Windows client intermittent connection to PEAP WIFI backed off to ISE 1.2 wildcard cert

I am setting up a topology whwere for the first time I am deplying ISE with a wildcard certificate.  This is on ISE 1.2 patch 6, WLC's running 7.6 and Windows 7 clients in AD.  The ISE policy is just to match on machine auth.
The setting up of the wildcard cert went ok as guided by the CCO ISE 1.2 deployment/cfg guide.
When it came to testing the client auth as always I start off with the PEAP settings of Validate server certificate off, just to confirm the WLC and ISE are playing ball.  They were, the auth passed.
I then tick the Validate server certificate, make sure the CA (Windows AD) is in the Trusted Root Certification Authorities.  Retest and the client passes.
If I then disconnect the wifi and reconnect, either manually or by doing a reboot, the next authenticaiton fails, but nothing has changed.  ISE reports that my Windows client rejected the server certificate.  Which is odd as it just accepted it.
If I untick the validate the client passes, if i tick it again it will authenticate fine, once.  The next connection it will fail again with the client rejecting ISE.
Anyone got any ideas?

I have had a similar issue consistently with 1.2 on both pathc 5 and 6 (not sure about earlier one). Basically what I am seeing is the client rejecting the Server cert when validate is unticked. Most of the time the client connects just fine a few seconds later but some clients need a reboot to fix it. As a rule I put this down to client issue but not 100% sure some times.

Similar Messages

  • Mac and windows clients losing connection to Server 2012 Namespace

    I am running Windows 2012 Standard edition on two HP Servers. Both are fully patched O/S's and all HP system updates are installed. Each is running a 10 Gbit NIC to a Cisco 2960 Switch fully updated. Both Network shares are on HP external Drive bays connected
    through a Smart Array P822 card
    All users connect to the primary server (secondary server configured not to take referrals at this time)
    My Mac clients running OS X 10.9.1 connect using smb and the namespace. When the designers come in they usually have to reboot in order to connect to their server shares. We discovered today that if they change the IP address the reboot is not needed. We
    have an archive server running on a Synology NAS. Their connection to the Synology is not impacted.
    The windows machines will lose connection at random and not everyone at once. Usually no more than twice in a week. The fix is either a reboot or an IP change, sometimes both. None of the machines go to sleep or hibernate. All machines are fully patched
    with windows updates, and HP system updates.
    We run Avast on both the Mac's and PC's if this makes a difference.
    Any thoughts?
    thanks

    thanks Shaon,,
    1) IP address before is within our DHCP scope of 192..168.0.51/200. When we set to static we set it to 192.168.0.16/20. We then reset back to DHCP.
    2) The error message is that it can not find the server if I try to map it.
    3) Clients can still access by IP address and FQDN
    We have disabled Avast on a few machines to see if it will make a difference. We then ran into the issue on a machine without Avast installed.
    We did notice that our DNS server was not deleting old entries and we found many duplicate entries. We set it to scavenge and then I went through and deleted old records. Not sure if this would cause a problem or not.
    thanks again for your help!

  • Outlook email--intermittent connection on BT wifi

    I'd be grateful for any help from people who may have experienced this.
    I have a problem at home receiving emails on Outlook on my home wifi on a BT hub .  Most days , but not every day , my computer decides it will not send and receive , and in order to get it to connect to send/receive mail , I have to go into Yahoo and log into my mail there, and instantly they simultaneously automatically download into Outlook .   My wife's machine does the same occasionally but there seems to be no patten to the intermittent problem .
    When the block occurs in Outlook , we continuously get a pop up dialogue box popping up in the middle of the screen asking me to enter a password .  This is very annoying as it can do it dozens of times in a hour .  Access to the web appears unaffected apart from the pop up box on such occasions .
    Any help gratefully appreciated
    Regards. Geoff

    See http://community.bt.com/t5/Other-BB-Queries/Intermittent-POP3-email-logon-failures/td-p/330951/highl...
    Its an ongoing problem,
    There are some useful help pages here, for BT Broadband customers only, on my personal website.
    BT Broadband customers - help with broadband, WiFi, networking, e-mail and phones.

  • Files locked when Windows clients are connected to ML Server via smb

    Hi,
    I've got a problem with windows 7 clients that are connected to my MacMini Server.
    When they open files on a shared folder, and modify them, files are locked when they try to save them.
    I think it might be the op-lock option present in older versions of Mac OS X Server that can be involved, but it disapeared in Lion and older version of OS X Server.
    Does someone knows how to activate/deactivate this option, or does someone already got this problem?
    Server is a MacMini with 10.8.5 + Server 2.2.2
    Clients are Windows 7
    Thank a lot for your answers
    Bertrand.

    Officially, Adobe does not support opening or saving files to a server --- because so many different things can go wrong with networking.
    The permissions error means that the file/directory permissions are incorrect on the file server, or that the OS or server is incorrectly reporting file/directory permissions.
    Photoshop does more error checking than most applications, because we have seen so many problems in the past, and don't like applications silently losing or damaging files (which we see in other applications).

