TMG 2010 VPN selective connection problem

Hi,

I've two TMG2010 servers, both are domain members and independent of each other i.e. they don't belong to an array.

VPN(PPTP) is enabled on each server for external users.

I recently found a problem getting a VPN connection from home cable connection to TMG server2 only.

The error is eventid 20227 ...The error code returned on failure is 806 = Error_VPN_GRE_Blocked "A connection between between your computer and the VPN server has been started, but the VPN connection cannot be completed...at least one Internet device is not configured to allow GRE protocol..."

No problem with getting a VPN connection to TMG server1 which has an identical set up.

Connected a laptop from work to my home network and the same behaviour was reproduced - no VPN to TMG server2 but connected fine to TMG server1

Same laptop on 3G mobile broadband connection got VPNs to both TMG server1 and TMG server2 with no issues.

As far as I know, no users have this problem.

Network trace below(TMG Server2 VPN NOK) shows client sending an Ack and Ack,Reset at frame 15 and 16, respectively.

My question is how an  Internet connection can cause a VPN connection problem to only one of two identically configured VPN servers.

Would appreciate any help.

cheers,

soon

########################################TMG Server2 VPN NOK
6 19:21:51.3314150 1.0364150  192.168.0.9 xxx.yyy.172.23 TCP TCP:Flags=......S., SrcPort=48997, DstPort=1723, PayloadLen=0, Seq=1444999364, Ack=0, Win=8192 ( Negotiating scale factor 0x2 ) = 8192 {TCP:7, IPv4:6}
7 19:21:51.5536830 1.2586830  xxx.yyy.172.23 192.168.0.9 TCP TCP:Flags=...A..S., SrcPort=1723, DstPort=48997, PayloadLen=0, Seq=1083099859, Ack=1444999365, Win=8192 ( Negotiated scale factor 0x8 ) = 2097152 {TCP:7, IPv4:6}
8 19:21:51.5539950 1.2589950  192.168.0.9 xxx.yyy.172.23 TCP TCP:Flags=...A...., SrcPort=48997, DstPort=1723, PayloadLen=0, Seq=1444999365, Ack=1083099860, Win=16560 (scale factor 0x2) = 66240 {TCP:7, IPv4:6}
9 19:21:51.5543270 1.2593270  192.168.0.9 xxx.yyy.172.23 PPTP PPTP:Control Message , Start Control Connection Request {TCP:7, IPv4:6}
10 19:21:51.6491200 1.3541200  xxx.yyy.172.23 192.168.0.9 PPTP PPTP:Control Message , Start Control Connection Reply {TCP:7, IPv4:6}
11 19:21:51.6493710 1.3543710  192.168.0.9 xxx.yyy.172.23 PPTP PPTP:Control Message , Outgoing Call Request {TCP:7, IPv4:6}
12 19:21:51.7454680 1.4504680  xxx.yyy.172.23 192.168.0.9 PPTP PPTP:Control Message , Outgoing Call Reply {TCP:7, IPv4:6}
15 19:21:51.9475480 1.6525480  192.168.0.9 xxx.yyy.172.23 TCP TCP:Flags=...A...., SrcPort=48997, DstPort=1723, PayloadLen=0, Seq=1444999689, Ack=1083100048, Win=16513 (scale factor 0x2) = 66052 {TCP:7, IPv4:6}
16 19:21:52.0567550 1.7617550  192.168.0.9 xxx.yyy.172.23 TCP TCP:Flags=...A.R.., SrcPort=48983, DstPort=1723, PayloadLen=0, Seq=676886934, Ack=844414815, Win=0 {TCP:13, IPv4:6}
17 19:21:52.0774480 1.7824480  192.168.0.9 xxx.yyy.172.23 PPTP PPTP:Control Message , Set Link Info {TCP:7, IPv4:6}
18 19:21:52.0946790 1.7996790  192.168.0.9 xxx.yyy.172.23 LCP LCP:Configure-Request, ID = 0, Length = 21 {IPv4:6}
19 19:21:52.3655510 2.0705510  xxx.yyy.172.23 192.168.0.9 TCP TCP:Flags=...A...., SrcPort=1723, DstPort=48997, PayloadLen=0, Seq=1083100048, Ack=1444999713, Win=258 (scale factor 0x8) = 66048 {TCP:7, IPv4:6}
24 19:21:54.1171570 3.8221570  192.168.0.9 xxx.yyy.172.23 LCP LCP:Configure-Request, ID = 1, Length = 21 {IPv4:6}
27 19:21:57.1586400 6.8636400  192.168.0.9 xxx.yyy.172.23 LCP LCP:Configure-Request, ID = 2, Length = 21 {IPv4:6}
32 19:22:01.2145970 10.9195970  192.168.0.9 xxx.yyy.172.23 LCP LCP:Configure-Request, ID = 3, Length = 21 {IPv4:6}
36 19:22:05.2706080 14.9756080  192.168.0.9 xxx.yyy.172.23 LCP LCP:Configure-Request, ID = 4, Length = 21 {IPv4:6}
39 19:22:09.3265300 19.0315300  192.168.0.9 xxx.yyy.172.23 LCP LCP:Configure-Request, ID = 5, Length = 21 {IPv4:6}
40 19:22:13.3823740 23.0873740  192.168.0.9 xxx.yyy.172.23 LCP LCP:Configure-Request, ID = 6, Length = 21 {IPv4:6}
41 19:22:17.4383530 27.1433530  192.168.0.9 xxx.yyy.172.23 LCP LCP:Configure-Request, ID = 7, Length = 21 {IPv4:6}
43 19:22:21.4943550 31.1993550  192.168.0.9 xxx.yyy.172.23 LCP LCP:Configure-Request, ID = 8, Length = 21 {IPv4:6}
45 19:22:25.5502790 35.2552790  192.168.0.9 xxx.yyy.172.23 LCP LCP:Configure-Request, ID = 9, Length = 21 {IPv4:6}
47 19:22:29.6117870 39.3167870  192.168.0.9 xxx.yyy.172.23 PPTP PPTP:Control Message , Call Clear Request {TCP:7, IPv4:6}
48 19:22:30.0483920 39.7533920  xxx.yyy.172.23 192.168.0.9 TCP TCP:Flags=...A...., SrcPort=1723, DstPort=48997, PayloadLen=0, Seq=1083100048, Ack=1444999729, Win=257 (scale factor 0x8) = 65792 {TCP:7, IPv4:6}
49 19:22:30.6729180 40.3779180  192.168.0.9 xxx.yyy.172.23 PPTP PPTP:Control Message , Stop Control Connection Request {TCP:7, IPv4:6}
50 19:22:30.7648110 40.4698110  xxx.yyy.172.23 192.168.0.9 PPTP PPTP:Control Message , Stop Control Connection Reply {TCP:7, IPv4:6}

