WinGate Forums

[kgoodknecht]

Just upgraded one of my clients to 6.1.4 from 6.1 now he is experiencing FTP upload/download interruptions. Can't even use the FTP proxy at all, get 220 Wingate proxy ready. Using NAT the download stops after just a few minutes at about every 8MB downloaded. He get much better performance with the SOCKS proxy, usually 70-80 MB before the download stops.
Help, my client is getting aggravated, he's been all day trying to get a 244MB file downloaded. He finally got it, but I haven't gotten much elso done today with all the testing, configuring and trying to help him get the file down. Makes me wish I'd left him at 6.1. At least he had no complaints.

[adrien]

Hi Kevin

Which version was he running previously? there have been only a couple of minor changes since 6.1.2 for instance.

As for "220 Wingate proxy ready" that is the standard greeting from the FTP proxy. If you're seeing this in a web browser, then something must have changed on the browser to make it connect to the FTP proxy for FTP instead of the WWW proxy (IE uses an HTTP proxy for proxied FTP connections).

Regards

Adrien

[kgoodknecht]

Hi Kevin

Which version was he running previously? there have been only a couple of minor changes since 6.1.2 for instance.

As for "220 Wingate proxy ready" that is the standard greeting from the FTP proxy. If you're seeing this in a web browser, then something must have changed on the browser to make it connect to the FTP proxy for FTP instead of the WWW proxy (IE uses an HTTP proxy for proxied FTP connections).

Regards

Adrien

I feel dumb now, I think he was running 6.1.1 b1077, IIRC. I installed it shortly after you fixed the POP3 collection and downloaded file corruption (b1056), in the Oct-Nov time span and this was the latest version I had downloaded to his system until recently.
He uses WS FTP for his FTP client, I'm not sure what the proxy settings were that he was using in the client, I don't think he had any proxy settings in the client, because I was using ENS redirects to send everything through the proxy for scanning, but after I installed the new build the settings no longer worked. I've noticed the same behavior on my own installation. I'm not very comfortable with this because the SOCKS proxy doesn't support data scanning.

[adrien]

Ok

I'll have a deeper look and see what may have changed there.

We're close to releasing another maintenance build - to fix primarily issues with windows updates, but have a couple of other minor fixes in there as well.

Adrien

[kgoodknecht]

Ok

I'll have a deeper look and see what may have changed there.

We're close to releasing another maintenance build - to fix primarily issues with windows updates, but have a couple of other minor fixes in there as well.

Adrien

I'm glad to hear that you're fixing the Windows updates, that's another problem I have that I've found a workaround for but I'd rather not have to workaround Wingate.
I had a call from another client this morning, they came in this morning and nodody had internet access. Since there are several laptops on the clients network I had set them up to not use proxies and set up ENS redirection on all the services. It works fine but for some reason NAT just stopped working at 3:39 AM so nobody had any internet until I restarted Wingate at 10:45. This is a new install of Wingate 6.1.4 (7/29/06) on a Win2k server, behind a Netgear router. Everything appeared to be still configured properly and the interfaces were still properly marked for internal and external. But the Wingate NAT was not responding until I restarted the Wingate service. RAS is installed on the server but NAT is not installed in RRAS, the W3SVC is disabled, Wingate DNS is disabled.

I pulled this from the NAT log after I restarted Wingate. It has the last NAT request serviced then what appears to be some type of error when the service started.
08/11/06 03:39:14 192.168.1.228 Guest 0000007640 Traffic 0 288 288 0 36s
08/11/06 10:45:11 Service started
08/11/06 10:45:11 Error: NAT status msg was full; some messages lost

[kgoodknecht]

Here is more information on the problem I reported with NAT.
I seem to be having major issues with the ENS driver when installed on Windows 2000 server. In addition to the problems I noted with NAT failing, the server started experiencing BSODs which appear to have some relationship with the ENS driver. In the two week period after I installed Wingate there was seven complete memory dumps, since I disabled ENS 8 days ago, there have been zero.

All clients were using NAT redirection through the proxies, I first started by configuring the clients to use Proxies for HTTP and POP3 which didn't help. So I disabled the ENS driver, and installed NAT in RRAS for the proxy bypasses so Windowsupdate would work and haven't had a BSOD since.

[labull]

Kevin,

We started having "WinGate" problems on our W2K server last week too. It happened the on 17th after installing the latest MS patches.

