Remote Desktop, Remote Assistance, Remote Connection and in general Remote Access is one of the most common IT problems in customer support service area. you can find step-by-step guide to fix and repair your remote access issues in following:
1- Reset the service: Takes everything back to default (Removes all configurations and registry settings but it does not want to remove your remote access policies)
2- For resource access problems: Are your users able to connect but they do not have access on resources?
a. Be sure routing is configured on the remote access server (Enable IP routing) if IP range of your users differs from your internal IPs
b. Be sure IP addresses are available, if you use DHCP, check you have at least 10 IP addresses that are not assigned to resources.
3- If you have a connectivity issue: check Routing and Remote Access (RRAS) console to make sure that enough ports are available, maybe you need setup a multiple RRAS server
4- Remote Access Security:
a. Don’t use DC as RRAS server because it can compromise your data on the internet, try to use a dedicated server for your RRAS server
b. Use L2TP/IPSec whenever possible
c. Use Certificate, Smart card, Strong Passwords, Require MS-CHAP v2
d. Configure Packet filters to allow only VPN traffic:
i. PPTP uses TCP port 1723 and protocol 47
ii. L2TP/IPSec, UDP ports 500, 1701, 4500
RRAS:
1- Recheck your configurations
2- Routing Problem
a. Confirm IP forwarding
b. Confirm TCP/IP, maybe your IP range has problem or maybe someone turns on route DHCP server and it cause some conflicts
c. Confirm RIP versions
Demand-Dial:
1- Ensure ports are enabled for inbound and outbound
2- Are you using PPTP but you didn’t enable it for inbound and outbound
3- Ensure LAN and demand-dial routing option is enabled
4- Ensure both the user account and password are correct. Your password should never expired and use complicate password to prevent of any password cracking
NAT:
1- Ensure that public and Private interfaces are specified correctly
2- If using multiple public IP, Ensure they are right
3- Ensure DHCP server or allocator is working correctly
4- Is the basic firewall blocking traffic?
For most of RRAS services you can use of Logging/Monitoring:
· Event logging can be turned on at multiple locations inside RRAS
o Basic RRAS logs
· Tracing logs
o Show protocol information as it happens
o You can enable them by editing: HKLM\Software\Microsoft\Tracing\
· Network Monitor
1- You can go in Server properties in RRAS by right-clicking on the name of your server --> logging tab --> and select what level of logging do you want and mark “Log additional RRAS information” for more helpful detail
2- Also you can go in Security tab and configure “Accounting Provider” to have information for who logged in, who wanted to logged in but couldn’t do that, these logs are available under “Remote Access Logging” under your server name in RRAS console --> local File properties will give you another options. If you selected that your logs files will saves as IAS format, there is a tool in the “windows support tools” which can decrypt IAS logs and open them in excel or something like that and see its information and find why somebody cannot connecting
3- And also there are some other logging options under some services of RRAS for example if you go in properties of “NAT/Basic Firewall” in its general tab there are some logging option
4- You can enable trace logging by editing: HKLM\Software\Microsoft\Tracing\
a. For instance go to HKLM\Software\Microsoft\Tracing\PPP and change value of EnableFileTracing to 1 means it is enabled and read Point-to-Point logs in %windir%\tracing
0 Comments Received
Leave A Reply