VPN STOPS WEB ACCES ON SERVER 2000 1

[milesy]

Ok Im lost. I have a Windwos 2000 server which has been fine for about 2 years. I have just configured VPN on it and all seemed fine, client machine can log in from of site location and access the shares as required. But the server cannot see the web any more. Using the server I tryed to ping WAN address and no joy, but I can ping a LAN address.

server IP 169.254.105.22 LAN NIC
169.254.105.25 VPN NIC
sub mask 255.255.255.0
Gateway 169.254.105.1 Dlink Router.

Any ideas greatly recived

 

[ChicagoTechNet]

this may help. quoted from

http://www.chicagotech.net/

Internal clients can't access the Internet after a remote client connects to RRAS
Symptoms: After a remote client establishes a connection on a RRAS which is installed on a domain controller with DNS, one or more of the following symptoms may occur:
1) Internal clients may no longer be able to browse the Web through Internet Security and Acceleration (ISA) Server, regardless of whether or not Web Proxy or the Firewall Client is being used for Web browsing.
2) A "The page cannot be displayed" error message is generated when you use a Web browser.
3) A "cannot find server or DNS" error occurs.
4) From an internal client, if you use PING to ping the name of the server, PING returns any other address other than the IP address that is bound to the server's internal adapter.
5) You cannot browse through the list of computers in Network Neighborhood or My Network Places.
6) You cannot connect to the following Web page:

http://server_name/myconsole

7) You may receive the following event message: Event ID: 4319, Source: Netbt, Description: A duplicate name has been detected on the tcp network. The IP address of the machine that sent the message is in the data. Use NBTSTAT with a switch of N in a command window to see which name is in a conflict state.
8) When a client clicks Update Now from the Firewall Client applet in Control Panel, the client may receive the following error message:

The server is not responding when client requests an update.
Possible causes:
-The server is not an ISA Server.
-The server is down.
9) Windows 2000 LAN clients cannot map a network drive to the server. The client may receive the following error message: No Logon Servers Available to Service your Logon Request.

Resolutions: This issue can occur if the client computer receives a response from DNS that includes the wrong Internet Protocol (IP) address. This address is only returned in a query after a remote client has connected by using Dial-Up Networking. This IP address is registered with DNS if network basic input/output system (NetBIOS) is bound to the RRAS server's dial-in interfaces or if DNS is configured to listen on all interfaces. To resolve this problem, obtain the latest service pack for Windows 2000.


Robert Lin, MS-MVP, MCSE & CNE
Windows, Network, Internet, VPN, Routing and How to at

http://www.ms-mvps.com

 

[gacollier]

Milesy,

When you brought the VPN solution online, did you add a second NIC to the unit? If so, which NIC has a default gateway entry?

 

[milesy]

Well I thought that I had sorted it myself....That is until this morning.

This is how I how I got it working.

On the second nic (both are built onto the montherboard) I only assigned an IP 169.254.105.25 and a subnet mask 255.255.255.0 and left the DNS server and Gateway blank.

Everything worked fine, The server had web access when needed, clients could use the VPN, and the server had no problems.

This morning I got to work only to find that the workstations could not log onto the netwok.

I'm now more at a loss that when I started....

 

[gacollier]

Miles,

You should only have a default gateway set on the WAN NIC, not the LAN. Both NIC's can and should have a DNS entry. Can you verify this is your setup?

 

[milesy]

As you can tell I'm new to this so thanks for the help.

The first NIC is the one that was used origanaly by the network.
This NIc has an IP, SubNet, Gateway & DNS
The Second NIC which was disabled before. Only has IP & SubNet.

Reading your post, correct me if I am wrong. I should have:-
NIC1 IP,SubNet,DNS leave Gateway empty.
NIC2 IP,SubNet,DNS and Default Gateway

 

[gacollier]

Miles,

If NIC1 is on the LAN and NIC2 is your Internet NIC you should be in good shape.

 

[jono659]

On the client machine in properties for the connection advanced TCP/IP settings make sure that the use default gateway on remote network in UNCHECKED

 

[milesy]

I Have unckecked the use default gateway on the client machine, but its not remote machine that has the problem. Thanks any way.

 

[gacollier]

Milesy,

Are you still having problems?

 

[milesy]

Gacollier.....

Yes still got the same problems. For 3-5 days all is well then we lose the connection to the net on the server and then the work stations have problems logging on to the server. But the VPN stays up and stable.

Please dont tell me this is something simple because I am tearing my hair out.....OK then, tell me it is something simple.

 

[SpecNick]

I am having a very similar problem!

I just set up a VPN on our win2k server sp4 box and just as I did, the proxy server, web hosting, and internet services just went wacko!
Everything is set up properly, but for strange reasons it isnt working properly! Its been doing my head in for the last 2 weeks!

I've just managed to get the VPN up although it isnt running the best it could, I still am lost to sorting out the other details...

Its a bunch of crap because Microsoft dont support VPN access behind a firewall/NAT

I reckon its possible though! To have it all running at the same time on one machine.

I will post again when I have more information for ya

 

[milesy]

OK ITS SORTED AT LAST....

With all the help from all the posts above..

The LAN NIC now only has a IP address, and a SUB NET, no dns or Gateway.

The VPN NIC HAS IP,SUB NET, DNS AND GATEWAY.

Everything has been up for 2 weeks stanble and not a problem.

SpecNick if I can help please drop me a line.

 

[BarryMVS]

Quick question to all,

At work: Running a Win2K domain server. Has three NIC's.
Have tried setting up a VPN, but as soon as it is active or one of the two spare NIC's is made active, the network loses all connections to the server! Each NIC has it's own static IP address and is connected to the same switches and router as the rest of the network.

At home: Running a Win2k standard server. Has two NIC's.
Both connected to the same router. PC complains about name duplication, but the VPN runs without any problems and the local PC's can still access the server.

Any ideas as the VPN at work is kind of urgent.

Barry

ICT Network Administrator
IT Services Manager

 

[dearingkr]

Something to think about...

In order to use Win2k VPN, Routing and Remote Access Server (RRAS) must be running and properly configured.

In order for RRAS to work properly, you must have at least 2 NICs and they MUST be on different networks (subnets).

MCSE CCNA CCDA

 

[BarryMVS]

OK,

Work Setup:
LAN NIC is on 192.168.1.2 / 255.255.255.0
If I configure a second NIC on 192.168.2.? / 255.255.255.0, will it still work with the gateway of 192.168.1.254?

Will this stop the NIC's from conflicting and stop the server from going down?

I guess it should but I don't really want to risk losing the server to more down time than is required!

Home setup:
Both NICS are in the 192.168.1.? / 255.255.255.0 class and the server runs quite happy other than it sees itself, (which I understand.)

You can see why I'm confussed!

Barry

ICT Network Administrator
IT Services Manager

 

[gacollier]

If I configure a second NIC on 192.168.2.? / 255.255.255.0, will it still work with the gateway of 192.168.1.254?" You may have to add a static route for subnet 192.168.2.X.

"Will this stop the NIC's from conflicting and stop the server from going down?" Is it going down now? If so, what's the config?

"Both NICS are in the 192.168.1.? / 255.255.255.0 class and the server runs quite happy other than it sees itself, (which I understand.)" Sorry, but what's the question here?

"You can see why I'm confussed!" You and me both brother! Sorry, I don't mean to make light of this post, but I don't understand the issue other than adding a second NIC to the work setup.