS console but did not have enough information from the documentation I had on how to configure it properly. And I do only have 1 default gateway.

Basically at this point the RRAS is running out of my home/office for testing until I get all of the bugs worked out and then it will be implemented at my regular office.

So I have two NIC's setup like this...

NIC 1 - static IP info 192.168.1.30, gateway 192.168.1.1
NIC 2 - static IP info 192.168.1.31, gateway 192.168.1.1

When I setup RRAS, I used NIC two for the VPN.

Also, since it is at my home office for testing purposes, I had to put 192.168.1.31 in the DMZ because my router does not support opening the GRE policy. NIC 1 or .30 remains behind the router.

Obviously I am new at this so any suggestions on what I need to do are much appreciated!

 

[CruJones]

I figured out the slow login part of the problem. I disabled Netbios over TCP/IP on the network adapters and that seemed to have fixed that problem, however I still don't feel I have it setup correctly and would appreciate anyone's help.

The RRAS actually works. My remote systems can connect and login to my RRAS server, use the network resources and access the internet. I guess I should be happy and leave it at that but I would really like to know why my RRAS server doesn't show up on my network and why it can't access the network itself. I can remote desktop into it from my network, so it's there, I think it's just not logging into the domain controller and registering on the network.

Maybe that's how it supposed to work, I don't know.

Any thoughts? Anyone?

Thanks!

 

[theravager]

I can't say ive fiddled with rras much but having a gateway set on both nics is definitely going to cause problems.

The two nics should also be on different subnets with a manual routing entry on at least the internet side, if not both so there is an orderly process for traffic to follow.