Home > Microsoft, Microsoft ISA > Watch your fat fingers

Watch your fat fingers

May 29th, 2008 Leave a comment Go to comments

So, after literally dozens of man-hours trying to get the VPN working in ISA Server 2006, the end culprit turned out to be… my fat fingers. When I entered the IP address for the domain controller in a “Computer” network entity (which I later added to the network groups used by access rulles), I typed it in wrong. As a result, traffic to/from the docmain controller didn’t go through in the cases where the rules should have judged it based on that incorrectly typed IP address and not some other criteria.

Nicely enough, a lot of other odd items in the event log and the ISA monitor are now cleared up too. Lesson re-learned once again: when things are mysteriously failing, check your typing before you go to Google. It’s a royal pain to back out hours of effort to fix a problem that never existed, but the fix itself could cause other issues.

J.Ja

Categories: Microsoft, Microsoft ISA Tags:
  1. George Ou
    May 29th, 2008 at 10:02 | #1
    Reply | Quote

    nt

  2. jmjames
    May 29th, 2008 at 14:44 | #2
    Reply | Quote

    Client-to-server VPN. The problem turned out to have nothing to do with the VPN configuration (which is easy enough), but the ISA Server’s communication with the domain controller, due to me typing its IP address in wrong. It wasn’t able to send RPC traffic properly, and as a result, VPN would not work right. I am *not* passing the VPN traffic *through* ISA to the domain controller; the ISA Server *is* the VPN termination point. But ISA Server itself did need to do some RPC for things like authentication and such, and that is what was failing.

    It’s all better now, except I need to find out why the VPN clients are getting 255.255.255.255 as a subnet mask, which prevents them from communicating with the LAN properly…

    J.Ja

  3. George Ou
    May 29th, 2008 at 23:19 | #3
    Reply | Quote

    Multi-homed configurations are a bit more complex to configure on the VPN server. Did you ask the doctor of ISA?

  4. jmjames
    May 30th, 2008 at 03:18 | #4
    Reply | Quote

    Nope, I haven’t had time to mess with it. I spent about 10 minutes trying to figure out why it wasn’t working, saw that I was subnetted wrong, and then got the information I needed on my top priority project. This isn’t *that* important at the moment, but it will be soon, and then the storage. I need to VPN so when I get the storage up I can start getting everything working right.

    J.Ja

  1. No trackbacks yet.