  • Windows Client cannot connect to wireless LAN through EAP-TLS

    I have a Cisco Aironet Access point which cannot be authenticated by a remote RADIUS server to connect to wireless lan through EAP-TLS. These is the debug output from the AAA process.
    *Mar  7 10:56:56.337: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
    *Mar  7 10:56:56.369: dot11_auth_parse_client_pak: Received EAPOL packet from 08
    11.9650.8cb0
    *Mar  7 10:56:56.385: dot11_auth_parse_client_pak: Received EAPOL packet from 08
    11.9650.8cb0
    *Mar  7 10:56:56.385: dot11_auth_parse_client_pak: id is not matching req-id:1re
    sp-id:2, waiting for response
    *Mar  7 10:56:56.401: dot11_auth_parse_client_pak: Received EAPOL packet from 08
    11.9650.8cb0
    *Mar  7 10:56:56.717: dot11_auth_dot1x_parse_aaa_resp: Received server response:
    GET_CHALLENGE_RESPONSE
    *Mar  7 10:56:56.717: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server r
    esponse
    *Mar  7 10:56:56.785: dot11_auth_parse_client_pak: Received EAPOL packet from 08
    11.9650.8cb0
    *Mar  7 10:56:57.097: dot11_auth_dot1x_parse_aaa_resp: Received server response:
    GET_CHALLENGE_RESPONSE
    *Mar  7 10:56:57.097: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server r
    esponse
    *Mar  7 10:56:57.101: dot11_auth_parse_client_pak: Received EAPOL packet from 08
    11.9650.8cb0
    *Mar  7 10:56:57.393: dot11_auth_dot1x_parse_aaa_resp: Received server response:
    GET_CHALLENGE_RESPONSE
    *Mar  7 10:56:57.393: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server r
    esponse
    *Mar  7 10:56:57.397: dot11_auth_parse_client_pak: Received EAPOL packet from 08
    11.9650.8cb0
    *Mar  7 10:56:57.673: dot11_auth_dot1x_parse_aaa_resp: Received server response:
    GET_CHALLENGE_RESPONSE
    *Mar  7 10:56:57.673: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server r
    esponse
    *Mar  7 10:56:57.677: dot11_auth_parse_client_pak: Received EAPOL packet from 08
    11.9650.8cb0
    *Mar  7 10:56:57.953: dot11_auth_dot1x_parse_aaa_resp: Received server response:
    GET_CHALLENGE_RESPONSE
    *Mar  7 10:56:57.953: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server r
    esponse
    *Mar  7 10:56:57.957: dot11_auth_parse_client_pak: Received EAPOL packet from 08
    11.9650.8cb0
    *Mar  7 10:56:58.317: dot11_auth_dot1x_parse_aaa_resp: Received server response:
    GET_CHALLENGE_RESPONSE
    *Mar  7 10:56:58.317: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server r
    esponse
    *Mar  7 10:56:58.321: dot11_auth_parse_client_pak: Received EAPOL packet from 08
    11.9650.8cb0
    *Mar  7 10:56:58.685: dot11_auth_dot1x_parse_aaa_resp: Received server response:
    GET_CHALLENGE_RESPONSE
    *Mar  7 10:56:58.685: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server r
    esponse
    *Mar  7 10:56:58.685: dot11_auth_parse_client_pak: Received EAPOL packet from 08
    11.9650.8cb0
    *Mar  7 10:56:58.993: dot11_auth_dot1x_parse_aaa_resp: Received server response:
    GET_CHALLENGE_RESPONSE
    *Mar  7 10:56:58.993: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server r
    esponse
    *Mar  7 10:56:59.041: dot11_auth_parse_client_pak: Received EAPOL packet from 08
    11.9650.8cb0
    *Mar  7 10:57:01.077: Client 0811.9650.8cb0 failed: reached maximum retries
    *Mar  7 10:57:08.997: %RADIUS-4-RADIUS_DEAD: RADIUS server 165.72.12.12:1812,181
    3 is not responding.
    *Mar  7 10:57:08.997: %RADIUS-4-RADIUS_ALIVE: RADIUS server 165.72.12.12:1812,18
    13 is being marked alive.
    *Mar  7 10:57:14.481: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
    *Mar  7 10:57:14.521: dot11_auth_parse_client_pak: Received EAPOL packet from 08
    11.9650.8cb0
    *Mar  7 10:57:44.521: %DOT11-7-AUTH_FAILED: Station 0811.9650.8cb0 Authenticatio
    n failed
    *Mar  7 10:57:44.801: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
    *Mar  7 10:57:44.829: dot11_auth_parse_client_pak: Received EAPOL packet from 08
    11.9650.8cb0
    *Mar  7 10:58:14.829: %DOT11-7-AUTH_FAILED: Station 0811.9650.8cb0 Authenticatio
    n failed
    *Mar  7 10:58:15.105: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
    *Mar  7 10:58:15.141: dot11_auth_parse_client_pak: Received EAPOL packet from 08
    11.9650.8cb0
    *Mar  7 10:58:45.141: %DOT11-7-AUTH_FAILED: Station 0811.9650.8cb0 Authenticatio
    n failed
    *Mar  7 10:58:45.425: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
    *Mar  7 10:58:45.449: dot11_auth_parse_client_pak: Received EAPOL packet from 08
    11.9650.8cb0
    *Mar  7 10:59:15.449: %DOT11-7-AUTH_FAILED: Station 0811.9650.8cb0 Authenticatio
    n failed
    *Mar  7 10:59:15.729: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
    *Mar  7 10:59:15.753: dot11_auth_parse_client_pak: Received EAPOL packet from 08
    11.9650.8cb0
    *Mar  7 10:59:45.753: %DOT11-7-AUTH_FAILED: Station 0811.9650.8cb0 Authenticatio
    n failed
    *Mar  7 10:59:46.009: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
    *Mar  7 10:59:46.037: dot11_auth_parse_client_pak: Received EAPOL packet from 08
    11.9650.8cb0
    *Mar  7 10:59:50.077: Client 0811.9650.8cb0 failed: reached maximum retries
    *Mar  7 10:59:50.349: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
    *Mar  7 10:59:50.373: dot11_auth_parse_client_pak: Received EAPOL packet from 08
    11.9650.8cb0
    *Mar  7 10:59:55.077: Client 0811.9650.8cb0 failed: reached maximum retries
    *Mar  7 10:59:55.341: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
    *Mar  7 10:59:55.361: dot11_auth_parse_client_pak: Received EAPOL packet from 08
    11.9650.8cb0
    *Mar  7 11:00:00.077: Client 0811.9650.8cb0 failed: reached maximum retries
    *Mar  7 11:00:00.333: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
    *Mar  7 11:00:00.357: dot11_auth_parse_client_pak: Received EAPOL packet from 08
    11.9650.8cb0
    *Mar  7 11:00:05.077: Client 0811.9650.8cb0 failed: reached maximum retries
    *Mar  7 11:00:05.341: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
    *Mar  7 11:00:05.365: dot11_auth_parse_client_pak: Received EAPOL packet from 08
    11.9650.8cb0
    *Mar  7 11:00:10.077: Client 0811.9650.8cb0 failed: reached maximum retries

