Third-party Routing and Remote Access management applications may interfere with VPN connections to ISA 2004 (886999)


The information in this article applies to:

  • Microsoft Internet Security and Acceleration Server 2004, Standard Edition
Important This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry

SYMPTOMS

Users cannot use either of the following types of connections to connect to a Microsoft Internet Security and Acceleration (ISA) Server 2004-based computer that is running the Routing and Remote Access service:
  • A Point-to-Point Tunneling Protocol (PPTP) virtual private network (VPN) connection.
  • A Layer-Two Tunneling Protocol (L2TP) VPN connection.
This symptom does not occur if you are using an Internet Protocol security (IPSec) VPN connection.

CAUSE

This issue occurs if a third-party program registers a remote access administration .dll file before the ISA Server 2004 Vpnplgin.dll file is registered.

Note The ISA Server 2004 Vpnplgin.dll file is the VPN plug-in.

RESOLUTION

Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

To resolve this issue, use one of the following methods.

Method 1

Make sure that the ISA Server 2004 Vpnplgin.dll file is registered first among the registered remote access administration .dll files. To do this, follow these steps:
  1. Click Start, click Run, type regedit in the Open box, and then click OK.
  2. Locate and then click the following registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ras\AdminDll

  3. In the right-pane, double-click DllPath.
  4. In the Value data area, make sure that the full path of the Vpnplgin.dll file is displayed first, and then click OK. The full path of the Vpnplgin.dll file is typically "C:\Program Files\Microsoft ISA Server\Vpnplgin.dll".
  5. Locate and then click the following registry subkey:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AuthSrv\Parameters

  6. In the right-pane, double-click AuthorizationDLLs.
  7. In the Value data area, make sure that the full path of the Vpnlgin.dll file is displayed, and then click OK. The full path of the Vpnplgin.dll file is typically "C:\Program Files\Microsoft ISA Server\Vpnplgin.dll".
  8. Quit Registry Editor.

Method 2

Remove the third-party program that lists the first remote access administration .dll file. To confirm that the ISA VPN .dll file is now listed first after you remove the third-party program, follow the steps under Method 1.
Modification Type:MajorLast Reviewed:11/9/2004
Keywords:kbhowto kbprb KB886999 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.