WFAS Connection Security Rules not working
Server: Windows Server 2008 R2 Standard
Client: Windows 7 Professional
I'm attempting to secure all CIFS traffic between the server and the client. I can get this to work by creating server-to-server rules on each side on most clients. I have one Windows 7 Pro client that I cannot get this to work at all.
My rules are very simple on each side.
Server:
Firewall: Allow Inbound/Outbound
Endpoint 1= any
Endpoint 2 = client IP
Protocol = Any
Authentication = Require inbound & outbound, advanced, PSK (for testing)
Client:
Firewall: Allow Inbound/Outbound
Endpoint 1= any
Endpoint 2 = server IP
Protocol = Any
Authentication = Require inbound & outbound, advanced, PSK (for testing)
This same configuration works for other clients. I've been using RDP as a test. I can see the main mode get established and the quick mode. I never complete the connection though.
Any ideas on where to start troubleshooting?
May 23rd, 2012 10:32am
Hi,
Please try to install the following hotfix to test:
SMB/CIFS sessions leak in Windows Vista, in Windows Server 2008, in Windows 7 and in Windows Server 2008 R2
http://support.microsoft.com/kb/2537589
If the issue persist, please provide more information such as Event ID for further analysis:
Hope this helps!
Best Regards
Elytis ChengElytis Cheng
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
May 24th, 2012 8:24am
Thanks for the suggestion. Unfortuantely neither main mode or quick mode establish now. I did turn on logging through the advanced audit configuration. I have this event in the log of the client (10.0.0.52):
An IPsec main mode negotiation failed.
Local Endpoint:
Local Principal Name: -
Network Address: 10.0.0.52
Keying Module Port: 500
Remote Endpoint:
Principal Name: -
Network Address: 10.0.0.113
Keying Module Port: 500
Additional Information:
Keying Module Name: IKEv1
Authentication Method: Unknown authentication
Role: Initiator
Impersonation State: Not enabled
Main Mode Filter ID: 752925
Failure Information:
Failure Point: Local computer
Failure Reason: Negotiation timed out
State: Sent first (SA) payload
Initiator Cookie: 40eb66d0ead938c8
Responder Cookie: 0000000000000000
May 24th, 2012 8:34am
Somehow the main mode & quick mode were established on subsequent tests:
(from the client)
An IPsec main mode security association was established. Extended mode was not enabled. Certificate authentication was not used.
Local Endpoint:
Principal Name: -
Network Address: 10.0.0.52
Keying Module Port: 500
Remote Endpoint:
Principal Name: -
Network Address: 10.0.0.113
Keying Module Port: 500
Security Association Information:
Lifetime (minutes): 480
Quick Mode Limit: 0
Main Mode SA ID: 6
Cryptographic Information:
Cipher Algorithm: AES-128
Integrity Algorithm: SHA1
Diffie-Hellman Group: DH group 2
Additional Information:
Keying Module Name: IKEv1
Authentication Method: Preshared key
Role: Initiator
Impersonation State: Not enabled
Main Mode Filter ID: 754647
--------
An IPsec quick mode security association was established.
Local Endpoint:
Network Address: 10.0.0.52
Network Address mask: 255.255.255.255
Port: 0
Tunnel Endpoint: -
Remote Endpoint:
Network Address: 10.0.0.113
Network Address Mask: 255.255.255.255
Port: 0
Private Address: 0.0.0.0
Tunnel Endpoint: -
Protocol: 0
Keying Module Name: -
Cryptographic Information:
Integrity Algorithm - AH: -
Integrity Algorithm - ESP: SHA-1
Encryption Algorithm: -
Security Association Information:
Lifetime - seconds: 3600
Lifetime - data: 100000
Lifetime - packets: 2147483647
Mode: Transport
Role: Initiator
Quick Mode Filter ID: 754670
Main Mode SA ID: 6
Quick Mode SA ID: 6
Additional Information:
Inbound SPI: 1755269999
Outbound SPI: 371512290
Virtual Interface Tunnel ID: 0
Traffic Selector ID: 0
Free Windows Admin Tool Kit Click here and download it now
May 24th, 2012 10:18am
I found what is causing this issue. After bootign into safe mode with networking, I was able to get this to work. On a chance, I uninstalled the Sonicwall Global VPN client. After a reboot, it worked. I reinstalled the VPN client
and it stopped working.
What I don't yet understand is why. I know they both use IPSec, but I'm not sure why it breaks Windows IPSec.
May 25th, 2012 7:54am
I found what is causing this issue. After bootign into safe mode with networking, I was able to get this to work. On a chance, I uninstalled the Sonicwall Global VPN client. After a reboot, it worked. I reinstalled the VPN client
and it stopped working.
What I don't yet understand is why. I know they both use IPSec, but I'm not sure why it breaks Windows IPSec.
Free Windows Admin Tool Kit Click here and download it now
May 25th, 2012 7:57am