    Kindly get verified the configuration and the compatibility if there is a mismatch. Please find the link below for more information on EAP-TLS functions in Access points and clients.
    http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_white_paper09186a008009256b.shtml#wp39110

  • Macbook clients cannot connect to Windows Server 2008 RRAS with L2TP/IPSec

    Hi everyone,
    I had installed "Remote and Routing Access" or a VPN server on Windows Server 2008. The connection type set up is L2TP/IPSec. All the Windows clients can connect to the L2TP/IPSec VPN server without problem but Macbook users are facing problem.
    The Macbook users got the error message "The L2TP-VPN server did not respond. Try reconnecting. If the problem continues, verify your settings and contact your Administrator."
    I think it is something related to the pre-shared key encryption but I am not sure. The Macbook users could connect if the connection type is changed to PPTP on server and clients side. I searched for similar problems and solutions online but no luck, I couldn't find solution that helps. I found this is a common problem faced by many macbook users.
    Does anyone have a solution or suggestion for this, please? I appreciate all the helps and suggestion given.
    Thanks,
    CK

    Hi,
    Thanks for the question, however, this forum is for Remote Desktop Clients related questions.
    Regarding the issue, as Windows clients can connect with no problem, I suspect that it is a Mac side issue and I would like to suggest you contact Apple support for help.
    Thanks.
    Jeremy Wu
    TechNet Community Support

  • Use Nokia N8 to Connect 802.1X WIFI through EAP-PE...

    I have read a lot of articles on this forum, and the conclusions i get are
    In Nokia System, if you would like to connect to a 802.1X wifi with EAP-PEAP, you MUST have the CA issued from your wifi AP.
    1. My question is, if the CA is necessary?
    2. If the CA is necessary, and I really can't get the CA, is there any method to connect EAP-PEAP wifi without the CA?
    Becuase I found, most system, like windows, iOS, adndroid they can tolerate the lack of CA, why Nokia's system insist this?

    Guys did you find a workaround this?
    Anyone know if this is addressed in the up coming update "Anna".
    I am really frustrated.

  • Trace db-activity of a windows client

    Hi,
    i a windows client which connects and works on a Oracle9 DB. How can I analyze best, what DB actions are beeing triggered, by single client actions, of course if don't have access to the client sources?
    I thought about auditing, but this trails the activities only per db-object, or per sql-type of statement, as far as I have read. Is there a method, whith which I can track all kinds of db activities? e.g. functions called, tables used etc.?

    Have you looked at SQL trace?
    Tuning guide:
    http://download.oracle.com/docs/cd/B10501_01/server.920/a96533/sqltrace.htm
    OTN article:
    http://www.oracle.com/technology/oramag/oracle/04-jan/o14tech_perf.html

  • Windows Client log to the Mac Os X Server ?

    Hello everybody
    I would like to create a network with Mac OS X Server. I have Windows PC's that would also be in the network.
    Does windows clients can connect to the Mac Server with a username and password ?
    Thank you.

    At the simplest, sure, Microsoft Windows clients can connect to OS X Server services with appropriate credentials.  Mail and file sharing, for instance. 
    Beyond password-based authentication, a more advanced configuration is probably not as simple nor as easy as you might want.   Windows clients really want to use Microsoft Active Directory here and Kerberos authentication probably won't get you where you want.   (This assuming that you can get the Windows clients to accept OS X Server Kerberos authentication.)  
    The usual approach for single sign-on in heterogeneous environments is the so-called Magic Triangle configuration with both Microsoft Active Directory running on a Windows Server and Open Directory running on OS X Server.   This involves the two domains communicating.  It might be easier to get OS X clients operating off Windows Server, particularly with the use of profiles in more recent versions.
    As an alternative to Windows Server, recent versions of the Samba server package include authentication services compatible with Active Directory, and you may be able to get your Windows clients to authenticate to that, and build that as part of a Magic Triangle configuration.  You'd need to download and configure the Samba server, and get the Samba AD support working.
    Related discussions and documentation here and here and maybe this thread.  There are other discussions.

  • WIndows 8.1 Direct Access Client Needs to approve external wifi use before it connects - proxy not responding

    Ok So I have windows 8.1 with Direct Access Client and it works fine when I am able to check and uncheck proxy settings - which is a bit of a pain and seems unnecessary (I hope). If I take the laptop to a Starbucks I get the error that the proxy server is
    not responding so it never redirects for me to "accept" the rules.
    If I uncheck my proxy settings it then redirects and connects to their internet wifi and off I go - DA connects and all is well.
    I am using a GPO to configure the proxy settings as shown (all options are greyed out for the users)

    Hi,
    Your problem is a classic one when using that kind of proxy settings, unfortunately.
    To solve this without the need of user interaction, there are two solutions that will sort this out for you. In your case, if you want to use your corporate connection for internet traffic even over da, I'd opt for alternative 1 or 2 depending on what you are
    trying to achieve.
    1. WPAD (Web Proxy Auto Discovery protocol http://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol) - it actually uses the Automatic browser configuration checkbox on your client and looks for the file wpad.dat on a specific web server that you Pointout
    with either dns-record called wpad or DHCP option 252.
    2. Auto configuration script (pac script http://en.wikipedia.org/wiki/Proxy_auto-config) - uses the same kind of file as above. The difference is that you get the possiblity, like you want in your scenario to target what users that should get the script.
    See this below article for more details on the options you have.
    http://technet.microsoft.com/en-us/library/dd361918.aspx
    http://techlib.barracuda.com/display/WSFLEXv41/How+to+Configure+Proxy+Settings+Using+Group+Policy+Management
    Let us know if you need further assistance!
    /Johan
    MCT | MCSE: Private Cloud/Server, Desktop Infrastructure

