PC Review


Reply
Thread Tools Rate Thread

Vista / W2K8 -- Outgoing VPN blocks RDP/LAN connection ?

 
 
x13
Guest
Posts: n/a
 
      8th May 2009
Hello all.

Strangest problem...

Recently installed a new Windows 2008 server. When any user opens a(n
ms) VPN connection to an external site, the routing gets messed up.
The user's RDP session gets cut-off, but the VPN session stays up. No
one can RDP to the server as long the VPN connection is up. Vista
users have the same problem also but not XP...

If that happens, the I have to go on the server console using a
network KVM, and kill the VPN connection manually. Then normal network
traffic resumes. Terminal Server problem?...

I captured both servers' routing tables before and after a VPN
connection.

Platform apart, the only noticeable differences between the old and
new servers are:

T100 (new server) : 1 NIC, 172.25.0.90 /16
T102 (old server) : 2 bridged NICs, 172.25.0.88 /16

Both servers use:
Gateway: 172.25.4.1
DNS & WINS: 172.25.0.100, 172.25.0.104 (both AD domain controllers)

New server = T100 (Windows 2008 Standard x64)
Old server = T102 (Windows 2003 Standard R2 SP2)
DMZ = 192.168.2.0 /24 & 192.168.3.0 /24

ROUTING TABLES

PS: Before and after routing works

RDP BEFORE EXTERNAL VPN CONNECTION (T102):

IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...54 1e eb 83 3b 0c ...... Check Point Virtual Network Adapter
For SSL Network Extender
0x10004 ...02 11 43 fd 84 f9 ...... MAC Bridge Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface
Metric
0.0.0.0 0.0.0.0 172.25.4.1 172.25.0.88
10
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
172.25.0.0 255.255.0.0 172.25.0.88 172.25.0.88
10
172.25.0.88 255.255.255.255 127.0.0.1 127.0.0.1 10
172.25.255.255 255.255.255.255 172.25.0.88 172.25.0.88
10
192.168.2.0 255.255.255.0 172.25.4.1 172.25.0.88
1
192.168.3.0 255.255.255.0 172.25.4.1 172.25.0.88
1
192.168.10.0 255.255.255.0 172.25.4.1 172.25.0.88
1
224.0.0.0 240.0.0.0 172.25.0.88 172.25.0.88
10
255.255.255.255 255.255.255.255 172.25.0.88 172.25.0.88
1
255.255.255.255 255.255.255.255 172.25.0.88 2 1
Default Gateway:
172.25.4.1 ** correct def
route to GW
===========================================================================
Persistent Routes:
None

RDP AFTER EXTERNAL VPN CONNECTION (T102):

IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...54 1e eb 83 3b 0c ...... Check Point Virtual Network Adapter
For SSL Network Extender
0x10004 ...02 11 43 fd 84 f9 ...... MAC Bridge Miniport
0x20005 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface
Metric
0.0.0.0 0.0.0.0 172.25.4.1 172.25.0.88
11
0.0.0.0 0.0.0.0 172.26.25.35 172.26.25.25
1 ** ext VPN target
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
172.25.0.0 255.255.0.0 172.25.0.88 172.25.0.88
10
172.25.0.88 255.255.255.255 127.0.0.1 127.0.0.1 10
172.25.255.255 255.255.255.255 172.25.0.88 172.25.0.88
10
172.26.25.25 255.255.255.255 127.0.0.1 127.0.0.1 50
** ext VPN target
172.26.255.255 255.255.255.255 172.26.25.25 172.26.25.25
50 ** ext VPN target
192.168.2.0 255.255.255.0 172.25.4.1 172.25.0.88
1
192.168.3.0 255.255.255.0 172.25.4.1 172.25.0.88
1
192.168.10.0 255.255.255.0 172.25.4.1172.25.0.88 1
(target VPN IP) 255.255.255.255 172.25.4.1 172.25.0.88
10
224.0.0.0 240.0.0.0 172.25.0.88 172.25.0.88
10
224.0.0.0 240.0.0.0 172.26.25.25 172.26.25.25
1 ** ext VPN target
255.255.255.255 255.255.255.255 172.25.0.88 172.25.0.88
1
255.255.255.255 255.255.255.255 172.26.25.25 172.26.25.25
1 ** ext VPN target
255.255.255.255 255.255.255.255 172.26.25.25 2 1 ** ext
VPN target

Default Gateway: 172.26.25.35
===========================================================================
Persistent Routes:
None

