Bagikan melalui


Routing and Remote Access Service Management Pack Guide for System Center Operations Manager 2007

Updated: September 30, 2009

Applies To: Windows Server 2008 R2

The Routing and Remote Access Service Management Pack helps you monitor the health and availability of computers running Windows Server 2008, and Windows Server 2008 R2.

This guide describes how to install the Routing and Remote Access Service Management Pack in Microsoft® System Center Operations Manager 2007 (Operations Manager 2007).

The Routing and Remote Access Service Management Pack for System Center Operations Manager 2007 provides a predefined, ready-to-run set of processing rules, alarms, monitors, and performance instrumentation that are designed specifically to monitor the performance and availability of the Routing and Remote Access service (RRAS). This management pack monitors events that are placed in the Application and System event logs by various RRAS components and subsystems. It also monitors the overall health of RRAS and alerts you to critical performance issues.

This guide provides information about the most common monitoring scenarios, monitoring definitions, tasks, and views for RRAS. This guide also includes instructions for deploying and operating the RRAS Management Pack.

By detecting and creating alerts for critical events, the RRAS Management Pack helps to indicate, correct, and prevent possible outages in the Routing and Remote Access service.

The RRAS Management Pack works by collecting, analyzing, and responding to events that RRAS places in Windows Server® 2008 and Windows Server 2008 R2 event logs. It highlights events, alarms, monitors, and performance instrumentation that might indicate possible service outages or configuration problems so that an administrator can quickly take corrective or further preventive actions.

The Routing and Remote Access Service Management Pack provides alerts about the following critical conditions:

  • Remote access (VPN) connection failures due to erroneous configuration.

  • Demand-dial (site-to-site) connection failures due to erroneous configuration.

  • Erroneous configuration of VPN tunnels:

    • Point-to-Point Tunneling Protocol (PPTP)

    • Layer Two Tunneling Protocol (L2TP/IPSec)

    • Secure Socket Tunneling Protocol (SSTP)

    • Internet Key Exchange version 2 (IKEv2)

  • Connection licenses, registry corruption, authentication, and accounting issues for remote access

  • VPN network access protection (NAP) enforcement and Network Access Quarantine Control access issues

  • Erroneous configuration and setup issues involved with various routing protocols that are exposed through RRAS, such as the following:

    • Routing Information Protocol (RIP) v1 and v2

    • DHCP Relay Agent

    • Internet Group Management Protocol (IGMP)

    • DHCPv6 Relay Agent

Getting the latest Management Pack and documentation

You can find the RRAS Management Pack in the System Center Operations Manager 2007 Catalog (https://go.microsoft.com/fwlink/?linkid=82105) on TechNet.

What’s New

The following features are new in this release of the RRAS Management Pack:

  • Monitors and alarms to notify the administrator about erroneous conditions. These conditions include the following:

    • Hardware device error

    • Protocol initialization failure

    • Remote Access Connection Manager (RASMAN) service unexpected termination

    • Routing and Remote Access service unexpected termination

    • Routing and Remote Access service monitor

    • Authentication or accounting failures

    • Configuration failures

    • IPsec-related failures

    • Packet filter-related failure

    • IPCP negotiation failure

    • Memory allocation monitor

    • Memory allocation failure

    • No more licenses monitor

    • Port open failures

  • Support for monitoring performance counters and instrumentation, including the following:

    • Total number of remote access connections

    • Total number of timeout and serial overrun errors for this connection

    • Total number of alignment errors for this connection (alignment errors occur when a byte received is different from the byte expected)

    • Total number of buffer overrun errors for this connection (buffer overrun errors occur when the software cannot handle the rate at which data is received)

    • Total number of bytes received for this connection

    • Number of bytes received per second

    • Total number of bytes transmitted for this connection

    • Number of bytes transmitted per second

    • Total number of cyclic redundancy check (CRC) errors for this connection (CRC errors occur when the frame received contains erroneous data)

    • Total number of data frames received for this connection

    • Number of frames received per second.

