1 of 1 people found this helpful
Im not entirely sure this is related but almost all of our laptop users that VPN from home are having their VPN connections drop after 4-5 minutes since I installed epo 4.5 and the new agent out to all client systems. Seems to be the only change of note at the time the problems started and Im trying to explore every avenue possible as Im getting nothing from log files and the event logs on the machines in question.
One thing I am wondering is because I connect by VPN but connect by cable to my router at home and mine seems to stay connected without a problem, is if there are any policies in epo for VSE 8.7 that could affect wireless security or the dropping of pptp vpn connections at all?
Though I am no expert, and not seeing any indication of or reason for the dropouts, I would surmise that the problem is more likely a Networking issue(s).
I assume that this is a software based VPN connection and not a router to router VPN connection.
VPN software use a Stateful connection. If a connection to the network is broken, for whatever reason, the re-established connection is not the same as the one initially created (and a dropout may ensue). Since the Wired connection does not seem to have this problem, this might imply that Wireless connections could be the symtom to look at. I might suggest looking into wireless networking problems, such as 2.4GHz. portable phones.
If you can eliminate other sources of wireless interference, then another possibility might exist. What is the security of the wireless connection to the access point (wireless router)? One of the strengths of VPN is a form of encryption of packets across the Internet. Couple this with the wireless encryption and now you have possible double encryption that may not like each other. When a disconnect occurs, the new wireless/router encryption key is different to the original and possibly incompatible with the VPN connection state.
I have seen an incoming Vonage phone call cause the dropout of the VPN (wired) connection. I might look at the VPN software in use, as they may have a solution. (Please, no comments about Vonage here, it is simply an example of the sensitivity of some VPN software.)
Is it possible that the new MA has caused a greater sensitivity to reconnection? Could be, but I have not seen this. I suppose that it is possible that the mini-firewall in VSE is blocking. (Speaking of firewalls . . .)
A simple test of the wireless connection problem might be to 'repair' the wireless connection and note what happens to the VPN state. You could even do this to a wired connection by simply removing the wire for 60 seconds and reconnecting it. What happens to the VPN state?
Is DHCP enabled (as is likely)? Does the same behaviour occur if using a statically allocated local IP address at the laptop?
I do not know of any ePO policy that would cause these problems; but you could try and initiate a test where you force the policy to run as soon as a test client logs on, before the usual 4-5 minute dropout. What happens? Are you running the McAfee HIPS product? If so, is there a policy for that in ePO?
Anyway, I hope these ideas help you narrow down the cause. Post back with your results and questions.
Thanks for the suggestions to try, we will investigate and see if we can form a pattern to try to help find out whats going on.
It seems to be about the time I pushed the 4.5 agent out and went back to the McAfee Default policies it started to happen, and seems to affect just our people that VPN from home and connect to their wireless router, people that connect by a cable dont have the issue which is whats baffling us as we havent changed anything else other than the monthly microsoft updates going out.
Will post back when we find out more info, whether it turns out to be McAfee or other!
If the home systems are Windows 7 or Vista with latest service pack, they might be encountering an issue in how VirusScan is updating the Windows Security Center.
If the VPN client has a policy to end the connection if there is no AV, then this is probably the cause, because there is an issue where VirusScan inadvertently tells WSC that "You're NOT protected" followed immediately by "You ARE protected".
That "blip" of being unprotected could lead to enforcement of a policy that drops your connection.
This issue for VirusScan is fixed with Patch 3.