Our problems were that TCP Mapping services stopped working.

We had planned to upgrade that server to 2003 anyway so that was our fix. I realize that may not work for you but just letting you know in case it was one of the patches.

Larry

[kgoodknecht]

Kevin,

We started having "WinGate" problems on our W2K server last week too. It happened the on 17th after installing the latest MS patches.

Our problems were that TCP Mapping services stopped working.

We had planned to upgrade that server to 2003 anyway so that was our fix. I realize that may not work for you but just letting you know in case it was one of the patches.

Larry

That's a problem, the server belongs to one of my customer's customers, they have Win2k Advanced Server and I don't expect they are going to upgrade the OS. I don't have any problems with Wingate on any of the Win2k3SP1 systems I monitor, all running the RAS VPN server.
I don't know exactly what is setting it off, I installed Wingate on 7/29 and had BSODs on 7/30 and 7/31. The next BSODs came on 8/16 when it had three that one day alone. Then it had two more BSODs on the 8/18 just before I disabled the ENS driver. I've been looking through the eventlog, and on the days it didn't BSOD before I disabled ENS, it was getting several reboots a day for updates and software installations.
I remember a few times I had to reboot it when I just happened to be VNC'd into it when Wingate stopped responding, Gatekeeper wouldn't connect and when I tried restarting the Wingate Service, it hung on "stopping" so I had to reboot the server to get Wingate running again.
Now it's been almost 8 days since I disabled the ENS driver, and its last reboot was when I disabled the ENS driver at 6:40 AM on the 18th.

Things were a tough go there for a while when it was having all the BSODs I was afraid they were going to tell me to remove Wingate while it was still in trial. I'm still not positive they're not going to give up on it, but the last 8 days without a BSOD, the 18 blocked e-mail mass mailer worms and 6 blocked HTTP trojans have gone a long way to help prove Wingate's benefits.

They were having problems with trojans coming in through email and websites, and Wingate made a perfect solution to the problem. There's only two of the client computers that have internet access, and the last bug they got was a Nimda worm that propagtes through network shares. By the time they realized they had a problem they had infected six more computers, plus the server. Wingate with KAV is a good solution because it protects all clients from these types of threats for only $100 a year. I'm just afraid I'm going to have to roll it back to 6.04 like I had to do on my Win2k server.

I'd just like to use Wingate's NAT so I can take advantage of the redirections through ENS to the proxies, and run the Windows Remote Access service on Win2k, this configuration works perfect on Win2k3 but not on Win2k.

Now, it's down to crunch time, the trial ends Monday and I have until then to prove they cannot go without Wingate and KAV.

[labull]

Have you checked the minidumps using WinDbg? It will usually identify the offending driver.

[kgoodknecht]

Have you checked the minidumps using WinDbg? It will usually identify the offending driver.

Here's the debug, it appears to be WANARP.SYS

Microsoft (R) Windows Debugger Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINNT\MEMORY.DMP]
Kernel Complete Dump File: Full address space is available

************************************************************
WARNING: Dump file has been truncated. Data may be missing.
************************************************************
Symbol search path is: C:\WINNT\Symbols
Executable search path is:
*** WARNING: symbols timestamp is wrong 0x44925809 0x427b58bb for ntkrnlmp.exe
Windows 2000 Kernel Version 2195 (Service Pack 4) MP (2 procs) Free x86 compatible
Product: LanManNt, suite: Enterprise TerminalServer SingleUserTS
Kernel base = 0x80400000 PsLoadedModuleList = 0x80485b80
Debug session time: Fri Aug 18 06:37:35.937 2006 (GMT-5)
System Uptime: 0 days 0:09:54.547
*** WARNING: symbols timestamp is wrong 0x44925809 0x427b58bb for ntkrnlmp.exe
Loading Kernel Symbols
..........................................................................................................................
Loading User Symbols

Loading unloaded module list
.......
*** ERROR: Symbol file could not be found. Defaulted to export symbols for qbikhk2k.sys -
ERROR: FindPlugIns 8007007b
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D1, {2d23dab8, 2, 0, bf948942}

Probably caused by : wanarp.sys ( wanarp!WanReceiveCommon+22 )

Followup: MachineOwner
---------

0: kd> !analyze -v
ERROR: FindPlugIns 8007007b
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 2d23dab8, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: bf948942, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: 2d23dab8