  • Added support for the following tunneling protocols: Internet Key Exchange version 2 (IKEv2), in addition to the three existing protocols – PPTP, L2TP, and SSTP.

  • Support for monitoring Whale VPN client connections that use SSTP and cookie-based authentication. Whale is a Microsoft subsidiary that provides remote access solutions. For more information, see Web FAQ: Whale Communications Acquisition.

  • Enhanced event collection and notification, including the following errors and scenarios:

    • Disabling PPP AUTH on port

    • SSTP client certificate missing

    • SSTP wrong certificate configuration

    • SSTP cookie add failure

    • No network protocols were successfully negotiated

    • PPP errors on port

    • Callback failures

    • Cannot receive initial data on port

    • License limit exceeded

    • Unable to process MOBIKE update

Supported Configurations

The RRAS Management Pack for System Center Operations Manager 2007 supports the following operating systems:

  • Windows Server 2008

  • Windows Server 2008 R2

How to Import the Routing and Remote Access Service Management Pack

For instructions about importing a management pack, se How to Import a Management Pack in Operations Manager 2007 (https://go.microsoft.com/fwlink/?linkid=142351).

Create a New Management Pack for Customizations

Most vendor management packs are sealed so that you cannot change any of the original settings in the management pack file. However, you can create customizations, such as overriding a default behavior or creating new monitoring objects, and then save them to a different management pack. By default, Operations Manager 2007 saves all customizations to the default management pack. As a best practice, you should instead create a separate management pack for each sealed management pack that you want to customize.

Creating a new management pack for storing overrides has the following advantages:

  • It simplifies the process of exporting customizations that were created in your test and preproduction environments to your production environment. For example, instead of exporting a default management pack that contains customizations from multiple management packs, you can export just the management pack that contains customizations of a single management pack.

  • You can delete the original management pack without needing to first delete the default management pack. A management pack that contains customizations is dependent on the original management pack. This dependency requires that you delete the management pack with customizations before you can delete the original management pack. If all of your customizations are saved to the default management pack, you must delete the default management pack before you can delete an original management pack.

  • It is easier to track and update customizations to individual management packs.For more information about sealed and unsealed management packs, se Management Pack Formats (https://go.microsoft.com/fwlink/?linkid=108355).

For more information about management pack customizations and the default management pack, see About Management Packs in Operations Manager 2007 (https://go.microsoft.com/fwlink/?linkid=108356).

Security Considerations

You may need to customize your management pack. Certain accounts cannot be run in a low-privilege environment, or they must have minimum permissions. The “Run As Account” needs to have administrator privileges on an RRAS server. In a domain environment, it is highly recommended that you use a domain account as your “Run As Account”.

Note

This domain account needs to have administrator privileges for the RRAS server.

Understanding Management Pack Operations

The RRAS Management Pack provides alerts for the following critical conditions:

  • Remote access (VPN) connection failures due to erroneous configuration.

  • Demand-dial (site-to-site) connection failures due to erroneous configuration.

  • Erroneous configuration of VPN tunnels:

    • Point-to-Point Tunneling Protocol (PPTP)

    • Layer Two Tunneling Protocol (L2TP/IPSec)

    • Secure Socket Tunneling Protocol (SSTP)

    • Internet Key Exchange version 2 (IKEv2)

  • Connection licenses, registry corruption, authentication, and accounting issues for remote access

  • VPN network access protection (NAP) enforcement and Network Access Quarantine Control access issues

  • Erroneous configuration and setup issues involved with various routing protocols that are exposed through RRAS, such as the following:

    • Routing Information Protocol (RIP) v1 and v2

    • DHCP Relay Agent

    • Internet Group Management Protocol (IGMP)

    • DHCPv6 Relay Agent

Objects that the Management Pack Discovers

The RRAS Management Pack discovers the object types described in the following table. Not all of the objects are automatically discovered. Use overrides to discover those that are not discovered automatically.

