VPN Troubleshooting Error Messages
Error Message
Cause This indicates that the Contivity VPN Switch never responded to the connection attempt. The problem could either be with the Contivity switch itself, (switch may be down) or your machine may be having a problem resolving the IP address.
ActionTry pinging your destination name (Example: vpn.something.com). If you received a message that says Request Timed Out from the ping command, call your ISP to make sure that their DNS is functioning correctly.
Error Message
Cause This indicates that the maximum number of users for the account you are using are currently logged on.
Action If you are the only user with VPN to your account, it is possible to get this error if you restarted a connection immediately after losing the dialup connection to your ISP. This is because the Contivity VPN Switch takes up to one hour to determine that your connection has been dropped and log you off from your account.
Error Message
Cause The User Name or the Password is incorrect for the user name entered.
Action Verify that the User Name you entered is correct and retype the Password before trying the connection again. If you have forgotten your username or password.
Error Message
Cause Your connection to your ISP was disconnected.
Action Reestablish your connection to your ISP before you reestablish the Contivity connection to the remote network.
Error Message
This message can result due to a number of different reasons, and there are several recommended actions you can take to try and reconnect.
Cause(s)
If you receive this error before the client connects then something is blocking a necessary port (such as ESP port 50). This can result if your firewall is not configured properly and is restricting the necessary port(s).
If you receive this error during a connection and you suddenly get the error it may mean one of the following.
1. Something closed the connection,
2. The VPN Contivity switch where you were trying to connect to thought your client was down or timed out.
3. Your local ISP did something that interrupted your network connection long enough for the VPN Contivity switch to identify your client was not responding.
4. The VPN Contivity switch that you are connected to has either logged your connection off or the Switch is no longer responding, or a device that does not support IPSEC NAT Traversal is causing the connection failure.
Action(s)
1. Try reestablishing the Contivity connection by clicking the Connect button. If this works, the connection was probably lost due to the Idle Timeout configured on the Contivity VPN Switch.
If no data is transferred through the Contivity connection for a long period of time, 15 minutes or more, the Contivity VPN Switch automatically disconnects the connection.
2. If you were unable to successfully reestablish the Contivity Connection, the dialup connection may be preventing data from traveling between the Contivity VPN Client and the Contivity VPN Switch. Hang up the dialup connection and reconnect before you try to reestablish a connection to the Contivity VPN Switch.
3. If you are still unable to connect to the Contivity VPN Switch, open a Command Prompt and try pinging the Contivity VPN Switch using the host name or address that you specified in the Destination field.
Therefore,if you
1. receive a Destination Unreachable error there is a routing problem at the ISP.
2. receive a Request Timed Out error message, the Contivity VPN Switch is probably not available, and you should contact your Network Administrator.
3. keep getting this message and are unable to connect, then it may indicate that the Contivity VPN Switch is unable to communicate with the client because it is behind some kind of NAT (Network Address Translation) device.
NAT (Network Address Translation) Traversal allows a number of devices on a private network to access the Internet simultaneously without each requiring its own external IP address. Most hotels and airports that provide Internet connectivity use NAT to connect to the Internet.
Error Message
Cause Message means the you the user, an application on your machine, or your ISP attempted to change the routing table via an ICMP redirect attempt and it was not successful. The client detects the attempt to make the change, determines its a security breach and shuts down the clients connection.
Any time you make a VPN connection, you cannot change the routing table, because the VPN Client views this as a security risk and you will get disconnected.
Some applications require an ICMP redirection in order to work such as a game or other third party software.
Action If you receive this error and cant connect due to an ICMP redirect attempt, shut down any other applications you are using which may be causing the ICMP redirect attempt.
If it is the ISP that is doing it, you will need to block the ICMP redirect request. You can identify that ICMP redirect has occurred, by seeing a message saying there has been an IP address routing table change.
Error Message
Cause Message means you are experiencing a Banner Sock issue, and will see a window displaying the Receiving Banner Text message and then get disconnected.
Actions
1. Disable the firewall completely to test. This is a port 500 issue and often means that the you have a personal Firewall that is blocking port 500 or you have a router that does not support IPSEC pass through, and you are connecting to a VPN switch that does not have NAT Traversal enabled.
2. If using wireless, temporarily remove Wireless from the picture and focus on your Ethernet card. Check the Ethernet card speed and duplex parameters and then make sure that the hub, switch, or router that is on the other end has the same parameters. If not, the VPN connection will drop as the link goes up and down, or due to a large number of errors on the port from a duplex and or speed mismatch.
