> Hi Alma,
>
> Thanks for updating.
>
> I am sorry for the delay due to the weekend.
>
> Please take the following steps:
>
> Step 1: Please check the following:
>
> 1. Can VPN clients ping the internal clients to ip address?
> 2. Can VPN clients can ping the internal clients to netbios name and FQDN?
>
> If you cannot do that, please give me the detail error message.
>
> Step 2: Please check your Address Assignment configuration:
>
> 1. Open ISA 2004 console.
> 2. Migrate to SBS SERVER' Virtual Private Networks (VPN).
> 3. Right click Virtual Private Networks (VPN) and select properties.
> 4. If you use Static address pool, please make sure they are not in the
> same range of Internal IP address.
> 5. If you choose DHCP, please check Internal Option.
>
> Step 3: Please create an access rule for VPN clients.
>
> Source: VPN Clients
>
> Users: All users.
>
> Destination: Internal Network.
>
> Protocols: All Outbound protocols
>
> Move the policy to the top and click Apply.
>
> If the problem persists, please help me collect the MPS Report on VPN
> client and SBS server when the VPN connection is established.
>
> In addition, please help me collect ISA info and log for further research:
>
> 1. Please help to gather the ISA Info:
>
> 1) Download the file from the following
> URL:
http://www.isatools.org/isainfo/ISAInfo.zip> 2) Extract all files to a folder on ISA server.
> 3) Double click Isainfo.js. This will generate 2 files
> ISAInfo2004-<computer-name>.log and ISAInfo2004-<computer-name>.xml in the
> current folder.
> 4) Please send these files to me.
>
> 2. Please also help to gather the ISA logs:
>
> 1) Schedule a down time.
> 2) Open ISA 2004 management console.
> 3) Expand the server node and highlight 'Monitoring'.
> 4) In the right pane, switch to the 'Logging' tab, make sure the 'Task
> Pane' is showed there.
> 5) In the 'Task Pane', click 'Configure Firewall Logging' under 'Logging
> Tasks', and then switch the 'log storage format' from 'MSDE database'
> (default) to 'File'.
> 6) Switch to the 'Fields' tab, click 'Select All', and then click OK.
> 7) In the 'Task Pane', click 'Configure Web Proxy Logging' under 'Logging
> Tasks', and then switch the 'log storage format' from 'MSDE database'
> (default) to 'File'.
> 8) Switch to the 'Fields' tab, click 'Select All', and then click OK.
> 9) Click 'Apply' to save changes and update the configuration.
> 10) Temporarily disable the Firewall service.To do that, please click
> Monitoring | Services tab, and then right click 'Microsoft Firewall' to
> choose 'Stop'.
> 11) Clear the current existing W3C logs. To do that, go to the log saving
> directory and clean any existing .W3C logs. By default, the logs will be
> saved to 'C:\Program Files\Microsoft ISA Server\ISALogs'. (Some MDF
> may not be able to deleted, that's normal.) You may backup them first and
> then delete them.
> 12) Go back to the ISA 2004 management console, and then start the stopped
> 'Microsoft Firewall' service.
> 13) Reproduce the problem, stop the service, and then gather the resulting
> W3C files to me for analysis.
> 14) Please also let me know the source and destination IP address of the
> testing clients so that I can filter the data.
>
> Please send the information to v-robeli[ at ]microsoft.com with subject:
> 39412269-VPN Problems.
>
> I am looking forward to hear from you.
>
> If you need further assistance, please don't hesitate to let me know.
>
> Best regards,
>
> Robert Li(MSFT)
>
> Microsoft CSS Online Newsgroup Support
>
> Get Secure! - www.microsoft.com/security
>
> =====================================================
>
> This newsgroup only focuses on SBS technical issues. If you have issues
> regarding other Microsoft products, you'd better post in the corresponding
> newsgroups so that they can be resolved in an efficient and timely manner.
> You can locate the newsgroup here:
>
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx>
> When opening a new thread via the web interface, we recommend you check the
> "Notify me of replies" box to receive e-mail notifications when there are
> any updates in your thread. When responding to posts via your newsreader,
> please "Reply to Group" so that others may learn and benefit from your
> issue.
>
> Microsoft engineers can only focus on one issue per thread. Although we
> provide other information for your reference, we recommend you post
> different incidents in different threads to keep the thread clean. In doing
> so, it will ensure your issues are resolved in a timely manner.
>
> For urgent issues, you may want to contact Microsoft CSS directly. Please
> check
http://support.microsoft.com for regional support phone numbers.
>
> Any input or comments in this thread are highly appreciated.
>
> =====================================================
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
> --------------------
> <Thread-Topic: VPN Problems
> <thread-index: AcekdtEbcFaTNSGpSqq1pE+5dpl8nw==
> <X-WBNR-Posting-Host: 207.46.19.197
> <From: =?Utf-8?B?QWxtYQ==?= <Alma[ at ]discussions.microsoft.com>
> <References: <6570221C-3D94-42F7-9442-67FB9491D4B0[ at ]microsoft.com>
> <VfwqmICpHHA.5168[ at ]TK2MSFTNGHUB02.phx.gbl>
> <Subject: RE: VPN Problems
> <Date: Fri, 1 Jun 2007 11:01:02 -0700
> <Lines: 179
> <Message-ID: <A4986648-DF31-4D33-A496-41E389B572BD[ at ]microsoft.com>
> <MIME-Version: 1.0
> <Content-Type: text/plain;
> < charset="Utf-8"
> <Content-Transfer-Encoding: 7bit
> <X-Newsreader: Microsoft CDO for Windows 2000
> <Content-Class: urn:content-classes:message
> <Importance: normal
> <Priority: normal
> <X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2826
> <Newsgroups: microsoft.public.windows.server.sbs
> <Path: TK2MSFTNGHUB02.phx.gbl
> <Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:41008
> <NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
> <X-Tomcat-NG: microsoft.public.windows.server.sbs
> <
> <Robert,
> <
> <I ran the CEICW wizard again and the remote connection wizard, but it
> didnt
> <fix it. Be informed I can access the server throught the VPN. I just cat
> <access any client computers connected to the server throught the VPN. In
> <addition, I have installed windows server 2003 service pack 2. From what I
> <read I do not need to get a hotfix if I have installed service pack 2.
