Discussion:
Two servers can't communicate over VPN
(too old to reply)
Rollie
2007-10-23 14:22:01 UTC
Permalink
I'm having trouble with two specific servers and I'm totally stumped. They
are connected via a VPN like everything else at these sites. Neither have
firewalls running. One is a DC the other is a member server. Both host DFS
roots, one of which they have in common. Both run Windows Server 2003.

These two servers cannot communicate at all. Both can ping everything else
and everything else can ping them but neither are communicating at all. I'm
not sure when this started because the DFS replication occurs through other
mesh links and I never noticed.

Since they don't communicate at all, it seems like a network issue. But
since both work with everything else, I don't know what else to try. Both
are resolving to the correct IP addresses, there are no HOSTS file entries,
and as I mentioned there are no firewalls involved.

Any ideas what to try next?
Robert L (MS-MVP)
2007-10-23 14:34:18 UTC
Permalink
Do you receive any system error if you do net view \\remoteserveripaddress?
--
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com
Post by Rollie
I'm having trouble with two specific servers and I'm totally stumped.
They
are connected via a VPN like everything else at these sites. Neither have
firewalls running. One is a DC the other is a member server. Both host DFS
roots, one of which they have in common. Both run Windows Server 2003.
These two servers cannot communicate at all. Both can ping everything else
and everything else can ping them but neither are communicating at all.
I'm
not sure when this started because the DFS replication occurs through other
mesh links and I never noticed.
Since they don't communicate at all, it seems like a network issue. But
since both work with everything else, I don't know what else to try. Both
are resolving to the correct IP addresses, there are no HOSTS file entries,
and as I mentioned there are no firewalls involved.
Any ideas what to try next?
Rollie
2007-10-23 14:45:01 UTC
Permalink
Yes, system error 53.
Post by Robert L (MS-MVP)
Do you receive any system error if you do net view \\remoteserveripaddress?
--
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com
Post by Rollie
I'm having trouble with two specific servers and I'm totally stumped.
They
are connected via a VPN like everything else at these sites. Neither have
firewalls running. One is a DC the other is a member server. Both host DFS
roots, one of which they have in common. Both run Windows Server 2003.
These two servers cannot communicate at all. Both can ping everything else
and everything else can ping them but neither are communicating at all.
I'm
not sure when this started because the DFS replication occurs through other
mesh links and I never noticed.
Since they don't communicate at all, it seems like a network issue. But
since both work with everything else, I don't know what else to try. Both
are resolving to the correct IP addresses, there are no HOSTS file entries,
and as I mentioned there are no firewalls involved.
Any ideas what to try next?
Robert L (MS-MVP)
2007-10-23 18:20:24 UTC
Permalink
In many cases, system error 53 is firewall or name resolution issue. Since
net view ip has the same error, I would focus on firewall. Can you ping the
remote server by IP? If yes, can you telnet port 135?
--
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com
Post by Rollie
Yes, system error 53.
Post by Robert L (MS-MVP)
Do you receive any system error if you do net view
\\remoteserveripaddress?
--
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com
Post by Rollie
I'm having trouble with two specific servers and I'm totally stumped.
They
are connected via a VPN like everything else at these sites. Neither have
firewalls running. One is a DC the other is a member server. Both
host
DFS
roots, one of which they have in common. Both run Windows Server 2003.
These two servers cannot communicate at all. Both can ping everything else
and everything else can ping them but neither are communicating at all.
I'm
not sure when this started because the DFS replication occurs through other
mesh links and I never noticed.
Since they don't communicate at all, it seems like a network issue.
But
since both work with everything else, I don't know what else to try.
Both
are resolving to the correct IP addresses, there are no HOSTS file entries,
and as I mentioned there are no firewalls involved.
Any ideas what to try next?
Rollie
2007-10-23 20:33:03 UTC
Permalink
No, neither server can telnet to port 135 on the other machine. They can
both telnet to 135 on machines on the remote subnets, though.

This made me think perhaps it was a weird ARP issue. Cleared the ARP caches
and no change.

I ran "netstat -an | findstr remoteipaddress" on each server. On the member
server, I got nothing. On the DC, it said SYN_SENT to ports 139 and 445 on
the member server. I don't know if that helps or not but it makes me lean
towards the member server is at fault.

Other than that, I suppose it could be one of the VPN servers. It's a
net-to-net connection though and nothing else is having trouble so I don't
really know what it would be that would be this specific.
Post by Robert L (MS-MVP)
In many cases, system error 53 is firewall or name resolution issue. Since
net view ip has the same error, I would focus on firewall. Can you ping the
remote server by IP? If yes, can you telnet port 135?
MMT
2007-11-21 13:14:00 UTC
Permalink
Have you or anyone else found a solution to this problem since the last post?
Post by Rollie
No, neither server can telnet to port 135 on the other machine. They can
both telnet to 135 on machines on the remote subnets, though.
This made me think perhaps it was a weird ARP issue. Cleared the ARP caches
and no change.
I ran "netstat -an | findstr remoteipaddress" on each server. On the member
server, I got nothing. On the DC, it said SYN_SENT to ports 139 and 445 on
the member server. I don't know if that helps or not but it makes me lean
towards the member server is at fault.
Other than that, I suppose it could be one of the VPN servers. It's a
net-to-net connection though and nothing else is having trouble so I don't
really know what it would be that would be this specific.
Post by Robert L (MS-MVP)
In many cases, system error 53 is firewall or name resolution issue. Since
net view ip has the same error, I would focus on firewall. Can you ping the
remote server by IP? If yes, can you telnet port 135?
Rollie
2007-11-21 13:32:01 UTC
Permalink
Well, yes and no. :)

Since nothing was adding up, I kept thinking it had to be some sort of ARP
or ethernet weirdness. I cleared ARP caches, restarted all switches,
restarted the VPN connections (IPSec), restarted all IPSec services on the
routers, and no change. When a scheduled down-time came up last weekend, I
restarted the remote VPN server/router and that did the trick.

So I'm still guessing it's some sort of ARPish issue. Unfortunately, I
couldn't find the actual issue so I'll have to chalk it up to black magic.
Post by MMT
Have you or anyone else found a solution to this problem since the last post?
Post by Rollie
No, neither server can telnet to port 135 on the other machine. They can
both telnet to 135 on machines on the remote subnets, though.
This made me think perhaps it was a weird ARP issue. Cleared the ARP caches
and no change.
I ran "netstat -an | findstr remoteipaddress" on each server. On the member
server, I got nothing. On the DC, it said SYN_SENT to ports 139 and 445 on
the member server. I don't know if that helps or not but it makes me lean
towards the member server is at fault.
Other than that, I suppose it could be one of the VPN servers. It's a
net-to-net connection though and nothing else is having trouble so I don't
really know what it would be that would be this specific.
Post by Robert L (MS-MVP)
In many cases, system error 53 is firewall or name resolution issue. Since
net view ip has the same error, I would focus on firewall. Can you ping the
remote server by IP? If yes, can you telnet port 135?
Continue reading on narkive:
Loading...