  • Windows 7 Pro Client loses connectivity to internal Win2k8 web server

    1. affected workstation are Optiplex 380 running Win 7 pro sp1 with broadcom NICs.
    2. Internal users use a internal webserver for customer invoicing application. Users lose connectivity to this internal web server, all other networking works, network shares, internet, etc. If I try to ping the webserver IP I get no reply. XP
    machines are not affected. Not a DHCP issue as there are plenty of IPs.
    3. I have tried different internal NICs (3com) but still had issue. I have upgraded BIOS, nic drivers. etc.
    4. I rebuilt one of the machines using Windows XP pro sp3 and have had no issue with that workstation.
    the problem started a few months or so ago. I have not been able to determine the source. I tried running wireshark but nothing stuck out. I have changed the session settings on the IIS server from 15 minutes to 6 hours but did not make a difference.
    5. Today when client lost connectivity to the server I tried pinging from the server back to the client and the connection was restored. This issue really has me confused as I cannot find anything in the logs that sticks out.

    Hello,
    Thank you for your question.
    I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.
    Thank you for your understanding and support.

  • Problem with connecting to free wifi after upgrading to Windows 8.1 from Windows 8

    Hi
    I had problems with connecting to free Wifi after upgrading my PC(Notebook) to Windows 8.1 from Windows 8. As I travel a lot within europe, I am used to being able to connect to Free Wifi(those that dont need a key or password to enter) but soon after downloading
    Windows 8.1 I almost never was able to do this. I'd always get «LIMITED» even though the signal was strong.This was so fustrating,so much so that I reset my PC to clear it of Windows 8.1 and am now back to Windows 8.This is a shame because I was really liking
    using Windows 8.1 and if not for this problem(which is a big one) I'd still be using it. If I download Windows 8.1 again from the Windows store what is the probability that I'll have the same problems?
    Thanks Portozzygirl

    More often than not when a device isn't working it is because the driver has become corrupted. Re-installing a fresh copy should help
    http://windows.microsoft.com/en-us/windows7/Update-a-driver-for-hardware-that-isnt-working-properly?SignedIn=1
    http://captaindbg.com/how-to-update-drivers-on-windows-7/   (works on win 8 too)
    Wanikiya and Dyami--Team Zigzag

  • 8.8 Client cannot connect to Windows Server 2008 error -1102

    SAP Business On 8.8 on PL 18
    This is not the first time I have had this issue with Windows Server 2008.
    however everytime the resolution was diffrent. Now this site is causing trouble.
    The issue is the client cannot connect. We have the log on window, can see the company list. type on the password and we get a -1102 error.
    The client on the Server itself can log on. It is the cleints that cannot.
    I checked these below.
    1 SQL Native client is installed and ok.
    2. Licence server is configured and ok
    3. The user has admin access to locl PC
    4. The SAP user name and password are correct ( client on server can connect fine )
    5. The ports 1433, 30000 and 30001 are open on the server.
    6. Through SQL server configuration the named pipes and TCP are enabled.
    7. SQL server browser is running
    The only things I have not tried are
    The Firewall is running on the server and I have not yet stopped it. Will try that tomorrow.
    Do you have any other ideas please ?

    I have got this working but I am not confidant of the outcome  - yet  - I really need your expert advise here.
    This is what I did. In that order.
    1.     As Owen suggested I checked if there was a specified Port for the instance.  What I found was TCP Dynamic  ports were enabled (  SQL server config manager | network configuration | tcp properties ) and there was no TCP port specified.  Assuming ( ai may be wrong) that the system assigns a dynamic port to this instance  I set it up so the Dynamic port does not happen and manually specified the Port  1433. Restarted the SQL Service. ( still having the Port 1433 open in the firewall). This did not solve the issue.
    2.     With the above setting still on, switched off the firewall. Went to the PC client and SAP can log on now.  Now keeping the SAP client running, switched on the Firewall on the server. Log off SAP on PC client and log back in ( with firewall off ). SAP now can log on.
    3.     I had to do the above step for all PCs to get them working.
    4. Currently the firewall is on and clients can connect
    So what could be happening? I have no clue. It is apparent there is some setting that gets saved within the PCs ( may be user profile) after the first log on with the Firewall off  - to say its safe ?
    However I have no idea what will happen if the server is restarted u2013 this server we cannot restart any time we want as itu2019s a critical server and runs other things. 
    I would still like to get to the bottom of this to understand what is happening.
    I have a SAP message running too and will ask them this same question.

  • Problem connect to a wifi network PEAP

    Hi
    Since OS 2.1 on my playbook, I cannot connect to my PEAP with MSCHAPV2.
    It was working on OS 2.0.
    I'm now using OS 2.1.0.1314 and the problem is still here.
    The playbook connect to the wifi, when I open a browser I must login with my user name, but this part doesn't work.
    I get a error "Network error'.
    When we use the appworld, a windows popup a little bit different that the other and it work when we use the same user and password.
    I can get you some screen shot if it will help you.
    Thanks

    Hi
    I try it and the problem is still here.
    When I go to browser I have this screen
    https://docs.google.com/open?id=0B7HzFnxiPS2PNlNxW​EV2bk8tMUk
    Then this error:
    https://docs.google.com/open?id=0B7HzFnxiPS2POERWX​zRjWENRaXc
    When I go to appworld I have this screen.
    https://docs.google.com/open?id=0B7HzFnxiPS2PRlc0V​3Q1bXUxSlk
    And it works

  • RV110W drops PPTP connections from a Windows client (MS CHAP v2 and MPPE)