> Also,
> <I looked for the key in the registry you mentioned and it is not there.
> Maybe
> <something was done with it in the second service pack.
> <
> <Thanks in advance,
> <
> <Alma Morgan
> <
> <"Robert Li [MSFT]" wrote:
> <
> <> Hi Alma,
> <>
> <> Thanks for posting in our newsgroup.
> <>
> <> From your description, I know you cannot visit the internal resource via
> <> VPN. If I am off-base, please don't hesitate to let me know.
> <>
> <> Based on my research, please take the following to see if the problem
> can
> <> be resolved:
> <>
> <> Step 1: Please rerun the CEICW Wizard to configure the VPN function. The
> <> wizard can help us configure the networking settings for a SBS server.
> It
> <> automatically creates the ISA rules for internet access and site
> <> publishing. It's strongly recommended to use the wizard to configure the
> <> SBS server.
> <>
> <> More info:
> <> 825763 How to configure Internet access in Windows Small Business Server
> <> 2003
> <>
http://support.microsoft.com/?id=825763 > <>
> <> Step 2: After doing this, open Server Management console and navigate to
> <> 'Internet and E-mail' snap-in. Click 'Configure Remote Access' to enable
> <> the VPN service.
> <>
> <> 1. Open Server Management select Configure Remote Access.
> <> 2. Select to enable remote access and choosoe VPN access or Dial-in
> access(
> <> require a modem).
> <> 3. Input the VPN Server name. You can input IP address or full Internet
> <> domain name of the VPN server.
> <> 4. Finish the Wizard.
> <>
> <> Step 3: Based on my research, if you have ISA Server installed, this
> could
> <> be a known issue which is detailed in this KB:
> <>
> <> VPN clients can no longer access internal resources after you install
> <> Windows Server 2003 Service Pack 1 on a computer that is running ISA
> Server
> <>
http://support.microsoft.com/?id=897651 > <>
> <> Please call the CSS to obtain the hotfix and install it on the SBS
> Server.
> <>
> <> Note: After you install this hotfix, you must set the value for the
> <> following registry subkey:
> <>
> <> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IpNat\Parameters
> <>
> <> You must set this value as follows:
> <>
> <> Value name: DisableBootTimeSecurity
> <> Value type: REG_DWORD
> <> Value data: 1
> <>
> <> Step 4: In addition, please try not using the remote gateway on the
> client,
> <> to do so:
> <>
> <> On the remote client
> <> 1). Double-click My Computer, and then click the Network and Dial-up
> <> Connections link.
> <> 2). Right-click the VPN connection that you want to change, and then
> click
> <> Properties.
> <> 3). Click the Networking tab, click Internet Protocol (TCP/IP) in the
> <> 'Components checked are used by this connection' list, and then click
> <> Properties.
> <> 4). Click Advanced, and then click to clear the Use default gateway on
> <> remote network check box.
> <>
> <> If the problem persists, please help me collect the MPS Report on SBS
> <> server and a VPN workstation for further research:
> <>
> <> 1. Download the MPSRPT_NETWORK.EXE from the following link and then run
> <> this tool to gather some information from the problematic computer:
> <>
>
http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0bd9> <> 15706/MPSRPT_NETWORK.EXE
> <> 2. Double-click on the MPSRPT_NETWORK.EXE file.
> <> [Note] This process may take some time; however, it will not have a
> <> negative effect on the performance.
> <> 3. A CAB file will be generated in the
> <> %systemroot%\MPSReports\Network\Reports\Cab directory called
> <> %COMPUTERNAME%_MPSReports.CAB. The CAB file will contain the reports
> <> generated by the MPS Reporting Tool.
> <> 4. Please send the CAB to v-robeli[ at ]microsoft.com with subject:
> 39412269-VPN
> <> Problems.
> <>
> <> I am looking forward to hear from you.
> <>
> <> If you need further assistance, please don't hesitate to let me know.
> <>
> <> Best regards,
> <>
> <> Robert Li(MSFT)
> <>
> <> Microsoft CSS Online Newsgroup Support
> <>
> <> Get Secure! - www.microsoft.com/security
> <>
> <> =====================================================
> <>
> <> This newsgroup only focuses on SBS technical issues. If you have issues
> <> regarding other Microsoft products, you'd better post in the
> corresponding
> <> newsgroups so that they can be resolved in an efficient and timely
> manner.
> <> You can locate the newsgroup here:
> <>
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx> <>
> <> When opening a new thread via the web interface, we recommend you check
> the
> <> "Notify me of replies" box to receive e-mail notifications when there
> are
> <> any updates in your thread. When responding to posts via your
> newsreader,
> <> please "Reply to Group" so that others may learn and benefit from your
> <> issue.
> <>
> <> Microsoft engineers can only focus on one issue per thread. Although we
> <> provide other information for your reference, we recommend you post
> <> different incidents in different threads to keep the thread clean. In
> doing
> <> so, it will ensure your issues are resolved in a timely manner.
> <>