########################################TMG Server1 VPN OK
1 19:23:12.4708550 0.0008550  B036744  xxx.yyy.172.3 TCP TCP:Flags=......S., SrcPort=49000, DstPort=1723, PayloadLen=0, Seq=2980913856, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192 {TCP:2, IPv4:1}
2 19:23:12.7521680 0.2821680  xxx.yyy.172.3 B036744  TCP TCP:Flags=...A..S., SrcPort=1723, DstPort=49000, PayloadLen=0, Seq=4254040641, Ack=2980913857, Win=8192 ( Negotiated scale factor 0x8 ) = 2097152 {TCP:2, IPv4:1}
3 19:23:12.7523860 0.2823860  B036744  xxx.yyy.172.3 TCP TCP:Flags=...A...., SrcPort=49000, DstPort=1723, PayloadLen=0, Seq=2980913857, Ack=4254040642, Win=258 (scale factor 0x8) = 66048 {TCP:2, IPv4:1}
4 19:23:12.7525770 0.2825770  B036744  xxx.yyy.172.3 PPTP PPTP:Control Message , Start Control Connection Request {TCP:2, IPv4:1}
5 19:23:12.8092220 0.3392220  xxx.yyy.172.3 B036744  PPTP PPTP:Control Message , Start Control Connection Reply {TCP:2, IPv4:1}
6 19:23:12.8094770 0.3394770  B036744  xxx.yyy.172.3 PPTP PPTP:Control Message , Outgoing Call Request {TCP:2, IPv4:1}
7 19:23:12.8659780 0.3959780  xxx.yyy.172.3 B036744  PPTP PPTP:Control Message , Outgoing Call Reply {TCP:2, IPv4:1}
10 19:23:13.0705330 0.6005330  B036744  xxx.yyy.172.3 TCP TCP:Flags=...A...., SrcPort=49000, DstPort=1723, PayloadLen=0, Seq=2980914181, Ack=4254040830, Win=258 (scale factor 0x8) = 66048 {TCP:2, IPv4:1}
11 19:23:13.1630800 0.6930800  B036744  xxx.yyy.172.3 PPTP PPTP:Control Message , Set Link Info {TCP:2, IPv4:1}
12 19:23:13.1782960 0.7082960  B036744  xxx.yyy.172.3 LCP LCP:Configure-Request, ID = 0, Length = 21 {IPv4:1}
13 19:23:13.2640750 0.7940750  xxx.yyy.172.3 B036744  LCP LCP:Configure-Request, ID = 0, Length = 53 {IPv4:1}
14 19:23:13.2645930 0.7945930  xxx.yyy.172.3 B036744  LCP LCP:Configure-Ack, ID = 0, Length = 21 {IPv4:1}
15 19:23:13.2654040 0.7954040  B036744  xxx.yyy.172.3 LCP LCP:Configure-Reject, ID = 0, Length = 31 {IPv4:1}
16 19:23:13.3659820 0.8959820  xxx.yyy.172.3 B036744  LCP LCP:Configure-Request, ID = 1, Length = 26 {IPv4:1}
17 19:23:13.3670540 0.8970540  B036744  xxx.yyy.172.3 GRE GRE:Protocol = PPP, Flags = ..K.....A....... Version 1 , Length = 0x0 , CallID = 0x684b {IPv4:1}
18 19:23:13.3672670 0.8972670  B036744  xxx.yyy.172.3 LCP LCP:Configure-Ack, ID = 1, Length = 26 {IPv4:1}
19 19:23:13.3677970 0.8977970  B036744  xxx.yyy.172.3 LCP LCP:Identification, ID = 1, Length = 18 {IPv4:1}
20 19:23:13.3679920 0.8979920  B036744  xxx.yyy.172.3 LCP LCP:Identification, ID = 2, Length = 23 {IPv4:1}
21 19:23:13.3682340 0.8982340  B036744  xxx.yyy.172.3 LCP LCP:Identification, ID = 3, Length = 24 {IPv4:1}
22 19:23:13.4687500 0.9987500  xxx.yyy.172.3 B036744  PPTP PPTP:Control Message , Set Link Info {TCP:2, IPv4:1}
23 19:23:13.4689370 0.9989370  B036744  xxx.yyy.172.3 PPTP PPTP:Control Message , Set Link Info {TCP:2, IPv4:1}