VPN Connection and Replication - Connection drops while publishing snapshot

[Pete Ocasio]

I have two users whose VPN connection to my firewall gets dropped
after been connected for 5 to 10 minutes and whenever a large amount
of throughtput is put through by a large publication. Lately, I noticed
that it happens wether there is activity or not in the connection.
The replication setup for thess two users consists of seven publications.
The first three pubs are small to medium size with the remaining four been
very large.
I have been using the same pubs for another 25 offices to replicate but have
not been
able to publish the initial snapshot to the subscriber for the two that are
failing.
The only diferences in the setup are explained below.

Additionally, in the last few days, I made several changes to the database
schema and
made thousands of deletions and additions to some of the tables been
replicated.
In some cases the replication of these pubs took in excess of 15 minutes and
the connection held
for current users. Yet the same is not true for publishing the snapshot for
these new users.

The users are using Windows 2000 professional (SP4) and winxp pro over
DSL connections. The vpn is initiated by the user to our Watchguard 1500
firebox. Once
the firebox authenticates the user and the user starts replicating
data, the VPN drops and no indication is given in the user side that
the connection dropped.

We have been using VPN for years and from a large variety of systems
with different operating systems including those that these two users
have installed. Also, our users use dial-up, t1, cable modem and dsl
to connect. Up to about a month ago, I had never experienced any
problems with the vpn connection other than normal user mistakes. THe
only diferences are a move from a WinNT 4.0 SP6 domain/pdc to a
win2003 with active directory domain/pdc server. This issue is
absolutely crazy. The two users with the problem are new users to the
vpn and the old users are not experiencing any difficulties
connecting.

I have ruled out the Watchguard firebox, my CISCO router and my T1
connections
as the sources of the problem.

Have anybody seen this problem before.

THanks for the help you may provide.

 

[Sandeep Rikhi [MSFT]]

Pete,

I have copied the contents of my other mail for the details I would require
to drill into this. For your post, please see inline (Look for Sandeep).

Sandeep Rikhi
Microsoft Corporation[/QUOTE]

I have two users whose VPN connection to my firewall gets dropped
after been connected for 5 to 10 minutes and whenever a large amount
of throughtput is put through by a large publication. Lately, I noticed
that it happens wether there is activity or not in the connection.
The replication setup for thess two users consists of seven publications.
The first three pubs are small to medium size with the remaining four been
very large.
I have been using the same pubs for another 25 offices to replicate but have
not been
able to publish the initial snapshot to the subscriber for the two that are
failing.
The only diferences in the setup are explained below.

Additionally, in the last few days, I made several changes to the database
schema and
made thousands of deletions and additions to some of the tables been
replicated.
In some cases the replication of these pubs took in excess of 15 minutes and
the connection held
for current users. Yet the same is not true for publishing the snapshot for
these new users.

The users are using Windows 2000 professional (SP4) and winxp pro over
DSL connections. The vpn is initiated by the user to our Watchguard 1500
firebox. Once
the firebox authenticates the user and the user starts replicating

data, the VPN drops and no indication is given in the user side that
the connection dropped.

Sandeep: I am not very clear . Do you mean the connectoid keeps showing as
connected ?

We have been using VPN for years and from a large variety of systems
with different operating systems including those that these two users
have installed. Also, our users use dial-up, t1, cable modem and dsl
to connect. Up to about a month ago, I had never experienced any
problems with the vpn connection other than normal user mistakes. THe
only diferences are a move from a WinNT 4.0 SP6 domain/pdc to a
win2003 with active directory domain/pdc server. This issue is
absolutely crazy. The two users with the problem are new users to the
vpn and the old users are not experiencing any difficulties
connecting.

Sandeep: Are you sure the machines and users have identical set of
configurations.

Lets assume that you have put up the machine under investigation on a noise
free, stable connection (say you put it on ethernet LAn for test purpose) so
that we rule out that the issue could be media.

Now... Lets say, you ask one of the old users to try their credentials on
the new machines (given to new users). Does the VPN connectivity work?

If No, The problem might be with machine certificates w.r.t domain /
remote-access policies

If yes, The issue might be with user-account info of the new users. Check if
they have the right kind of permissions. Check for any specific group,
remote-access / domain user policies.

If you are not able to zero down on one particular reason, could you please
send me the logs as asked above. I will look into it.