Hi all,
Hope someone can help before I either go grey or bald trying to figure this out.
Remote Web Access and VPN were all working fine until Monday just gone.
Nothing changed on server or Sonicwall Firewall.
Have checked Firewall and everything is OK there (ports 80 and 443 allowed).
Have tried doing the old "repair wizard" on the Essentials server but it fails.
DHCP and DNS both running on the Essentials server.
Not sure where to begin??
Remote Web Access is working OK though i.e. companyname.remotewebaccess.com.
VPN connects but does not allow access to shares and gives the error "An error occurred while reconnecting to \\servername\shared folders\company\folder name. Microsoft WIndows Network: The network path was not found."
Can anyone suggest some things to try?
I was thinking perhaps removing DNS and DHCP from the Essentials server and re-adding them?
No, do not attempt to remove DNS from your server because it will brick it. Try to add DNS suffix for your local domain in the IPv4 settings of the VPN connection, see screenshot.
Let me know if that helped and if it does not post an ipconfig /all from that client and possibly also from the server?
Hi Mariette,
OK, i've tried this on my home laptop but even though it says connected (to the VPN) it also says no internet connection...
==============================My home laptop (whilst connected to VPN) ipconfig /all==============================
Windows IP Configuration
Host Name . . . . . . . . . . . . : FluxZenbook Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : abriox.local Home
Wireless LAN adapter Local Area Connection* 1:
Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter Physical Address. . . . . . . . . : 5C-51-4F-28-48-F9 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Local Area Connection* 11:
Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #2 Physical Address. . . . . . . . . : 5E-51-4F-28-48-F8 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes
PPP adapter Abriox:
Connection-specific DNS Suffix . : abriox.local Description . . . . . . . . . . . : Abriox Physical Address. . . . . . . . . : DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 169.254.0.91(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.255 Default Gateway . . . . . . . . . : 0.0.0.0 NetBIOS over Tcpip. . . . . . . . : Enabled
Wireless LAN adapter WiFi:
Connection-specific DNS Suffix . : Home Description . . . . . . . . . . . : Intel(R) Dual Band Wireless-AC 7260 Physical Address. . . . . . . . . : 5C-51-4F-28-48-F8 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2a02:c7f:8adc:d200:adce:cb43:60f1:3107(Preferred) IPv6 Address. . . . . . . . . . . : fda1:6dd2:d92:0:adce:cb43:60f1:3107(Preferred) Temporary IPv6 Address. . . . . . : 2a02:c7f:8adc:d200:4527:ede1:b136:f3f8(Preferred) Temporary IPv6 Address. . . . . . : fda1:6dd2:d92:0:453:ef81:58f7:4401(Preferred) Link-local IPv6 Address . . . . . : fe80::adce:cb43:60f1:3107%2(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.0.54(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : 21 January 2020 12:34:19 Lease Expires . . . . . . . . . . : 22 January 2020 23:42:31 Default Gateway . . . . . . . . . : fe80::c23e:fff:fe71:ecc8%2 192.168.0.1 DHCP Server . . . . . . . . . . . : 192.168.0.1 DHCPv6 IAID . . . . . . . . . . . : 39604559 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-22-14-04-98-5C-51-4F-28-48-F8 DNS Servers . . . . . . . . . . . : fda1:6dd2:d92:0:c23e:fff:fe71:ecc8 192.168.0.1 NetBIOS over Tcpip. . . . . . . . : Enabled
==============================My Office Server ipconfig /all==============================
Microsoft Windows [Version 6.3.9600] (c) 2013 Microsoft Corporation. All rights reserved.
C:\Users\Admin>ipconfig /all
Host Name . . . . . . . . . . . . : SERVERFS Primary Dns Suffix . . . . . . . : ABRIOX.local Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : Yes WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : ABRIOX.local local
PPP adapter RAS (Dial In) Interface:
Connection-specific DNS Suffix . : Description . . . . . . . . . . . : RAS (Dial In) Interface Physical Address. . . . . . . . . : DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 169.254.0.82(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.255 Default Gateway . . . . . . . . . : NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . : local Description . . . . . . . . . . . : iDRAC Virtual NIC USB Device #2 Physical Address. . . . . . . . . : 10-98-36-A3-30-3C DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 169.254.0.2(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : 20 January 2020 18:04:18 Lease Expires . . . . . . . . . . : 30 January 2020 18:04:19 Default Gateway . . . . . . . . . : DHCP Server . . . . . . . . . . . : 169.254.0.1 NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter NIC1:
Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet #2 Physical Address. . . . . . . . . : 10-98-36-A3-30-39 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 192.168.0.7(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.0.3 DNS Servers . . . . . . . . . . . : 192.168.0.3 127.0.0.1 NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{A15DDB5C-B11B-419C-AD75-A9FE87646964}:
Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{6E06F030-7526-11D2-BAF4-00600815A4BD}:
Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.local:
Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : local Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes
Hello Steve,
Your Home network is at 192.168.0.x/24 but your office network is that also, the server runs at 192.168.0.7. This means that any attempt to build a VPN connection to your server from home will fail. You need to change the network at home to something else like 192.168.10.0/24
Then there is a mistake in your DNS settings on the server. It has currently set 192.168.0.3 and 127.0.0.1. That 192.168.0.3 is your gateway and probably a router that also does DNS. On a domain joined device (like a server or a client) you should never have anything else then AD integrated DNS servers. Pls, remove the 192.168.0.3 and only have 127.0.0.1 listed if this is your only domain controller!