For information about discovering objects, see Object Discoveries in Operations Manager 2007 (https://go.microsoft.com/fwlink/?linkid=108505) in Operations Manager 2007 Help.

Category Object Type Discovered Automatically

Routing and Remote Access service

RRAS server

Yes

Use the following procedure to enable or disable automatic discovery. The procedure enables the RRAS server as an example.

To use an override to change the setting for automatic discovery

  1. In the Authoring pane, expand Management Pack Objects, and then click Object Discoveries.

  2. In the Operations Manager toolbar, use the Scope button to filter the list of objects, and then click RRAS Server.

  3. On the Operations Manager toolbar, click Overrides, click Override the Object Discovery, and then click For all objects of type: RRAS Server.

  4. In the Overrides Properties dialog box, select Override for the Enabled parameter.

  5. Under Management Pack, click New to create an unsealed version of the management pack, and then click OK. Alternatively, select an unsealed management pack that you previously created in which to save this override. As a best practice, you should not save overrides to the Default Management Pack.

After you change the override setting, the object type will be automatically discovered and will appear in the Monitoring pane under Routing and Remote Access.

Classes

Microsoft.Windows.Server.RRAS.2008.Server is the class defined in the RRAS Management Pack. The following diagram shows the class that is defined in this management pack and its respective hierarchy:

How Health is Represented

The health of the RRAS server depends on the health of several monitors that can be classified into the following four categories: Availability, Configuration, Performance, and Security. The following diagram shows how the health states of the components are represented in this management pack.

Key Monitoring scenarios

The RRAS Management Pack manages the logical parts of an RRAS server that an operator or administrator is interested in monitoring, configuring, or reporting on. Each of the following components is critical to the RRAS infrastructure:

Component Component Description

RAS client

You can create dial-up and broadband remote access connections to reach remote computers. With the PPTP, L2TP/IPsec, SSTP, and IKEv2 protocols, which are automatically installed on your computer, you can securely access resources on a network by connecting to a remote access server through the Internet or other network. The use of both private and public networks to create a network connection is called a virtual private network (VPN).

RAS connection establishment

Remote access involves establishing a dial-up or broadband connection with a remote access server. A dial-up client that connects to an RRAS can be any PPP client. The client must have installed a modem, an analog telephone line or other wide area network (WAN) connection, and remote access software. VPN clients that connect to RRAS must be able to send TCP/IP packets to the remote access server over the Internet. Therefore, a network adapter or a modem with an analog telephone line or other WAN connection to the Internet is required.

RAS connection termination

Remote access involves establishing a dial-up or broadband connection with a remote access server. A dial-up client that connects to an RRAS server can be any PPP client. The client must have installed a modem, an analog telephone line or other wide area network (WAN) connection, and remote access software. VPN clients that connect to RRAS must be able to send TCP/IP packets to the remote access server over the Internet. Therefore, a network adapter or a modem with an analog telephone line or other WAN connection to the Internet is required.

VPN NAP enforcement client configuration

A Network Access Protection (NAP) enforcement client is responsible for requesting access to a network, communicating a client computer's health status to the NAP server that is authorizing the network access, and communicating the connection status of the client computer to other components of the NAP client architecture. A NAP-capable client is a computer that has the NAP components installed and can verify its health state by sending a statement of health (SoH) to Network Policy Server (NPS).

The remote access enforcement client enforces health policies when a client computer attempts to gain access to the network through a virtual private network (VPN) connection.

RRAS server

With RRAS, you can deploy VPN and dial-up remote access services, and multiprotocol LAN-to-LAN, LAN-to-WAN, VPN, and network address translation (NAT) routing services.

