FIX: Incoming VPN connections are rejected by an ISA Server 2004 RADIUS server that is operating on a Windows Server 2003-based computer

Article translations Article translations
Article ID: 970451 - View products that this article applies to.
Expand all | Collapse all

SYMPTOMS

Consider the following scenario:
  • On a Remote Authentication Dial-In User Service (RADIUS) server that is operating on a Windows Server 2003-based computer, you install Microsoft Internet Security and Acceleration (ISA) Server 2004.
  • In ISA Server 2004, you enable virtual private network (VPN) access and configure VPN for Radius authentication and Extensible Authentication Protocol (EAP).
  • The station ID of the RADIUS authentication packets is specified by using a format other than an IPv4 address.
In this scenario, ISA Server 2004 rejects incoming connections from remote computers.

CAUSE

The RADIUS authentication packets contain a station ID which is larger than 16 bytes. ISA Server 2004 assumes that the station ID is an IP address that is 16 bytes or smaller. For example, this problem may occur if the station ID is using a string format of a MAC address such as "00-00-AA-BB-CC-DD," which is larger than 16 bytes. Because ISA Server uses a static buffer to save and log the ID, it cannot initialize the connection. So, it rejects it.

RESOLUTION

To resolve this problem, install the hotfix rollup package that is described in the following Microsoft Knowledge Base article:

970454 Description of the ISA Server 2004 hotfix package: June 2, 2009


Note After you install this hotfix, large station IDs will be ignored and will not be logged.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

REFERENCES

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

Properties

Article ID: 970451 - Last Review: July 24, 2009 - Revision: 1.2
APPLIES TO
  • Microsoft Internet Security and Acceleration Server 2004 Standard Edition
  • Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition
Keywords: 
kbexpertiseinter kbfix kbsurveynew kbqfe KB970451

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com