    This might be a tough problem to diagnose. I am trying to setup an RV100W for an office gateway with VPN access using PPTP. The office is located in another state, so I'm trying to do a "dry run" from home by setting up the RV110W on the local network. That is, my home network is 192.168.0.0 and I have assigned the RV110W a static IP address of 192.168.0.120 on its WAN side and a DHCP NAT internal network of 192.168.1.0. Its LAN IP is 192.168.1.2 (because of legacy limitations, the 192.168.1.1 address will be reserved for another host on the actual office network) and I set up the PPTP server on 192.168.1.3 and clients in the 192.168.1.20 to 24 range. I have enabled MPPE encryption and NetBIOS over VPN (rather important to have).
    At first, I couldn't login at all. I had an underscore (_) in the user names (of which I have setup all five) and after I changed that, I was able to connect from a Windows 7 x64 host on the home LAN (192.168.0.132). I don't know if that was the problem as I got disconnected and reconnecting was a hit-or-miss - sometimes it would work, sometimes - it wouldn't. Below is the log from the session, showing the reasons for the disconnection. When I try to connect and it gets rejected, otherwise, the reason is the same: protocol not available.
    But, first - here's the kicker. I had the exact same experience earlier with a DD-WRT router. I thought the problem lied with the amateurish firmware and that's why I decided to get the Cisco, but it seems like this might not be the problem, after all. Here is that discussion for full details: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=149951&highlight= (to see all of the attached images and logs, you'll need an account). Briefly, with the same setup, I can establish a stable VPN connection from four Windows XP clients and one Windows 7 client, but I get the problems with two other Windows 7 clients. The Win7 clients that give me trouble can connect just fine to other PPTP VPN servers (with the built-in Microsoft PPTP client) and all three Win7 machines are clones of each other (only the hardware is different). No software firewalls, anti-virus/malware, user-permission limitations (e.g., UAC), or anything that could hamper the connections, are present on either machine.
    I don't see how the fact that the RV110W is on a LAN and not exposed to the Internet on its WAN side could cause any trouble, but even then - why some clients work fine and others - not? I would appreciate any help with this issue.
    Kamen
    This is the log from the session, showing the connection of the VPN client and then, not two minutes later, the disconnection.
    2012-02-22 21:44:40 RV110W daemon.info pptpd[4582]: CTRL: Client 192.168.0.132 control connection started
    2012-02-22 21:44:40 RV110W daemon.info pptpd[4582]: CTRL: Starting call (launching pppd, opening GRE)
    2012-02-22 21:44:40 RV110W daemon.notice pppd[4583]: pppd 2.4.5 started by (unknown), uid 0
    2012-02-22 21:44:40 RV110W daemon.debug pppd[4583]: using channel 2
    2012-02-22 21:44:40 RV110W daemon.info pppd[4583]: Using interface ppp0
    2012-02-22 21:44:40 RV110W daemon.notice pppd[4583]: Connect: ppp0 <--> /dev/pts/0
    2012-02-22 21:44:40 RV110W daemon.warning pppd[4583]: Warning - secret file /tmp/ppp/pap-secrets has world and/or group access
    2012-02-22 21:44:40 RV110W daemon.debug pppd[4583]: sent [LCP ConfReq id=0x1 <auth chap MS-v2> <magic 0x4269dad6>]
    2012-02-22 21:44:40 RV110W daemon.debug pppd[4583]: rcvd [LCP ConfReq id=0x0 <mru 1400> <magic 0x5eec49d5> <pcomp> <accomp> <callback CBCP>]
    2012-02-22 21:44:40 RV110W daemon.debug pppd[4583]: sent [LCP ConfRej id=0x0 <pcomp> <accomp> <callback CBCP>]
    2012-02-22 21:44:40 RV110W daemon.debug pppd[4583]: rcvd [LCP ConfAck id=0x1 <auth chap MS-v2> <magic 0x4269dad6>]
    2012-02-22 21:44:40 RV110W daemon.debug pppd[4583]: rcvd [LCP ConfReq id=0x1 <mru 1400> <magic 0x5eec49d5>]
    2012-02-22 21:44:40 RV110W daemon.debug pppd[4583]: sent [LCP ConfAck id=0x1 <mru 1400> <magic 0x5eec49d5>]
    2012-02-22 21:44:40 RV110W daemon.debug pppd[4583]: sent [LCP EchoReq id=0x0 magic=0x4269dad6]
    2012-02-22 21:44:40 RV110W daemon.debug pppd[4583]: sent [CHAP Challenge id=0xfb <454ee20916a665999fdaa66778e1c4c5>, name = \"RV110W\"]
    2012-02-22 21:44:40 RV110W daemon.debug pppd[4583]: rcvd [LCP Ident id=0x2 magic=0x5eec49d5 \"MSRASV5.20\"]
    2012-02-22 21:44:40 RV110W daemon.debug pppd[4583]: rcvd [LCP Ident id=0x3 magic=0x5eec49d5 \"MSRAS-0-SOFTWAREONE64\"]
    2012-02-22 21:44:40 RV110W daemon.debug pppd[4583]: rcvd [LCP Ident id=0x4 magic=0x5eec49d5 \"H\\37777777772\\37777777612\\37777777633F\\177\\37777777752J\\37777777640[\\377777776451\\37777777610\\\\Ob\"]
    2012-02-22 21:44:40 RV110W daemon.debug pppd[4583]: rcvd [LCP EchoRep id=0x0 magic=0x5eec49d5]