RAS connection

An RRAS server provides two different types of remote access connectivity: VPN and dial-up networking. VPN is the creation of secure, point-to-point connections across a private network or a public network, such as the Internet. A VPN client uses TCP/IP-based tunneling protocols to make a connection to a virtual interface on a VPN server. In dial-up networking, a remote access client makes a nonpermanent, dial-up phone or ISDN connection to a physical port on an RRAS server. In contrast to dial-up networking, VPN is always a logical, indirect connection between the VPN client and the VPN server over a public network, such as the Internet.

RASMAN service configuration

Connection Manager is a client dialer and connection software program. You can customize it by using the Connection Manager Administration Kit (CMAK) wizard to create a service profile.

The Remote Access Connection Manager (RASMAN) service establishes the connection to the remote server.

RRAS audits

The Routing and Remote Access service has determined that RRAS audits generated an audit entry when a system event was executed successfully. These events confirm successful RRAS operations.

RRAS authentication and accounting

If a remote access server is configured for Windows authentication, the security features of Windows Server and Active Directory Domain Services (AD DS) are used to verify the credentials for authentication, and the dial-in properties of the user account are used to authorize the connection.

If the remote access server is configured for RADIUS authentication, the connection request, including credentials, is forwarded to the RADIUS server for authentication and authorization. If the RADIUS server is a computer running Network Policy Server (NPS), NPS performs authentication against the credentials that are stored in the user account database, such as AD DS or the local Security Accounts Manager (SAM) database. NPS performs authorization using the dial-in properties of the user account and network policies that are configured in NPS.

RRAS computer certificate for EAP-TLS

When you use Extensible Authentication Protocol (EAP) with a strong EAP type, such as Transport Layer Security (TLS) with smart cards or certificates, the client and the server use certificates to verify their identities to each other. For successful authentication, certificates must meet requirements on the server and on the client.

For information about computer certificates for EAP-TLS, see EAP Overview (https://go.microsoft.com/fwlink/?LinkId=164475) and Certificate Requirements for PEAP and EAP (https://go.microsoft.com/fwlink/?LinkId=164476) in NPS Help in the Windows Server Technical Library.

RRAS connection licenses

A client access license (CAL) is required for each client device or user that accesses a Windows Server operating system. Per-server connections are allocated on a first-come, first-served basis, and are limited to the number of CALs allocated to the server. A server that is over its licensed connection limit will not accept remote connections.

RRAS demand-dial connections

A demand-dial interface is a logical interface that represents a point-to-point connection. The point-to-point connection is based on a physical connection (such as two routers that are connected over an analog phone line that uses modems) or a logical connection (such as two routers that are connected over a VPN connection that uses the Internet). Demand-dial connections are on-demand (the point-to-point connection is only established when needed) or persistent (the point-to-point connection is established and then remains in a connected state). Demand-dial interfaces typically require an authentication process to become connected. The equipment required by a demand-dial interface is a port on a device.

RRAS DHCP Relay Agent (IPBOOTP)

The Dynamic Host Configuration Protocol (DHCP) Relay Agent component relays DHCP messages between DHCP clients and DHCP servers on different IP networks. The DHCP Relay Agent is compliant with RFC 1542, "Clarifications and Extensions for the Bootstrap Protocol." For each IP network segment that contains DHCP clients, a DHCP server or a computer acting as a DHCP Relay Agent is required.

RRAS DHCPv6 Relay Agent

The DHCPv6 Relay Agent relays DHCPv6 messages between DHCPv6 clients and DHCPv6 servers on different IPv6 networks. The DHCPv6 Relay Agent is compliant with RFC 3315.

RRAS hardware devices

RRAS uses network interface cards and modems to establish remote access connections.

RRAS IGMP

Internet Group Management Protocol (IGMP) maintains host group membership on a local subnet. Hosts use IGMP to communicate multicast group membership requests with their local multicast router. Routers receive the group membership requests and periodically send queries to determine which host groups are active or inactive on the local subnet.

