Community Record
5
Posts
0
Kudos
0
Solutions
Badges
Jul 30 2020
8:44 PM
@cmr Thanks for the suggestions, we have a couple of users who are known to have this problem on an almost daily basis, so we can take a look at their laptops to see if we see any of these things. Regarding the errors on the Meraki log, do you know if these types of errors would be caused by drivers/ethernet configuration settings on the client device or is there something else we should be looking for while on there? And yes, we have a few users who have very slow internet and they are either forced to use other means (I.E. Verizon Jetpacks, mobile hot spot) or they have to work offline most of the time and then only connect just to do something like upload or download a file. I'd agree that a remote desktop / virtualization solution would be more ideal for them. But unfortunately that's something I can only push for at my organization; so I am not sure that can be implemented any time soon.
... View more
Jul 30 2020
11:40 AM
We have an MX400 for our office that has about ~150 clients who have been using it more heavily the last few months due to pandemic requiring people to work remotely. Over the past few months I have been noticing a lot more error messages in our in-house software and support tickets that are caused by the client VPN connections dropping while the users are in the middle of something on their machines. Since I am a software developer and not a network technician, I am not sure what exactly to look for regarding error messages in the Meraki logs and/or what specifically to look into regarding network hardware or other places to troubleshoot. From what I have seen, there are error messages in the Meraki logs like this: Jul 30 14:32:12 Non-Meraki / Client VPN negotiation msg: invalid DH group 20.
Jul 30 14:32:12 Non-Meraki / Client VPN negotiation msg: received broken Microsoft ID: MS NT5 ISAKMPOAKLEY
Jul 30 14:32:12 Non-Meraki / Client VPN negotiation msg: IPsec-SA established: ESP/Transport 50.203.224.2[4500]->173.53.85.213[4500] spi=2374324258(0x8d855022)
Jul 30 14:32:12 Non-Meraki / Client VPN negotiation msg: IPsec-SA established: ESP/Transport 50.203.224.2[4500]->173.53.85.213[4500] spi=185953308(0xb156c1c)
Jul 30 14:32:12 Non-Meraki / Client VPN negotiation msg: ISAKMP-SA established 50.203.224.2[4500]-173.53.85.213[4500] spi:3ca688435499ae07:5fd9637ed1aa3a5a
Jul 30 14:32:12 Non-Meraki / Client VPN negotiation msg: invalid DH group 19.
Jul 30 14:32:12 Non-Meraki / Client VPN negotiation msg: invalid DH group 20.
Jul 30 14:32:12 Non-Meraki / Client VPN negotiation msg: received broken Microsoft ID: MS NT5 ISAKMPOAKLEY
Jul 30 14:32:12 Non-Meraki / Client VPN negotiation msg: IPsec-SA established: ESP/Transport 50.203.224.2[4500]->73.147.101.13[4500] spi=3890187224(0xe7df8bd8)
Jul 30 14:32:12 Non-Meraki / Client VPN negotiation msg: IPsec-SA established: ESP/Transport 50.203.224.2[4500]->73.147.101.13[4500] spi=147378926(0x8c8d2ee)
Jul 30 14:32:12 Non-Meraki / Client VPN negotiation msg: ISAKMP-SA established 50.203.224.2[4500]-73.147.101.13[4500] spi:4077f2d5d83196e3:630fa977928bbf01
Jul 30 14:32:12 Non-Meraki / Client VPN negotiation msg: invalid DH group 19.
Jul 30 14:32:12 Non-Meraki / Client VPN negotiation msg: invalid DH group 20.
Jul 30 14:32:12 Non-Meraki / Client VPN negotiation msg: received broken Microsoft ID: MS NT5 ISAKMPOAKLEY However I am not entirely sure if this is a symptom of the issue or if this is just noise. The issue seems to typically occur with users who are connected to the VPN via wifi and not via ethernet. For example on my home PC, I have an ethernet connection and I can remain signed into the VPN for days without any disconnect. The users on wifi however will experience a disconnect after seemingly any length of time. At this point, I am looking for any suggestions on what to troubleshoot or investigate. I also would like to know if anyone thinks that this may be due to the fact the users are using poor wifi connections and that may be the more likely cause. Any help or advice would be greatly appreciated.
... View more
Apr 19 2020
1:45 AM
Thanks for the answer! I appreciate it, and it's awesome to learn something new. I'll share this with the rest of my team and let them know may we need to update our powershell script.
... View more
Apr 19 2020
1:24 AM
Hi Phillip, No the VPN connection did not have the domain suffix defined. After I added that, it looks like I can now access resources without having to specify the FQDN. Host names work again. I'll probably need to test to make sure LDAP works correctly too, but I think you may have just done me a huge favor. Thanks. And yes, the metric was set to the lowest. Out of curiosity, do you know if it's a best practice to specify the domain suffix anyways with the meraki client regardless as to whether or not the machine is actually joined to the domain in question? We have been using a powershell script to deploy it to other machines (both domain joined and non domain joined because we have some part time employees who work for multiple companies and they bring their own devices) and the one we have been using doesn't specify the domain suffix.
... View more
Apr 18 2020
7:58 PM
For some reason, starting earlier this month or late last month, Microsoft changed something with Windows 10 where it is now not correctly resolving DNS when you are connected with a VPN. Previously, I was able to connect to our Meraki VPN via the Windows 10 client or Rasphone and it would properly resolve the DNS server and I could browse to network resources. Now I have to enter in the full domain name for a network resource to use RDP or use file explorer (I.E. To access a computer via RDP I have to enter in MyComputer.MyDomain instead of just MyComputer). I have brought this up on the Feedback hub and also the MS Tech Community and unfortunately no one from MS has responded. At least one other person has mentioned they are now having DNS resolution issues with the insider builds. I know that this is to be expected with the insider builders, but my main fear is that this is going to leak its way into the 20h1 update and cause a lot of havoc. Has anyone else been having this problem and have they found any work arounds or changes that need to be made due to "undocumented" changes in Windows with the insider builds?
... View more