    2012-02-22 21:44:40 RV110W daemon.debug pppd[4583]: rcvd [CHAP Response id=0xfb <2aeb8dac876cbec7c23036952cfc270c00000000000000006f4cafa17228047ac82f26e47ae69eda8fe8650d5866e44b00>, name = \"sakor001\"]
    2012-02-22 21:44:40 RV110W daemon.warning pppd[4583]: Warning - secret file /tmp/ppp/chap-secrets has world and/or group access
    2012-02-22 21:44:40 RV110W daemon.debug pppd[4583]: sent [CHAP Success id=0xfb \"S=ACBA0BE9B8A98DDB757B234A1C69E9508DE169DE M=Access granted\"]
    2012-02-22 21:44:40 RV110W daemon.debug pppd[4583]: Script /tmp/ppp/auth-up started (pid 4587)
    2012-02-22 21:44:40 RV110W daemon.debug pppd[4583]: sent [CCP ConfReq id=0x1 <mppe +H -M +S +L -D -C>]
    2012-02-22 21:44:40 RV110W daemon.debug pppd[4583]: Script /tmp/ppp/auth-up finished (pid 4587), status = 0x16
    2012-02-22 21:44:40 RV110W daemon.debug pppd[4583]: rcvd [CCP ConfReq id=0x5 <mppe +H -M +S -L -D -C>]
    2012-02-22 21:44:40 RV110W daemon.debug pppd[4583]: sent [CCP ConfAck id=0x5 <mppe +H -M +S -L -D -C>]
    2012-02-22 21:44:40 RV110W daemon.debug pppd[4583]: rcvd [IPCP ConfReq id=0x6 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-wins 0.0.0.0> <ms-dns2 0.0.0.0> <ms-wins 0.0.0.0>]
    2012-02-22 21:44:40 RV110W daemon.debug pppd[4583]: sent [IPCP TermAck id=0x6]
    2012-02-22 21:44:40 RV110W daemon.debug pppd[4583]: rcvd [CCP ConfNak id=0x1 <mppe +H -M +S -L -D -C>]
    2012-02-22 21:44:40 RV110W daemon.debug pppd[4583]: sent [CCP ConfReq id=0x2 <mppe +H -M +S -L -D -C>]
    2012-02-22 21:44:40 RV110W daemon.debug pppd[4583]: rcvd [CCP ConfAck id=0x2 <mppe +H -M +S -L -D -C>]
    2012-02-22 21:44:40 RV110W daemon.notice pppd[4583]: MPPE 128-bit stateless compression enabled
    2012-02-22 21:44:40 RV110W daemon.debug pppd[4583]: sent [IPCP ConfReq id=0x1 <addr 192.168.1.3>]
    2012-02-22 21:44:40 RV110W daemon.debug pppd[4583]: rcvd [IPCP ConfAck id=0x1 <addr 192.168.1.3>]
    2012-02-22 21:44:42 RV110W daemon.debug pppd[4583]: rcvd [IPCP ConfReq id=0x7 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-wins 0.0.0.0> <ms-dns2 0.0.0.0> <ms-wins 0.0.0.0>]
    2012-02-22 21:44:42 RV110W daemon.debug pppd[4583]: sent [IPCP ConfRej id=0x7 <ms-wins 0.0.0.0> <ms-wins 0.0.0.0>]
    2012-02-22 21:44:42 RV110W daemon.debug pppd[4583]: rcvd [IPCP ConfReq id=0x8 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns2 0.0.0.0>]
    2012-02-22 21:44:42 RV110W daemon.debug pppd[4583]: sent [IPCP ConfNak id=0x8 <addr 192.168.1.20> <ms-dns1 216.165.129.157> <ms-dns2 216.170.153.146>]
    2012-02-22 21:44:42 RV110W daemon.debug pppd[4583]: rcvd [IPCP ConfReq id=0x9 <addr 192.168.1.20> <ms-dns1 216.165.129.157> <ms-dns2 216.170.153.146>]
    2012-02-22 21:44:42 RV110W daemon.debug pppd[4583]: sent [IPCP ConfAck id=0x9 <addr 192.168.1.20> <ms-dns1 216.165.129.157> <ms-dns2 216.170.153.146>]
    2012-02-22 21:44:42 RV110W daemon.notice pppd[4583]: local  IP address 192.168.1.3
    2012-02-22 21:44:42 RV110W daemon.notice pppd[4583]: remote IP address 192.168.1.20
    2012-02-22 21:44:42 RV110W daemon.debug pppd[4583]: Script /tmp/ppp/ip-up started (pid 4661)
    2012-02-22 21:44:42 RV110W daemon.debug pppd[4583]: Script /tmp/ppp/ip-up finished (pid 4661), status = 0x0
    2012-02-22 21:44:42 RV110W user.debug syslog: Nbsrelay start (pid= 4678)
    2012-02-22 21:46:10 RV110W daemon.notice pppd[4583]: Modem hangup
    2012-02-22 21:46:10 RV110W daemon.debug pppd[4583]: Script /tmp/ppp/auth-down started (pid 4858)
    2012-02-22 21:46:10 RV110W daemon.info pppd[4583]: Connect time 1.5 minutes.
    2012-02-22 21:46:10 RV110W daemon.info pppd[4583]: Sent 10404 bytes, received 17264 bytes.
    2012-02-22 21:46:10 RV110W daemon.debug pppd[4583]: Script /tmp/ppp/ip-down started (pid 4861)
    2012-02-22 21:46:10 RV110W daemon.err pppd[4583]: MPPE disabled
    2012-02-22 21:46:10 RV110W daemon.debug pppd[4583]: sent [LCP TermReq id=0x2 \"MPPE disabled\"]
    2012-02-22 21:46:10 RV110W daemon.notice pppd[4583]: Connection terminated.
    2012-02-22 21:46:10 RV110W daemon.debug pppd[4583]: Script /tmp/ppp/auth-down finished (pid 4858), status = 0x16
    2012-02-22 21:46:10 RV110W daemon.debug pppd[4583]: Waiting for 1 child processes...
    2012-02-22 21:46:10 RV110W daemon.debug pppd[4583]:   script /tmp/ppp/ip-down, pid 4861
    2012-02-22 21:46:10 RV110W daemon.debug pppd[4583]: Script /tmp/ppp/ip-down finished (pid 4861), status = 0x0
    2012-02-22 21:46:10 RV110W daemon.info pppd[4583]: Exit.
    2012-02-22 21:46:10 RV110W daemon.err pptpd[4582]: GRE: read(fd=11,buffer=449be4,len=8260) from network failed: status = -1 error = Protocol not available
    2012-02-22 21:46:10 RV110W daemon.err pptpd[4582]: CTRL: GRE read or PTY write failed (gre,pty)=(11,10)
    2012-02-22 21:46:10 RV110W daemon.debug pptpd[4582]: CTRL: Reaping child PPP[4583]
    2012-02-22 21:46:10 RV110W daemon.info pptpd[4582]: CTRL: Client 192.168.0.132 control connection finished