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

PS: After routing DOESN'T work

RDP BEVORE EXTERNAL VPN CONNECTION (T100):

===========================================================================
Interface List
10 ...00 22 19 57 e7 06 ...... Broadcom BCM5708C NetXtreme II GigE
(NDIS VBD Client)
1 ........................... Software Loopback Interface 1
14 ...00 00 00 00 00 00 00 e0 isatap.{CEC4501E-
C5D3-4759-9D25-2F86AE9AEC59}
12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface
Metric
0.0.0.0 0.0.0.0 172.25.4.1 172.25.0.90
266
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
172.25.0.0 255.255.0.0 On-link 172.25.0.90 266
172.25.0.90 255.255.255.255 On-link 172.25.0.90 266
172.25.255.255 255.255.255.255 On-link 172.25.0.90 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 172.25.0.90 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 172.25.0.90 266
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 172.25.4.1
Default ** correct gw IP
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

PS: I don't know why IPv6 is reported: it's disabled

RDP AFTER EXTERNAL VPN CONNECTION (T100):

===========================================================================
Interface List
18 ........................... (ext VPN target)
10 ...00 22 19 57 e7 06 ...... Broadcom BCM5708C NetXtreme II GigE
(NDIS VBD Client)
1 ........................... Software Loopback Interface 1
14 ...00 00 00 00 00 00 00 e0 isatap.{CEC4501E-
C5D3-4759-9D25-2F86AE9AEC59}
12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
19 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface
Metric
0.0.0.0 0.0.0.0 172.25.4.1 172.25.0.90
4491
0.0.0.0 0.0.0.0 On-link 172.26.25.16
11 ** ext VPN target
127.0.0.0 255.0.0.0 On-link 127.0.0.1
4531
127.0.0.1 255.255.255.255 On-link 127.0.0.1
4531
127.255.255.255 255.255.255.255 On-link 127.0.0.1
4531
172.25.0.0 255.255.0.0 On-link 172.25.0.90
4491
172.25.0.90 255.255.255.255 On-link 172.25.0.90
4491
172.25.255.255 255.255.255.255 On-link 172.25.0.90
4491
172.26.25.16 255.255.255.255 On-link 172.26.25.16
266 ** ext VPN target
(target VPN IP) 255.255.255.255 172.25.4.1 172.25.0.90
4236
224.0.0.0 240.0.0.0 On-link 127.0.0.1
4531
224.0.0.0 240.0.0.0 On-link 172.25.0.90
4492
224.0.0.0 240.0.0.0 On-link 172.26.25.16
11 ** ext VPN target
255.255.255.255 255.255.255.255 On-link 127.0.0.1
4531
255.255.255.255 255.255.255.255 On-link 172.25.0.90
4491
255.255.255.255 255.255.255.255 On-link 172.26.25.16
266 ** ext VPN target
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 172.25.4.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

PS: I don't know why IPv6 is reported: it's disabled

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

This problem affects Windows Server 2008 and Vista (32 and 64-bits)

I installed SP2 on T100 but problem still exists...
Could it be a problem related to NAP policy defaults? (although we
have no NAP servers installed)

If anyone know of a KB or workaround that fixes this, I would be VERY
grateful!
Email is a spam decoy, please reply in thread.

Thanks!
==
M.T.
 
Reply With Quote
 
 
 
Reply

Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Saving web.config caused W2K8 SP1 Machine Restart Howard Hoffman Microsoft ASP .NET 4 24th Mar 2009 05:12 PM
storCenter Pro 150d: Unable to access Shares anymore after migratingdomain to w2k8 paulreims@gmail.com Windows XP General 2 29th Jul 2008 06:39 AM
Non-Authoritative restore on W2K8 Paul Bergson [MVP-DS] Microsoft Windows 2000 Active Directory 2 19th Feb 2008 08:41 PM
ADDS in W2K8 --> Fine Grained Password Policies Jorge de Almeida Pinto [MVP - DS] Microsoft Windows 2000 Active Directory 1 13th Aug 2007 03:31 AM
DC Locator Process in W2K, W2K3(R2) and W2K8 - The HOW, WHAT, WHEN.... Jorge de Almeida Pinto [MVP - DS] Microsoft Windows 2000 Active Directory 0 2nd Jul 2007 03:56 PM


Features
 

Advertising
 

Newsgroups
 


All times are GMT +1. The time now is 02:52 AM.