WinGate Forums

[Aman]

is there an issue with wingate and windows 2003 server? I installed wingate on my new 2003 server with exactly same configuration from before as on windows 2000 server. After the installation I am not able to get into the Gatekeeper. It tells me to check my server name or port number. I am also using Mdaemon as my mail server. I have disabled the wingate mail server and also the NAT feature of the Windows 2003 server in case it was conflicting with the Wingate. any solutions?

[ritesh]

Hi, I think it is got to do with the following issue, pls verify the following. It is mentioned by Adrien in "Sticky: Most Common WinGate issues"

1. (Most common) Wrong adapter usage setting.
---------------------------------------------
In WinGate 6.0 everything is based on adapter usage. Adapter usage is shown in the Network tab in GateKeeper. It can be modified for an adapter by double clicking the adapter, and editing the usage.

The adapter usage affects:
a) service bindings (by default services do not bind to external adapters)
b) firewall (incoming packets from networks connected to external adapters are blocked by default)
c) NetBIOS name lookups (these are blocked outbound by default over external adapters).
d) NAT operation - NAT only operates from an Internal adapter to an External one.
e) VPN routes. By default WinGate does not publish network routes for networks connected to external adapters.
f) RIP broadcasts. RIP broadcasts are only sent out over internal adapters

The reason this is affecting so many people is because of the way WinGate 6.0 build 995 and prior versions assumed an adapter is to be used. In those versions, any adapter that has a default gateway associated with it will be assumed as external. We changed this with build 1000 because of the number of support incidents this caused.

SYMPTOMS:
i) customer installs WinGate 6.0 and their WinGate machine is no longer accessible from the network (due to (b) above)
ii) with firewall disabled, customer can't get services to bind to adapters.
iii) WinGate machine itself cannot access local network resources (due to (c) above
iv) VPNs can only access the WinGate server itself, not other machines.

CURE:
edit the adapter usage in the Network panel in GateKeeper by double clicking it, and choosing how the adapter should be treated.

[Pascal]

is there an issue with wingate and windows 2003 server? I installed wingate on my new 2003 server with exactly same configuration from before as on windows 2000 server. After the installation I am not able to get into the Gatekeeper. It tells me to check my server name or port number. I am also using Mdaemon as my mail server. I have disabled the wingate mail server and also the NAT feature of the Windows 2003 server in case it was conflicting with the Wingate. any solutions?

From this, I take it you were able to login at one time, but then something changed to prevent you from being able to login? Can you recall when / how that changed?

How did you do the migration from the Windows 2000 server to the Windows 2003 server? How did you disable the Mail Server in WinGate?

[atp]

I have the same situation here. New 2003 server, installed WinGate 6, I could connect for about 5 times.

Now I can't connect with GateKeeper, not even from the console. This is the error it returns: "Connection with WinGate server terminated."

There's no firewall configured on the server, and no other apps like an email server or anything.

Is there something I can do (maybe in registry) to get the connection to work again?

[Pascal]

http://forums.qbik.com/viewtopic.php?t= ... gatekeeper

It could be because of a change to policies (System or otherwise) That post lists a variety of reasons and fixes to get GateKeeper to be open again.

[Aman]

hi pascal,
It is a complete new setup of windows 2003. I disabled the Wingate mail server during the installation period.
It seems like I have someone here wit h identical problem. I could login to gatekeeper for a number of times but now I can't. I even tried uninstalling and re-installing wingate again but I still can't login not even with a blank password.

I even tried re-installing the windows 2003 server,. It worked for a number of times but again same problem occured. I made sure that all the configuration were exactly same as my 2002 server which is running the wingate and Mdaemon.
There is nothing listening on port 808 except 127.0.0.1 when wingate engine is running.
I used Norton antivirus multi-tier protection on windows 2003 while the 2000 server has Mcafee. Could this be an issue? Although I disabled the Norton and checked but without luck.
Please let me know if you can come up with anything.

[Pascal]

Does the remote control service logfile have anything interesting in it?

Most of the time these issues are caused by policy modifications.

[Aman]

nothing really. This is a new installation and I have not used the server at all. I want to make sure that everything is in working order before I use this server. So there has been no policy change of any type.
I just set everything up, tested everything and shut the server down. Over the weekend I had the server up and tested it again and everything seems to work fine but after a number of times I just can't login to the gatekeeper although the Wingate is working fine and the NAT and internet sharing are working fine too.