    Update: things are getting even weirder. In short - it seems to be working now (on the next day) without anything changing. First thing I did was just try another desperate tweak - I disabled the LCP extensions on the Windows client, which I've done before. It connected and stayed that way. Then, I reverted that setting back to exactly how it was before and connected again - no problems: it stayed connected for an hour (before I disconnected so I can connect to the real VPN), I could access a test-PC on the private network (a single machine just for the test) and do different tasks (resolve host names, browse UNC paths, copy files, Remote Desktop to it, etc.)
    I hate it when things happen, for which there is no explanation. I couldn't be confident sending this to the main office to replace the existing router (hardware) and VPN server (implemented in software on a Windows 2003 server). Any thoughts?
    Kamen
    P.S. I'm attaching the logs from the successful session in case someone wants to compare them, but they seems quite identical (some different ConfAck / ConfNak  sequences, but that doesn't seem to make much difference).
    2012-02-23 10:01:26 RV110W daemon.info pptpd[944]: CTRL: Client 192.168.0.132 control connection started
    2012-02-23 10:01:26 RV110W daemon.info pptpd[944]: CTRL: Starting call (launching pppd, opening GRE)
    2012-02-23 10:01:26 RV110W daemon.notice pppd[946]: pppd 2.4.5 started by (unknown), uid 0
    2012-02-23 10:01:26 RV110W daemon.debug pppd[946]: using channel 5
    2012-02-23 10:01:26 RV110W daemon.info pppd[946]: Using interface ppp0
    2012-02-23 10:01:26 RV110W daemon.notice pppd[946]: Connect: ppp0 <--> /dev/pts/0
    2012-02-23 10:01:26 RV110W daemon.warning pppd[946]: Warning - secret file /tmp/ppp/pap-secrets has world and/or group access
    2012-02-23 10:01:26 RV110W daemon.debug pppd[946]: sent [LCP ConfReq id=0x1 ]
    2012-02-23 10:01:26 RV110W daemon.debug pppd[946]: rcvd [LCP ConfReq id=0x0 ]
    2012-02-23 10:01:26 RV110W daemon.debug pppd[946]: sent [LCP ConfRej id=0x0 ]
    2012-02-23 10:01:26 RV110W daemon.debug pppd[946]: rcvd [LCP ConfAck id=0x1 ]
    2012-02-23 10:01:26 RV110W daemon.debug pppd[946]: rcvd [LCP ConfReq id=0x1 ]
    2012-02-23 10:01:26 RV110W daemon.debug pppd[946]: sent [LCP ConfAck id=0x1 ]
    2012-02-23 10:01:26 RV110W daemon.debug pppd[946]: sent [LCP EchoReq id=0x0 magic=0x11372b0b]
    2012-02-23 10:01:26 RV110W daemon.debug pppd[946]: sent [CHAP Challenge id=0x66 <74f93b7b6de315aaaac930f984c219e4>, name = \"RV110W\"]
    2012-02-23 10:01:26 RV110W daemon.debug pppd[946]: rcvd [LCP Ident id=0x2 magic=0x67c80cba \"MSRASV5.20\"]
    2012-02-23 10:01:26 RV110W daemon.debug pppd[946]: rcvd [LCP Ident id=0x3 magic=0x67c80cba \"MSRAS-0-SOFTWAREONE64\"]
    2012-02-23 10:01:26 RV110W daemon.debug pppd[946]: rcvd [LCP Ident id=0x4 magic=0x67c80cba \"
    \\37777777675\\027\\37777777665\\004\\37777777635\\37777777677@H\\37777777633~\\37777777775\\021\\tFQ(\
    2012-02-23 10:01:26 RV110W daemon.debug pppd[946]: rcvd [LCP EchoRep id=0x0 magic=0x67c80cba]
    2012-02-23 10:01:26 RV110W daemon.debug pppd[946]: rcvd [CHAP Response id=0x66 <2f0330cb61ba1c8e29324410e0df24d3000000000000000025d1ef07d4cd82beaa93fe36ccc1e863b2652087eb02c39400>, name = \"sakor001\"]
    2012-02-23 10:01:26 RV110W daemon.warning pppd[946]: Warning - secret file /tmp/ppp/chap-secrets has world and/or group access
    2012-02-23 10:01:26 RV110W daemon.debug pppd[946]: sent [CHAP Success id=0x66 \"S=9A5FB4C8B7C633FD6DEB868E150D0511BD93E0B4 M=Access granted\"]
    2012-02-23 10:01:26 RV110W daemon.debug pppd[946]: Script /tmp/ppp/auth-up started (pid 949)
    2012-02-23 10:01:26 RV110W daemon.debug pppd[946]: sent [CCP ConfReq id=0x1 ]
    2012-02-23 10:01:26 RV110W daemon.debug pppd[946]: Script /tmp/ppp/auth-up finished (pid 949), status = 0x16
    2012-02-23 10:01:26 RV110W daemon.debug pppd[946]: rcvd [CCP ConfReq id=0x5 ]
    2012-02-23 10:01:26 RV110W daemon.debug pppd[946]: sent [CCP ConfNak id=0x5 ]
    2012-02-23 10:01:26 RV110W daemon.debug pppd[946]: rcvd [IPCP ConfReq id=0x6 ]
    2012-02-23 10:01:26 RV110W daemon.debug pppd[946]: sent [IPCP TermAck id=0x6]
    2012-02-23 10:01:26 RV110W daemon.debug pppd[946]: rcvd [CCP ConfNak id=0x1 ]
    2012-02-23 10:01:26 RV110W daemon.debug pppd[946]: sent [CCP ConfReq id=0x2 ]
    2012-02-23 10:01:26 RV110W daemon.debug pppd[946]: rcvd [CCP ConfReq id=0x7 ]
    2012-02-23 10:01:26 RV110W daemon.debug pppd[946]: sent [CCP ConfAck id=0x7 ]
    2012-02-23 10:01:26 RV110W daemon.debug pppd[946]: rcvd [CCP ConfAck id=0x2 ]