RRAS IPCP negotiation

The VPN server must have IP addresses available to assign to the VPN server's virtual interface and to VPN clients during the IP Control Protocol (IPCP) negotiation phase of the connection process. The IP address that is assigned to the VPN client is assigned to the virtual interface of the VPN client. RRAS can be configured to use a DHCP server to obtain IP addresses or it can use a static pool of IP addresses to assign to remote access and demand-dial connections.

RRAS IPsec configuration

For L2TP-based VPN connections, a certificate infrastructure is required to issue computer certificates that are used to negotiate authentication for Internet Protocol security (IPsec). If the computer certificate that is required for IPsec is not available, the connection fails.

RRAS Multicast Group Manager

The Multicast Group Manager (MGM) application programming interface (API) enables developers to write multicast routing protocols that operate with routers running the Multicast Group Manager. When more than one multicast routing protocol is enabled on a router, the MGM coordinates operations between all routing protocols. The MGM informs each routing protocol when group membership changes occur, and when multicast data from a new source or destined to a new group is received.

RRAS multicast scope configuration

A multicast scope is a named range of IP multicast addresses that is expressed with an IP address and mask. After multicast scopes are configured, you can use them to create scope-based multicast boundaries in the properties of an IP routing interface.

RRAS can forward multicast traffic in limited network configurations. The primary use of RRAS as a multicast router is to connect a subnet to a multicast-enabled intranet that contains routers running multicast routing protocols. To fully support efficient multicast forwarding on a multiple-router intranet, you must install multicast routers that run one or more multicast routing protocols.

RRAS NAP and Network Access Quarantine Control

Network Access Protection (NAP) provides a platform to help ensure that client computers on a private network meet administrator-defined requirements for system health. NAP enforcement occurs at the moment client computers attempt to access the network through network access servers, such as a VPN server running RRAS, or when client computers attempt to communicate with other network resources.

Network Access Quarantine Control is similar in function to NAP VPN enforcement, but it provides added protection for remote access connections only. NAP provides protection for IPsec-based communications, 802.1X authenticated connections, VPN connections, DHCP configuration, and Terminal Services Gateway connections.

RRAS non-Microsoft DLLS

To successfully load a non-Microsoft dynamic-link library (DLL), the DLL must have the correct Windows system environment path and registry location.

RRAS other remote access server configurations

Successful remote access and routing connections require the correct configuration of firewall settings and IP routing protocols.

RRAS packet filter configuration

RRAS supports IP packet filtering, which specifies which type of traffic is allowed into and out of the router. The packet filtering feature is based on exceptions. You can set packet filters per interface and configure them to do one of the following: pass through all traffic except packets that are prohibited by filters or discard all traffic except packets that are allowed by filters.

RRAS PPP initialization

During connection initialization, Point-to-Point Protocol (PPP) uses Link Control Protocol (LCP) to negotiate link parameters, such as the maximum PPP frame size, the use of Multilink, and the use of a specific PPP authentication protocol.

RRAS registry configuration

Successful remote access and routing connections require the correct configuration of registry settings.

RRAS RIP for IP

RRAS supports Router Information Protocol (RIP) versions 1 and 2. RIP version 2 supports multicast announcements, simple password authentication, and more flexibility in subnetted and Classless InterDomain Routing (CIDR) environments.

RRAS routing interfaces

The RRAS server uses a routing interface to forward unicast IP and multicast IP packets. There are two types of routing interfaces: LAN interfaces and demand-dial interfaces. A LAN interface is a physical interface that typically represents a local area connection that uses local area networking technology such as Ethernet. A demand-dial interface is a logical interface that represents a point-to-point connection. The point-to-point connection is based on a physical connection (such as two routers that are connected over an analog phone line that uses modems) or a logical connection (such as two routers that are connected over a VPN connection that uses the Internet).