Right now I am going to start all over over again and keep track of each and every modification that I do on the system. If there is s certain service or policy change affecting my system then I hope to track it down.

It is a domain controller. I will be running IIS, Mdaemon for mail, wingate and Symantec multi-tier antivirus.

Meanwhile if you do have any solutions please advice otherwise I will give you a feedback after everything is complete.

[Aman]

hi Pascal,

I may have found out the cause of my proble. I installed everything fresh and ran the windows 2003 server for a number of days without any problems with the configuration mentioned above.

I was using a different IP on the server because I using the original IP with my 2000 sever. Today I transferred the link from the 2000 server to the 2003 server and everything was working fine and I could login to the gatekeeper. I had unplugged to 2000 server from the network so not to get the Ip conflict before I chaged the IPs on both the servers. While restarting the 2000 server after the IP change, I plugged in the 2003 server but the server detected the IP on the 2000 server before it was shutdown and I receive the IP conflict error on the 2003 server. after that I am not able to login to the gatekeeper. My guess would be the IP conflict. Even after restarting the both the server I am still not able to login. The remote control log has an instance of "Error: Caught socket exception in CRemoteControlSession::InitInstance() Failed password - terminating"

There is nothing wrong with the password. I used the same numerous times during trail before the change of the IPs.

The Wingate Engine monitor has a system message waiting.

I hope something can be done. everything is operating normal except that I am not able to log into the gatekeeper.

[Pascal]

I can't see a reference to which version of WinGate you are using. That sounds vaguely like a binding problem - which could have caused problems before version 6. Any chance you could send me the registry configuration, along with a link to this post (So I can match the email to the forum post) please.

[Pascal]

I just imported that configuration. As per usual, cleared the Administrator password so I could log in, then started up GateKeeper and managed to get in, first time. That's a very unrestricted setup, so I'm very surprised that you are having ANY problems with it - it should all just work perfectly.

Which means it's probably going to be an interaction specific to that machine. The first thing to do would be to see if anything conflicts with WinGate's Remote Control Service.

So - stop the WinGate Engine (Make sure you have something protecting your external connection) Run "netstat -an" from the command line and check to see if anything is conflicting with port 808. (Using it)

Then, restart the WinGate Engine and run the same "netstat -an" again. Using your config on my dev machine, these are the results I got:

Active Connections

Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:809 0.0.0.0:0 LISTENING
TCP 127.0.0.1:80 0.0.0.0:0 LISTENING
TCP 127.0.0.1:808 0.0.0.0:0 LISTENING
TCP 127.0.0.1:808 127.0.0.1:1649 ESTABLISHED
TCP 127.0.0.1:810 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1031 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1255 127.0.0.1:1256 ESTABLISHED
TCP 127.0.0.1:1256 127.0.0.1:1255 ESTABLISHED
TCP 127.0.0.1:1637 127.0.0.1:1638 ESTABLISHED
TCP 127.0.0.1:1638 127.0.0.1:1637 ESTABLISHED
TCP 127.0.0.1:1649 127.0.0.1:808 ESTABLISHED
TCP 127.0.0.1:8010 0.0.0.0:0 LISTENING
TCP 192.168.0.67:80 0.0.0.0:0 LISTENING
TCP 192.168.0.67:139 0.0.0.0:0 LISTENING
TCP 192.168.0.67:1269 192.168.0.98:139 ESTABLISHED
TCP 192.168.0.67:8010 0.0.0.0:0 LISTENING

[Pascal]

Alright, reference for anybody looking at this.

When GateKeeper logs in to WinGate (By default) it uses localhost. By default, GateKeeper only binds to localhost. If your hosts file (In %SystemRoot%\System32\drivers\etc.) points the name localhost to either the internal IP of WinGate (Or as some addware / spyware does - another IP) you will not be able to login.

If the hosts file had been changed for specific reasons, simply use 127.0.0.1 to login to GateKeeper. Obviously, if it's been changed by malware (http://securityresponse.symantec.com/av ... hosts.html being just one example), the appropriate fix will depend on the actual malware.