A Routing and Remote Access server that is running Windows Server 2008 cannot maintain or accept more than 800 connections. If VPN users are connected through PSTN (analog modem or ISDN) either directly to the server that is running Routing and Remote Access or through an ISP, they may have many connection problems. These problems include PING time-out, share access does not work, intranet sites open slowly, or time-out. These problems occur even when there are less than 800 users connected.
↑ Back to the top
This problem occurs when the Internet Group Management Protocol (IGMP) is enabled. By default, IGMP forwarding is installed and enabled if you configure the server that is running Routing and Remote Access for VPN.
↑ Back to the top
To work around this problem, disable IGMP. To do this, follow these steps:
- Click Start, click Administrative Tools, and then click Routing and Remote Access.
- Expand Routing and Remote Access_server_name, and then expand IP Routing.
- Right-click IGMP, and then click Delete.
↑ Back to the top
In a network trace taken on the VPN client and/or the VPN server, you can see many IGMP membership queries. These queries are sent from the Routing and Remote Access server's "PPP adapter RAS (Dial In) Interface" IP-address.
By using the command
NETSH ROUTING IP IGMP SHOW INTERFACE,
you can verify that the "Internal" interface is configured to be an IGMP router. The "Internal" interface is not the corporate network-facing network adapter. This interface is the Routing and Remote Access interface representing all the VPN or Dial-up adapters.
↑ Back to the top
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
↑ Back to the top