RRAS Secure Socket Tunneling Protocol

Secure Socket Tunneling Protocol (SSTP) is a VPN tunneling protocol with features that allow traffic to pass through firewalls that block PPTP and L2TP/IPsec traffic. SSTP provides a mechanism to encapsulate Point-to-Point Protocol (PPP) traffic over the Secure Sockets Layer (SSL) channel of the HTTPS protocol. The use of HTTPS means that traffic flows through TCP port 443, a port commonly used for Web access.

RRAS supporting modules

To successfully load supporting modules, the dynamic-link library (DLL) must have the correct Windows system environment path and registry location.

Monitoring Scenarios with Monitors and Alarms

The RRAS Management Pack includes monitors and alarms to notify the administrator of some erroneous conditions. The following table outlines these monitors:

Monitor Description

Hardware device error

The connection attempt failed because the device that is connected to the port is not responding.

Protocol initialization failure

Internet Group Management Protocol version 2 (IGMPv2) encountered an error during initialization.

Remote Access Connection Manager unexpected termination

The Remote Access Connection Manager (RASMAN) service was unexpectedly terminated.

Routing and Remote Access service unexpected termination

The Routing and Remote Access service was unexpectedly terminated.

Routing and Remote Access service monitor

The Routing and Remote Access service is not running.

Authentication or accounting failures

The Routing and Remote Access service encountered an error while performing authentication or accounting.

Configuration failures

Internet Group Management Protocol version 2 (IGMPv2) detected a configuration failure.

IPsec related failures

The connection attempt failed because an IPsec-compatible certificate was not found.

Packet filter related failure

The Routing and Remote Access service encountered an error while configuring a packet filter.

IPCP negotiation failure

The Routing and Remote Access service encountered an error while assigning an IP address to dial-in client(s) during IP Control Protocol (IPCP) negotiation.

Memory Allocation Monitor

The Routing and Remote Access service could not start or is not fully functional because of a memory allocation failure.

Memory allocation failure

The network address translation (NAT) protocol encountered a memory allocation failure.

No more licenses monitor

A user was unable to connect to the RRAS server because the server exceeded its client license limit.

Port open failures

The Routing and Remote Access service or the Remote Access Connection Manager service encountered an error while opening a port for remote access.

Performance Monitoring Scenarios

The RRAS Management Pack includes performance counters to let the administrator monitor the performance statistics for the RRAS server. The following table outlines these performance counters:

Performance Counter Description

Number of Active Connections

The total number of currently active remote access connections.

Total Errors

The total number of CRC, timeout, serial overrun, alignment, and buffer overrun errors for this connection.

Alignment Errors

The total number of alignment errors for this connection. Alignment errors occur when a byte received is different from the byte expected.

Buffer Overrun Errors

The total number of buffer overrun errors for this connection. Buffer overrun errors occur when the software cannot handle the rate at which data is received.

Bytes Received

The total number of bytes received for this connection.

Bytes Received/Sec

The number of bytes received per second.

Bytes Transmitted

The total number of bytes transmitted for this connection.

Bytes Transmitted/Sec

The number of bytes transmitted per second.

CRC Errors

The total number of cyclic redundancy check (CRC) Errors for this connection. CRC errors occur when the frame received contains erroneous data.

Frames Received

The total number of data frames received for this connection.

Frames Received/Sec

The number of frames received per second.

Frames Transmitted

The total number of data frames transmitted for this connection.

Frames Transmitted/Sec

The number of frames transmitted per second.

Percent Compression In

The compression ratio for bytes being received.

Percent Compression Out

The compression ratio for bytes being transmitted.

Serial Overrun Errors

The total number of serial overrun errors for this connection. Serial overrun errors occur when the hardware cannot handle the rate at which data is received.

Timeout Errors

The total number of timeout errors for this connection. Timeout errors occur when an expected frame is not received in time.

Total Errors/Sec

The total number of CRC, timeout, serial overrun, alignment, and buffer overrun errors per second.