    2012-02-23 10:01:26 RV110W daemon.notice pppd[946]: MPPE 128-bit stateless compression enabled
    2012-02-23 10:01:26 RV110W daemon.debug pppd[946]: sent [IPCP ConfReq id=0x1 ]
    2012-02-23 10:01:26 RV110W daemon.debug pppd[946]: rcvd [IPCP ConfAck id=0x1 ]
    2012-02-23 10:01:28 RV110W daemon.debug pppd[946]: rcvd [IPCP ConfReq id=0x8 ]
    2012-02-23 10:01:28 RV110W daemon.debug pppd[946]: sent [IPCP ConfRej id=0x8 ]
    2012-02-23 10:01:28 RV110W daemon.debug pppd[946]: rcvd [IPCP ConfReq id=0x9 ]
    2012-02-23 10:01:28 RV110W daemon.debug pppd[946]: sent [IPCP ConfNak id=0x9 ]
    2012-02-23 10:01:28 RV110W daemon.debug pppd[946]: rcvd [IPCP ConfReq id=0xa ]
    2012-02-23 10:01:28 RV110W daemon.debug pppd[946]: sent [IPCP ConfAck id=0xa ]
    2012-02-23 10:01:28 RV110W daemon.notice pppd[946]: local  IP address 192.168.1.3
    2012-02-23 10:01:28 RV110W daemon.notice pppd[946]: remote IP address 192.168.1.20
    2012-02-23 10:01:28 RV110W daemon.debug pppd[946]: Script /tmp/ppp/ip-up started (pid 1028)
    2012-02-23 10:01:28 RV110W daemon.debug pppd[946]: Script /tmp/ppp/ip-up finished (pid 1028), status = 0x0
    2012-02-23 10:01:28 RV110W user.debug syslog: Nbsrelay start (pid= 1040)
    2012-02-23 10:17:56 RV110W daemon.err pptpd[944]: GRE: Bad checksum from pppd.
    2012-02-23 10:31:51 RV110W daemon.info udhcpd[807]: received INFORM from 00:13:46:E6:D3:FA
    2012-02-23 10:48:20 RV110W daemon.info httpd[376]: Administrator session timeout.
    2012-02-23 10:48:27 RV110W daemon.info httpd[376]: Administrator logined from 192.168.0.132
    2012-02-23 10:52:50 RV110W daemon.info udhcpd[807]: received INFORM from 00:26:F2:B7:49:42
    2012-02-23 10:58:49 RV110W daemon.debug pppd[946]: rcvd [LCP TermReq id=0xb \"g\\37777777710\\014\\37777777672\\000<
    \\37777777715t\\000\\000\\000\\000\
    2012-02-23 10:58:49 RV110W daemon.info pppd[946]: LCP terminated by peer (gM-H^LM-:^@
    2012-02-23 10:58:49 RV110W daemon.debug pppd[946]: Script /tmp/ppp/auth-down started (pid 6011)
    2012-02-23 10:58:49 RV110W daemon.info pppd[946]: Connect time 57.4 minutes.
    2012-02-23 10:58:49 RV110W daemon.info pppd[946]: Sent 272072987 bytes, received 6264878 bytes.
    2012-02-23 10:58:49 RV110W daemon.debug pppd[946]: Script /tmp/ppp/ip-down started (pid 6015)
    2012-02-23 10:58:49 RV110W daemon.debug pppd[946]: sent [LCP TermAck id=0xb]
    2012-02-23 10:58:49 RV110W daemon.debug pppd[946]: Script /tmp/ppp/auth-down finished (pid 6011), status = 0x16
    2012-02-23 10:58:49 RV110W daemon.notice pppd[946]: Modem hangup
    2012-02-23 10:58:49 RV110W daemon.notice pppd[946]: Connection terminated.
    2012-02-23 10:58:49 RV110W daemon.debug pppd[946]: Waiting for 1 child processes...
    2012-02-23 10:58:49 RV110W daemon.debug pppd[946]:   script /tmp/ppp/ip-down, pid 6015
    2012-02-23 10:58:49 RV110W daemon.debug pppd[946]: Script /tmp/ppp/ip-down finished (pid 6015), status = 0x0
    2012-02-23 10:58:49 RV110W daemon.info pppd[946]: Exit.
    2012-02-23 10:58:49 RV110W daemon.debug pptpd[944]: CTRL: Reaping child PPP[946]
    2012-02-23 10:58:49 RV110W daemon.info pptpd[944]: CTRL: Client 192.168.0.132 control connection finished

Maybe you are looking for

  • Says I already have flash player installed but I don't?

    Trying to download the latest flashplayer, but when I get to 66% it tells me I already have it installed although I've uninstalled it from my c drive, any experience of this, or help you can offer? Thanks, Terry

  • Ant big compile problem

    In our company we create business application which is made from 3 projects and they are related to each other. This 3 projects are: Model ModelIRC200 View Example of problem: ircbutton.java has this lines package irc.irc2000.ircSwing.komponente; imp

  • Time machine with spotlight does not seem to work

    I created a text document with Pages. The text: This is a test for time machine. I saved the document in 1 folder as a pages doc, MS Word doc, and rtf. I gave each document a different name, so only the contents was the same. After 5 hours I deleted

  • Magic Mouse stopped right clicking right after 10.8.4 update

    My computer just performed the latest update to OS 10.8.4 and now my "Magic Mouse" won't right click, even though right click says it's enabled.  Please help!

  • OWSM 11g file based authentication

    Hi, I have to secure a service using the username and password present in file. I'll have to use a file based authentication mechanism. As OWSM 11g doesnt have the gateway, can i achieve this functionality with OWSM 11g agent ? Thanks