Thank you for your help, much appreciated :)
Yes, we only have the one windows server (running essentials 2012 r2) so there are no other servers.
The windows server does all the DNS and DHCP.
I'm curious as to what the IPv4 Addresses 169.254.x.x are? From what I've gathered these are related to DHCP?
Steve,
Those 169.254 are so called APIPA - Automatic Private IP Addressing. It is normal behavior when that adapter cannot find a DHCP server. That Idrac adapter on your server is a good example. It is probably not connect to any switch or network and if you don't use iDrac you might as well disable that adapter.
Your PPP adapter Abriox (the one that does the VPN) also does not get an IP address and that is not good but as soon as you make the changes on your home network I bet it will work and if it does not we will fix that.
I do use the iDRAC and it is connected to the switch. Looking at the Ethernet properties for this it's set to obtain an IP and DNS automatically.
Looking at the Server NIC1 properties I currently have:
IP Address: 192.168.0.7
Subnet 255.255.255.0
Default Gateway 192.168.0.3 (this is our firewall/modem)
Preferred DNS Server: 192.168.0.3
Alternative DNS Server: 127.0.0.1
Should I remove the 192.168.0.3 and replace with the 127.0.0.1 in that case?
Then leave the Alternative empty?
Apologies for the confusion. It's been ages since I set this all up.
Yes, the Preferred DNS server IP address should be set to 127.0.0.1. See screenshot.
Ah brilliant, will try this when I'm back in the office :)
Will this fix those 169.254 issues as well?
Also, does this explain why the "repair" remote access wizard fails?
Thanks
Steve
Okaaaaaay,
So, I managed to make those changes but it didn't help, vpn still failing as is the repair remote access wizard.
Thought it may be some corruption in the essentials side of things as i suddenly couldn't open the essentials dashboard... strange but true.
I thought removing and reinstalling the essentials server role may fix this but having removed and reinstalled (via add roles and features) I now get an error saying "issue detected" - Certification Authority has been installed on this server". when trying to configure essentials.
I've taken a backup of the CA using the CA snap in.
Should I now remove Certification Authority Web Enrollment, then remove Certification Authority.
Once server is restarted, try the essentials configuration again (as this should recreate the CA's etc...)
Once thats done, import the old certificates using the backup?
Does that make sense? Sorry, it's been an incredibly long day :(
I don't want to have to re-run the connector app on each client but am worried this is ultimately a borked server and I may have to either try a restore (from windows backup) or worst case, a rebuild.
I wish you would have told me that the Access Anywhere wizard failed because that makes VPN to fail. Now that you have uninstalled the Essentials Experience role you also need to remove the CA before you can do a reinstall. Yes, you need to run the connector again on your clients.
Try the above and if the Access Anywhere wizard fails again add 'NT SERVICE\ALL SERVICES' to 'Logon as a Service' in the Default Domain Controller policy and reboot the server. After that run the Access Anywhere wizard.
The current status is:
I've already removed the essentials feature and re-added it (Note: I didn't realise you had to remove the CA features first, my bad)
If I try to open Dashboard now I get "you cannot open Dashboard until the Windows Server Essentials configuration is complete".
If I try to run "Configure Windows Server Essentials" I get "Issues detected - Certification Authority has been installed on this server"
Choice 1: Should I now:
1) Re-remove the "Essentials" role
Reboot server
2) Remove "Certification Authority Web Enrolment", then remove "Certification Authority" roles (I have a backup of these)
3) Reinstall Essentials role
4) Run "Configure Windows Server Essentials"
5) Import CA's
6) Ensure Anywhere Access wizard runs successfully
7) Rerun Connector on all clients
Choice 2: Can I just:
A) Remove "Certification Authority Web Enrolment", then remove "Certification Authority" roles
B) Run "Configure Windows Server Essentials"
C) Ensure Anywhere Access wizard runs successfully
D) Rerun Connector on all clients
Choice 3: Say balls to it and try a system restore using the backup made from the Windows Server Backup
I would do #2
Good morning Mariette,
I plan to try option 2 this afternoon as suggested.
Are there any additional steps I need to do before or afterwards at all?
I.e. will all users and computers remain active etc. or will I have to recreate etc.?
All users and computers remain in your domain. Not one object will be removed except of the WSE related objects but that is OK. Do not attempt to unjoin any of your computers from the domain because that is not needed. Once the Essentials Experience role is installed again you need to rerun the Connector software on those clients to bring the computer accounts into the Essentials Dashboard.
The other part is the VPN issue. You need to add NT Service\ALL SERVICES to 'Logon as a Service' in your Default Domain Controllers and reboot the server. After that run the Access Anywhere wizard.
Your browser doesn't have Flash, Silverlight or HTML5 support.