Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

FIX: Incoming VPN connections are rejected by an ISA Server 2004 RADIUS server that is operating on a Windows Server 2003-based computer


View products that this article applies to.

Symptoms

Consider the following scenario:
  • On a Remote Authentication Dial-In User Service (RADIUS) server that is operating on a Windows Server 2003-based computer, you install Microsoft Internet Security and Acceleration (ISA) Server 2004.
  • In ISA Server 2004, you enable virtual private network (VPN) access and configure VPN for Radius authentication and Extensible Authentication Protocol (EAP).
  • The station ID of the RADIUS authentication packets is specified by using a format other than an IPv4 address.
In this scenario, ISA Server 2004 rejects incoming connections from remote computers.

↑ Back to the top


Cause

The RADIUS authentication packets contain a station ID which is larger than 16 bytes. ISA Server 2004 assumes that the station ID is an IP address that is 16 bytes or smaller. For example, this problem may occur if the station ID is using a string format of a MAC address such as "00-00-AA-BB-CC-DD," which is larger than 16 bytes. Because ISA Server uses a static buffer to save and log the ID, it cannot initialize the connection. So, it rejects it.

↑ Back to the top


Resolution

To resolve this problem, install the hotfix rollup package that is described in the following Microsoft Knowledge Base article:

970454 Description of the ISA Server 2004 hotfix package: June 2, 2009


Note After you install this hotfix, large station IDs will be ignored and will not be logged.

↑ Back to the top


Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top


References

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

↑ Back to the top


Keywords: KB970451, kbqfe, kbsurveynew, kbfix, kbexpertiseinter, kbarchive, kbnosurvey

↑ Back to the top

Article Info
Article ID : 970451
Revision : 3
Created on : 1/15/2015
Published on : 1/15/2015
Exists online : False
Views : 327