3. Firewall that blocks the connection, such that the system will crash. (This will rarely happen) NSDF (Norton Symantec Desktop Firewall) and NSPF (Norton Symantec Personal Firewall) can do this.
If you do not trust the VPN address of the VPN client, the firewall will cause you to crash. In your Internet browser click on Tools > Internet Options > Security > Trusted Sites > Sites and add the destination VPN address(es) to your trusted sites.
(There are two IP addresses you may need to trust, which depend on the location of the VPN Contivity switch you are trying to connect to.
Error Message
Cause You may have installed to many virtual adapters in your IP Stack
Actions
1. Remove any unnecessary adapters.
2. Create multiple boot scenarios disabling the adapters that are not required for that function.
3. You may also get Banner Sock errors on Win 95 & 98 units with this condition.
4. For more information, see this Microsoft article:
KB217744: Unable to Bind Protocols to More Than 5 Network Adapters
Upgrade Errors
Error
Cause This is caused because an important registry key that cannot be found in the system registry.
Action
1. Uninstall and Reinstall the VPN Software.
Error
Cause This is generally caused by either not having Admin rights to the PC or by trying to install/use a Nortel VPN client that predates the operating system.
Actions
1. Ensure that you have admin rights to the PC.
2. Update/Install the most current version of the Nortel VPN client.
Error
Cause This problem generally will occur whenever you have another VPN client software installed on the system. The most noted conflicting clients are: AOL, Cisco VPN Client(s), SSH Sentinel and PGP.
Action
1. Removing these clients will in most cases, resolve the issue.
Home
Remote Host not responding or Unable to Resolve the IP address of the Remote Server
Cause This indicates that the Contivity VPN Switch never responded to the connection attempt. The problem could either be with the Contivity switch itself, (switch may be down) or your machine may be having a problem resolving the IP address.
ActionTry pinging your destination name (Example: vpn.something.com). If you received a message that says Request Timed Out from the ping command, call your ISP to make sure that their DNS is functioning correctly.
Error Message
Maximum number of sessions reached
Cause This indicates that the maximum number of users for the account you are using are currently logged on.
Action If you are the only user with VPN to your account, it is possible to get this error if you restarted a connection immediately after losing the dialup connection to your ISP. This is because the Contivity VPN Switch takes up to one hour to determine that your connection has been dropped and log you off from your account.
Error Message
Login failed. Please consult the switch log for further information.
Cause The User Name or the Password is incorrect for the user name entered.
Action Verify that the User Name you entered is correct and retype the Password before trying the connection again. If you have forgotten your username or password.
Error Message
The physical connection has been lost.
Cause Your connection to your ISP was disconnected.
Action Reestablish your connection to your ISP before you reestablish the Contivity connection to the remote network.
Error Message
The Secure Contivity connection has been lost
This message can result due to a number of different reasons, and there are several recommended actions you can take to try and reconnect.
Cause(s)
If you receive this error before the client connects then something is blocking a necessary port (such as ESP port 50). This can result if your firewall is not configured properly and is restricting the necessary port(s).
If you receive this error during a connection and you suddenly get the error it may mean one of the following.
1. Something closed the connection,
2. The VPN Contivity switch where you were trying to connect to thought your client was down or timed out.
3. Your local ISP did something that interrupted your network connection long enough for the VPN Contivity switch to identify your client was not responding.
4. The VPN Contivity switch that you are connected to has either logged your connection off or the Switch is no longer responding, or a device that does not support IPSEC NAT Traversal is causing the connection failure.
Action(s)
1. Try reestablishing the Contivity connection by clicking the Connect button. If this works, the connection was probably lost due to the Idle Timeout configured on the Contivity VPN Switch.
If no data is transferred through the Contivity connection for a long period of time, 15 minutes or more, the Contivity VPN Switch automatically disconnects the connection.
2. If you were unable to successfully reestablish the Contivity Connection, the dialup connection may be preventing data from traveling between the Contivity VPN Client and the Contivity VPN Switch. Hang up the dialup connection and reconnect before you try to reestablish a connection to the Contivity VPN Switch.
3. If you are still unable to connect to the Contivity VPN Switch, open a Command Prompt and try pinging the Contivity VPN Switch using the host name or address that you specified in the Destination field.
Therefore,if you
1. receive a Destination Unreachable error there is a routing problem at the ISP.