Event Monitoring Scenarios

The RRAS Management Pack includes event monitoring to let the administrator monitor the erroneous configuration or errors that occur during runtime on the RRAS server. The following table outlines these events:

Note

Parameters shown as %1, %2, and so on represent event details that are provided in the event message.

Event Description

Rasman - PPP initialization failure

The Remote Access Connection Manager service failed to start because it encountered an error while loading RASPPP.dll.

Ras connection failure

The user’s connection to the RRAS server was terminated.

Configuration failure

The Routing and Remote Access service failed to start because of an invalid configuration.

Interface Initialization failure

The Routing and Remote Access service failed to load or create an interface.

Some interfaces not working

The Routing and Remote Access service encountered an error while performing an operation on the interface.

Demand dial connection failed

The Routing and Remote Access service failed to establish the demand-dial connection.

Configuration change for authentication

The Routing and Remote Access service detected a change in configuration. This may affect the connectivity of already connected user(s).

Out of memory error

The Routing and Remote Access service could not start or is not fully functional because of memory allocation failure.

Authentication/Accounting failure

The Routing and Remote Access service encountered an error while performing authentication or accounting.

Loading RAS supporting modules failure

The Routing and Remote Access service could not start because it failed to load and initialize one of the RAS DLLs.

Hardware device error

The connection attempt failed because the device that is connected to the port is not responding.

Control Protocol initialization failure

The Routing and Remote Access service failed to start because it encountered an error in the PPP Link Control Protocol initialization.

No more licenses

A user was unable to connect to the RRAS server because the server exceeded its client license limit.

Rasman port open failure

The Routing and Remote Access service or the Remote Access Connection Manager service encountered an error while opening a port for remote access.

Rasman Service initialization failure

The Routing and Remote Access service could not start because of an initialization failure.

Multicast failure

The Routing and Remote Access service encountered a problem in multicasting.

Rasman service init error

The Remote Access Connection Manager service failed to start due to initialization failure.

RemoteAccess - PPP initialization failure

The Routing and Remote Access service failed to start because it encountered an error in the initialization of the Point-to-Point Protocol (PPP).

The service failed to start or terminated unexpectedly

The Routing and Remote Access service failed to start.

IPCP negotiation failure

The Routing and Remote Access service encountered an error assigning an IP address to dial-in clients during IP Control Protocol (IPCP) negotiation.

Loading 3rd Party DLL failure

The Routing and Remote Access service failed to start because it encountered an error while loading a vendor’s administration or security DLL.

Registry operation failure

The Routing and Remote Access service could not start because it could not access one or more required registry values.

IPsec related failures

The connection attempt failed because RRAS could not locate a suitable IPsec computer certificate.

External error

The Routing and Remote Access service encountered an error while trying to revert impersonation.

Packet filter related failure

The Routing and Remote Access service encountered an error while configuring a packet filter.

Discarded packet from peer

Internet Group Management Protocol version 2 (IGMPv2) discarded one or more packets from the peer router.

Protocol initialization failure

Internet Group Management Protocol version 2 (IGMPv2) encountered an error during initialization.

Socket operation failure

Internet Group Management Protocol version 2 (IGMPv2) encountered an error in socket operation.

Multicast join failure

Internet Group Management Protocol version 2 (IGMPv2) could not join to the multicast group.

Router manager's entry point to protocol failures

Internet Group Management Protocol version 2 (IGMPv2) encountered an error in a callback function to the router manager.

Configuration failure

Internet Group Management Protocol version 2 (IGMPv2) detected a configuration failure.

Issues with IGMP configured as RAS client

Internet Group Management Protocol version 2 (IGMPv2) encountered an error while connecting or disconnecting RAS client.

MGM operation failure

Internet Group Management Protocol version 2 (IGMPv2) encountered an error while registering with Multicast Group Manager (MGM).

RTM routes addition failure

Routing Information Protocol version 2 (RIPv2) failed to add routes to the Routing Table Manager (RTM).

