Presentation is loading. Please wait.

Presentation is loading. Please wait.

Remote Access Service VPN Client 2 Technical Support Presentation March, 2014 – Version 1.1 1.

Similar presentations


Presentation on theme: "Remote Access Service VPN Client 2 Technical Support Presentation March, 2014 – Version 1.1 1."— Presentation transcript:

1 Remote Access Service VPN Client 2 Technical Support Presentation March, 2014 – Version 1.1 1

2 Overview  Purpose Provide troubleshooting, tips and tricks and additional information on specific VPN client function for the Novartis CONNECT client  Scope VPN Client_2.0_L_EN_01 package  Audience Novartis IT Service Desk’s providing support to Remote Access users  Presentation ownership Pascal Heiniger Global Service Manager Mobility Application Services services/security-infrastructure-services/index.shtml RAS | VPN Client 2 Technical Support | Business Use Only2

3 TROUBLESHOOTING TIPS & TRICKS RAS | VPN Client 2 Technical Support | Business Use Only 3

4 Troubleshooting VPN Client Quick Check – Step 1  Perform the quick check as standard ‘intro’ into the troubleshooting process Verify that the Connection Wizard icon is visible in the system tray Verify that the user can login with his Entrust certificate  Remediation Reboot the client Re-install the VPN Client package RAS | VPN Client 2 Technical Support | Business Use Only4

5 Troubleshooting VPN Client Quick Check – Step 2  Run a “Check for Topology Update” to ensure the client has the latest update installed  The “Check for Topology Update” is working from the Novartis Intranet as well as from a direct Internet (no VPN) and from a regular VPN connection  If the client is connected directly to the Internet and an update is not possible double-check the proxy settings. Disable the static proxy if set through the red button in the Internet explorer  Note: the “Check for Topology Update” also restarts the VPN Client and therefore resolve issues related to the VPN stack RAS | VPN Client 2 Technical Support | Business Use Only5

6 Troubleshooting VPN Client Quick Check – Step 3  Verify that the user can login with his Entrust certificate  Double-check that the user Client Authentication certificate is available in the store and that the certificate is valid  Remediation See PKI troubleshooting guidelines RAS | VPN Client 2 Technical Support | Business Use Only6

7 Troubleshooting Internet Connectivity Check – Step 4  Ensure that an IP4 address is assigned to the client  Verify that resolves against the public IP (time of writing )  Remediation Check cabling or WLAN association Check router Double-check that the client is not switching between WLAN’s (e.g. neighborhood) Reboot the client RAS | VPN Client 2 Technical Support | Business Use Only7

8 Troubleshooting Internet Connectivity Check – Step 5  Open the browser. Verify that the proxy is disabled and check if is reachable  Remediation Check cabling or WLAN association Check router Double-check that the client is not switching between WLAN’s (e.g. neighborhood) Reboot the client RAS | VPN Client 2 Technical Support | Business Use Only8

9 Troubleshooting VPN Client Installation Check – Step 6  Verify that the following services are started: ‘AppLife Update Service 2.0‘ ‘Check Point EndPoint Security VPN’ ‘Connection Wizard Helper’  Verify that the following processes are running under the user context Cwclient.exe  Remediation Ensure that the services are set to ‘Automatic’ startup type. Restart the services (requires local admin rights) Launch ‘Connect VPN’ from the Utilities folder Reboot the client RAS | VPN Client 2 Technical Support | Business Use Only9

10 Troubleshooting VPN Client Installation Check – Step 7  Verify that the c:\Program Files\CheckPoint\EndPoint Connect folder includes several trac.config files (e.g. trac.config_chbs, trac.config_useh, …)  Double-check that the gateway list is populated within the ‘Connection Wizard’ Gateway list should include at least two or more gateways (see sample screenshot)  Remediation Run ‘Check for Topology Update’ from the Support menu Re-Install the VPN client package RAS | VPN Client 2 Technical Support | Business Use Only10

11 Troubleshooting VPN Client Installation Check – Step 8  Verify that the file ‘cwservice.exe.config’ exists in the..\cwizard folder  Verify that the file ‘mapg.vbs’ exists in the..\cwizard folder  Remediation Re-install the VPN client package RAS | VPN Client 2 Technical Support | Business Use Only11

12 Tip Terminate the Connection Wizard  If the ‘Connection Wizard’ seems to be stuck or the Connection does not reflect the current client connectivity Terminate the ‘Connection Wizard’ clicking on close while holding the CTRL key (don‘t forget to restart the ‚Connection Wizard‘) Terminating the Connection Wizard will automatically launch the CheckPoint EndPoint Connect GUI RAS | VPN Client 2 Technical Support | Business Use Only12 Hold CTRL Key

