1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ras not obtaining leases from dhcp

Discussion in 'Network Infrastructure' started by dales, Feb 4, 2009.

  1. dales

    dales Gigabyte Poster

    1,998
    46
    97
    Hello,

    I've got an issue with my ras setup. at the moment I have 2 subnets 192.168.1.x and 172.16.x.x . the ras server is also part of the ras and ias group in my main domain. As per my previous post here rras is working fine and my clients on the remote end of my network get dhcp through a relay from the 172.16..x.x subnet to the 192.168.1.x subnet (where the dhcp server is located).

    My problem is that whenever I VPN into the ras server the client receives an APIPA address. Now the ras server has 10 ports (the default 5 l2tp and 5 pptp) which should reserve 10 ip address from the dhcp server even before any vpn connections are made, but this is not happening. Does anyone know why a ras server may not reserve addresses to hand out to remote clients.

    I'm half tempted to think this is some sort of freak accident and reimage the server and try again.
     
    Certifications: vExpert 2014+2015+2016,VCP-DT,CCE-V, CCE-AD, CCP-AD, CCEE, CCAA XenApp, CCA Netscaler, XenApp 6.5, XenDesktop 5 & Xenserver 6,VCP3+5,VTSP,MCSA MCDST MCP A+ ITIL F
    WIP: Nothing
  2. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,190
    296
    319
    Any security software on the client? In some cases the DHCP broadcast is blocked.

    Windows firewall may even be an issue here.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  3. dales

    dales Gigabyte Poster

    1,998
    46
    97
    thanks for the quick reply, been meaning to ask whats happened to mr oizo!

    No no security software the client is just a standard xp virtual machine with sp2 no firewall enabled, In fact i have not been able to see any dhcp traffic with network monitor when I connect the client by vpn.

    Weird.
     
    Certifications: vExpert 2014+2015+2016,VCP-DT,CCE-V, CCE-AD, CCP-AD, CCEE, CCAA XenApp, CCA Netscaler, XenApp 6.5, XenDesktop 5 & Xenserver 6,VCP3+5,VTSP,MCSA MCDST MCP A+ ITIL F
    WIP: Nothing
  4. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,190
    296
    319
    Long story, but he will be back soon. 8)

    How is the remote client connecting, is this through a firewall (port issue perhaps?) or is this in a lab environment? What type of VPN are you running? L2TP or PPTP? Is the client set to auto detect?

    Questions, questions. :biggrin
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  5. hippy

    hippy Kilobyte Poster

    307
    5
    40
    Not got my lab here so its all hit and miss

    where is the DHCP server in your internal network? On the same server or another? When you add the RRAS set up it adds a DHCP Relay Agent (Well did on mine) double check where it is pointing to?

    or

    Simple one, can the RAS server ping the server with the DHCP?

    IS IT THIS? are your routing routes setup correctly? One way default the other way static or dynamic?
     
  6. craigie

    craigie Terabyte Poster

    3,020
    173
    155
    First of all check your DHCP server to see if the scopes have been obtained by the RRAS server. By default the RRAS server normally takes 10 leases.

    Check your RRAS Server Settings by right clicking your Server. Ensure that on the General Tab that the Remote Acces Server is ticked. Under IP make sure that the Enable IP Routing, Allow IP Based Remote Access etc is ticked and also This Server Can Assign IP Addresses by Using DHCP.

    Next go to Ports and Right Click Properties select WAN PPTP > Configure and check Remote Access Inbound Only

    Then click on IP Routing > Static Routes > Show Routing Table and ensure that your routes are all correct.

    Last of all check your Remote Access Policies to ensure that your authentication methods are the same as expected.
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  7. dales

    dales Gigabyte Poster

    1,998
    46
    97
    its a test lab, so im vpn internally so the connection doesnt go through any external firewalls or anything. Again by default pptp is used. says its a weird one cause the client I am using is using a dhcp relay agent to obtain its standard ip address (so thats working fine) but when using the vpn it just gets 169s. As I say im quite tempted to start again with that server as I cant see a reason why its doing it.
     
    Certifications: vExpert 2014+2015+2016,VCP-DT,CCE-V, CCE-AD, CCP-AD, CCEE, CCAA XenApp, CCA Netscaler, XenApp 6.5, XenDesktop 5 & Xenserver 6,VCP3+5,VTSP,MCSA MCDST MCP A+ ITIL F
    WIP: Nothing
  8. craigie

    craigie Terabyte Poster

    3,020
    173
    155
    Are you sure that This Server Can Assign IP Addresses by Using DHCP is ticked under IP on the Server Properties?
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  9. dales

    dales Gigabyte Poster

    1,998
    46
    97
    yep positive! weird huh!
     
    Certifications: vExpert 2014+2015+2016,VCP-DT,CCE-V, CCE-AD, CCP-AD, CCEE, CCAA XenApp, CCA Netscaler, XenApp 6.5, XenDesktop 5 & Xenserver 6,VCP3+5,VTSP,MCSA MCDST MCP A+ ITIL F
    WIP: Nothing
  10. craigie

    craigie Terabyte Poster

    3,020
    173
    155
    Oki doki, a couple more things to check:

    1. GPO for Computer Configuration > Admin Templates > Networks > Network Connections > Windows Firewall > Domain Profile > Define Port Exceptions.

    If the above is enabled, then enter the following syntax:

    1723:TCP:192.168.0.0/24:Enabled:PPTP
    1701:UDP:192.168.0.0/24:Enabled:L2TP IPSec

    Next have a looksi at your RRAS under IP Routing > NAT\Basic Firewall > If On Private Interface change to Public and Select Enable NAT > Service & Ports > Select VPN PPTP and VPN L2TP IPSec

    Let us know how you get on!
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  11. dales

    dales Gigabyte Poster

    1,998
    46
    97
    thanks for the input all, after all that I couldnt figure it out so decided to make another server a rras server and it works perfectly so as time is of the essence I may go back and have a fiddle and try to work that out after my first go at the exam.

    Thanks again all.
     
    Certifications: vExpert 2014+2015+2016,VCP-DT,CCE-V, CCE-AD, CCP-AD, CCEE, CCAA XenApp, CCA Netscaler, XenApp 6.5, XenDesktop 5 & Xenserver 6,VCP3+5,VTSP,MCSA MCDST MCP A+ ITIL F
    WIP: Nothing

Share This Page

Loading...