2. receive a Request Timed Out error message, the Contivity VPN Switch is probably not available, and you should contact your Network Administrator.
3. keep getting this message and are unable to connect, then it may indicate that the Contivity VPN Switch is unable to communicate with the client because it is behind some kind of NAT (Network Address Translation) device.
NAT (Network Address Translation) Traversal allows a number of devices on a private network to access the Internet simultaneously without each requiring its own external IP address. Most hotels and airports that provide Internet connectivity use NAT to connect to the Internet.
Error Message
Cannot Alter Routing Table
Cause Message means the you the user, an application on your machine, or your ISP attempted to change the routing table via an ICMP redirect attempt and it was not successful. The client detects the attempt to make the change, determines its a security breach and shuts down the clients connection.
Any time you make a VPN connection, you cannot change the routing table, because the VPN Client views this as a security risk and you will get disconnected.
Some applications require an ICMP redirection in order to work such as a game or other third party software.
Action If you receive this error and cant connect due to an ICMP redirect attempt, shut down any other applications you are using which may be causing the ICMP redirect attempt.
If it is the ISP that is doing it, you will need to block the ICMP redirect request. You can identify that ICMP redirect has occurred, by seeing a message saying there has been an IP address routing table change.
Error Message
Receiving Banner Text Information
Cause Message means you are experiencing a Banner Sock issue, and will see a window displaying the Receiving Banner Text message and then get disconnected.
Actions
1. Disable the firewall completely to test. This is a port 500 issue and often means that the you have a personal Firewall that is blocking port 500 or you have a router that does not support IPSEC pass through, and you are connecting to a VPN switch that does not have NAT Traversal enabled.
2. If using wireless, temporarily remove Wireless from the picture and focus on your Ethernet card. Check the Ethernet card speed and duplex parameters and then make sure that the hub, switch, or router that is on the other end has the same parameters. If not, the VPN connection will drop as the link goes up and down, or due to a large number of errors on the port from a duplex and or speed mismatch.
3. Firewall that blocks the connection, such that the system will crash. (This will rarely happen) NSDF (Norton Symantec Desktop Firewall) and NSPF (Norton Symantec Personal Firewall) can do this.
If you do not trust the VPN address of the VPN client, the firewall will cause you to crash. In your Internet browser click on Tools > Internet Options > Security > Trusted Sites > Sites and add the destination VPN address(es) to your trusted sites.
(There are two IP addresses you may need to trust, which depend on the location of the VPN Contivity switch you are trying to connect to.
Error Message
You already have the maximum number of adapters installed
Cause You may have installed to many virtual adapters in your IP Stack
Actions
1. Remove any unnecessary adapters.
2. Create multiple boot scenarios disabling the adapters that are not required for that function.
3. You may also get Banner Sock errors on Win 95 & 98 units with this condition.
4. For more information, see this Microsoft article:
KB217744: Unable to Bind Protocols to More Than 5 Network Adapters
Upgrade Errors
The following are some errors that may occur when trying to upgrade / install the Nortel VPN Client 4.65
Error
Failed to get Registry key value for NT_IPSECSHM
Cause This is caused because an important registry key that cannot be found in the system registry.
Action
1. Uninstall and Reinstall the VPN Software.
Error
Login Failure due to Driver Failure
Cause This is generally caused by either not having Admin rights to the PC or by trying to install/use a Nortel VPN client that predates the operating system.
Actions
1. Ensure that you have admin rights to the PC.
2. Update/Install the most current version of the Nortel VPN client.
Error
Create socket failed with 10048.
Cause This problem generally will occur whenever you have another VPN client software installed on the system. The most noted conflicting clients are: AOL, Cisco VPN Client(s), SSH Sentinel and PGP.
Action
1. Removing these clients will in most cases, resolve the issue.
Home
3 Comments:
well, good collection of errors. But what do you do if you the error "Remote Host not responding" and the ping works just fine?
If you get 4 successful replies when pinging your VPN Host and you still get the error code "Remote Host not responding" Verify you have internet connection (always a first step) Reset your Router to Factory Settings and Release and Renew your IP address in your DOS box. If you get the error message again, your VPN Host may not be available at the moment for you, as it goes through an authentication cycle on the switch or, the passcode is being entered incorrectly and/or your account may be disabled.
Fast and stable, good choice for vpn, much better than free ones. It's so good! Recommonded to everyone. Thank you!
Post a Comment
Subscribe to Post Comments [Atom]
<< Home