Route ignored

Routing Information Protocol version 2 (RIPv2) ignored one or more routes advertised by a neighbor.

Socket operation failure

Routing Information Protocol version 2 (RIPv2) encountered an error in a socket operation.

Sending packets to peer failed

Routing Information Protocol version 2 (RIPv2) failed to send packets to the peer router.

Router manager's entry point to protocol failed

Routing Information Protocol version 2 (RIPv2) encountered an error in a callback function to the router manager.

External failure

The Routing Information Protocol version 2 (RIPv2) encountered an external error.

Protocol Initialization failure

Routing Information Protocol version 2 (RIPv2) encountered an error during initialization.

Discarded packet from peer

The Routing Information Protocol version 2 (RIPv2) discarded one or more packets from the peer router.

DHCP allocator failure

The DHCP allocator component of NAT encountered an error.

DNS proxy failure

The DNS proxy agent component of NAT encountered an error.

Packet discarded

The DHCP allocator component of NAT discarded a packet from client.

Socket operation failure

One of the components of the NAT encountered an error in a socket operation.

NAT failure

The network address translation (NAT) protocol encountered a configuration error.

Memory allocation failure

The network address translation (NAT) protocol encountered a memory allocation failure.

Discarded packet from peer

The DHCP Relay Agent discarded one or more packets from the peer.

DHCP relay failure

The DHCP Relay Agent encountered an error relaying a DHCP request or reply.

Router manager's entry point to protocol failed

The DHCP Relay Agent encountered an error in a callback function to the router manager.

Socket operation failure

The DHCP Relay Agent (IPBOOTP) encountered an error in socket operation.

Protocol initialization failure

The DHCP Relay Agent (IPBOOTP) encountered an error during initialization.

Routing protocol's entry point to MGM failed

Multicast Group Manager encountered an error during routing protocol registration or while enabling a routing protocol on an interface.

Routing protocol registration failure

The routing protocol registration with Multicast Group Manager failed.

Router manager's entry point to MGM failed

Multicast Group Manager (MGM) encountered an error in a callback function to the router manager.

Initialization failure

The Multicast Group Manager (MGM) encountered an error during initialization.

Unable to process MOBIKE update

Unable to process MOBIKE update for connection named %2. The error code returned is %3.

Disabling PPP AUTH on port

Disabling PPP AUTH for %2\\%3 on port %4.

SSTP client certificate missing

The certificate that is used for Secure Socket Tunneling Protocol (SSTP) is missing. You should configure a new certificate for SSTP or use default configuration.

SSTP wrong certificate configuration

The certificate hash that is used for Secure Socket Tunneling Protocol (SSTP) %1 is different than the certificate bound %2 to the Web listener (HTTP.sys). Configure SSTP to use the default certificate or the certificate that is bound to SSL. You can configure Web server applications to use the same certificate that is used by SSTP.

SSTP cookie add failure

Secure Socket Tunneling Protocol (SSTP) service could not configure the VPN server-specific cookies.

No network protocols were successfully negotiated

The user %2 connected to port %3 has been disconnected because no network protocols were successfully negotiated.

PPP Error on Port

The following error occurred in the Point-to-Point Protocol module on port: %2, UserName: %3. %4.

CallBack Failure

The remote access server’s attempt to callback user %2 on port %3 at %4 failed because of the following error: %5.

Cannot receive initial data on port

Cannot receive initial data on port %2 because of the following error: %3 The user has been disconnected.

License Limit Exceeded

A user was unable to connect on a port. No more connections can be made to this remote computer because the computer has exceeded its client license limit.

Tasks

After you import the RRAS Management Pack, a number of tasks are available in the Operations Manager Operations console. The following table describes these tasks:

Task Name Description

Computer Management

This task opens the Computer Management snap-in.

Event Viewer

This task opens the Windows Event Viewer.

Ping

This task pings the computer name of the selected computer.

Remote Desktop

This task opens a Remote Desktop session to the selected computer.