13 Tip Internet Router and Firewall  Ensure that the latest firmware is running on the device  Ensure that the client is not ‘jumping’ between WLAN’s  Ensure the following ports and protocols are not blocked from the device - TCP/264 (Topology Download) - IKE - IPSEC and IKE (UDP on port 500) - IPSEC ESP (IP type 50) - IPSEC AH (IP type 51) - TCP/500 (if using IKE over TCP) - UDP 2746 or another port (if using UDP encapsulation) - UDP 259  Optional: - FW1_scv_keep_alive (UDP port 18233) used for SCV keep-alive packets - FW1_pslogon_NG (TCP port 18231) used for SecureClient's logon to Policy Server protocol - FW1_sds_logon (TCP port 18232) used for SecureClient's Software Distribution Server download protocol - tunnel_test (UDP port 18234) used by Check Point tunnel testing application RAS | VPN Client 2 Technical Support | Business Use Only13

14 Tip Command Line Topology Update  CwUpdate.exe can be executed from c:\program files\cwizard with user rights from a DOS shell or through the file explorer  Two command options are available /f to force an update of the topologies /v to force an update to a specific version of the topologies (not preferred) Without command line options the topology information is retrieved from the tpversion.xml located in the c:\program files\CheckPoint\Endpoint Connect folder  A restart of the client is not required however recommended to ensure the new topology is applied  Alternatively switch to an other gateway and then back to the original one RAS | VPN Client 2 Technical Support | Business Use Only14

15 Tip NVS Helpdesk Tool Integration  Two sections are added to the NVS Helpdesk tool:  VPN Client Software and topology update version Topology update history (last 10 events)  VPN Client Performance Information about the last VPN connection including reported error Total amount of successfull/failed VPN connections on the client  Note: The NVS Helpdesk tool configuration file must be update to display this information RAS | VPN Client 2 Technical Support | Business Use Only15

16 Tip Version Information  The ‘About’ Dialog box displays now The Connection Wizard Version The topology update history (all updates)  Note: The client version and the topology version does not neccessary match because of the different lifecycles

17 Tip Recover Client / Reinstall  The embedded PDF describes how to recover a failed VPN installation Document Version 1.1 from 11. February 2014  To recover or update a VPN installation Don’t perform a repair (this will leave the client in an un- configured state) Instead fully uninstall, reboot and re-install the client

18 Tip SharePoint Access Denied Issue  The update/issue of Kerberos tickets might fail on certain routers/providers because of the name resolution behavior of the Windows client and the router  In such cases please set the following registry key’s on the client: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ Parameters -REG_DWORD = MaxPacketSize value = „1“ HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Para meters -REG_DWORD = MaxPacketSize value = „1“  Please note, this remediation is recommended only in case the user experiences access denied issues on SharePoint while all other resources (e.g. Intranet, Outlook etc.) are working well

19 TECHNICAL FEATURES RAS | VPN Client 2 Technical Support | Business Use Only19

20 Technical Features Connect G: Drive  The connect and disconnect G: drive executes the script mapg.vbs in the..\cwizard folder  The menu options Connect G: drive is enabled if a VPN connection is established and no G: drive is connected Disconnect G: drive is enabled if a G: drive is connected but no Novartis Intranet detected RAS | VPN Client 2 Technical Support | Business Use Only20

21 Technical Features Reconnect after Resume  The dialogue box is presented to the user if: the client is coming back from a standby or hibernate the client is not connected to the Novartis Intranet the client has an Internet connection a VPN connection was established at the time the client went into standby or hibernate  The dialogue box is active for 90 seconds. After this time the dialog box is closed and no reconnection is performed RAS | VPN Client 2 Technical Support | Business Use Only21

22 Technical Features Support Button  The ‘Check for topology update’ check for new versions of the Connection Wizard and of the topology. This works also directly over the Internet (no VPN connection required)  Client and service logs (attention, extensive) are available over the Support menu. There are two log files available The client log shows logs recorded from the CW GUI The service log shows log recorded from the CW service RAS | VPN Client 2 Technical Support | Business Use Only22

23 Technical Features Cancel Button  During the establishment of the VPN connection the user has the opportunity to cancel the connection  The cancel request will stop the current connection attempt and issue a rescan of the client network connectivity RAS | VPN Client 2 Technical Support | Business Use Only23


Download ppt "Remote Access Service VPN Client 2 Technical Support Presentation March, 2014 – Version 1.1 1."

Similar presentations


Ads by Google