CURRENT_IRQL: 2

FAULTING_IP:
wanarp!WanReceiveCommon+22
bf948942 8b34b0 mov esi,dword ptr [eax+esi*4]

DEFAULT_BUCKET_ID: INTEL_CPU_MICROCODE_ZERO

BUGCHECK_STR: 0xD1

PROCESS_NAME: Idle

LAST_CONTROL_TRANSFER: from bfca1f02 to 8046b1ac

STACK_TEXT:
80475ca0 bfca1f02 bfcd9b60 87b09448 80475d40 nt!Dr_kitf_a+0x2c
WARNING: Stack unwind information not available. Following frames may be wrong.
80475d24 bf94891b 0cabb1e5 88c5b6a4 88c5b696 qbikhk2k!stricmp+0x4b02
80475d50 bfcd2450 0cabb1e5 88c5b6a4 88c5b696 wanarp!WanNdisReceive+0x21
80475d94 bfcd188f 87b09448 88c5b696 88c5b696 qbikhk2k!stricmp+0x35050
80475dd0 bfd35183 884da008 0cabb1e5 87b440cc qbikhk2k!stricmp+0x3448f
80475e2c bf974a28 88ac8100 80475e5c 00000001 NDIS!ethFilterDprIndicateReceivePacket+0x2ea
80475e60 bf97481c 87b09008 80471102 87af6008 ndiswan!IndicateRecvPacket+0x288
80475e80 bf974761 87af6008 00000028 0000002d ndiswan!ProcessPPPFrame+0x12c
80475e98 bf9794a9 87b0a008 87ac8008 88727588 ndiswan!ReceivePPP+0x74
80475ebc bfd1ef90 00000001 87ae504c 0000002d ndiswan!ProtoWanReceiveIndication+0x107
80475edc f65607a4 80475f04 88ac8b02 00000001 NDIS!NdisMWanIndicateReceive+0x59
80475f0c 80467739 87ad99b0 87ad9730 00000000 raspptp!CallProcessRxPackets+0x14b
80475f24 80467690 0000000e 00000000 00000000 nt!KeAcquireSpinLockAtDpcLevel+0x25
80475f2c 00000000 00000000 00000000 00000000 nt!KiRetireDpcList+0x1f


STACK_COMMAND: .bugcheck ; kb

FOLLOWUP_IP:
wanarp!WanReceiveCommon+22
bf948942 8b34b0 mov esi,dword ptr [eax+esi*4]

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: wanarp

IMAGE_NAME: wanarp.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 3d5cef1d

SYMBOL_NAME: wanarp!WanReceiveCommon+22

FAILURE_BUCKET_ID: 0xD1_wanarp!WanReceiveCommon+22

BUCKET_ID: 0xD1_wanarp!WanReceiveCommon+22

Followup: MachineOwner
---------

[genie]

Hi,
What kind of networking software is installed on this machine? I can see this Dr_kitf driver along the path...

I will check this minidump and see if we can come up with some solution.

[kgoodknecht]

Hi,
What kind of networking software is installed on this machine? I can see this Dr_kitf driver along the path...

I will check this minidump and see if we can come up with some solution.

I'm not sure I can fully answer this question, my history on this server began on July 29, when I installed Wingate.
I do know that the hard drive was ghosted and moved to a new MB and case last October. so there is really no telling what all is on it. Do you know what could be using that particular driver?

[labull]

Kevin - googling this the only thing I can find is a recommendation to update the NIC drivers. Seems to be related to RRAS & VPN.

[kgoodknecht]

Kevin - googling this the only thing I can find is a recommendation to update the NIC drivers. Seems to be related to RRAS & VPN.

I've already tried every search engine I could think of, and got no results at all on the term. If I knew what it was I could make a decision on whether the driver needs to be loaded in the first place.

I cannot deny that it could be related to RRAS or VPN, I can say that I don't seem to have a problem on the Win2k server with Wingate and RRAS VPN server, or the three Win2k3 servers with Wingate and RRAS VPN servers running using Wingate NAT. It's just this one server I'm having problems with Wingate NAT.

A thought did just occur to me, this is a trail version, is it possible that the Wingate VPN server is in conflict with the RRAS VPN server?
That is the one thing it does not have in common with the other servers, they are all licensed with the Professional license, so the Wingate VPN is disabled. I'm not at all familiar with the Wingate VPN server, and I don't know if it could conflict with the RRAS VPN server.

[genie]

Kevin, can you send me this minidum of yours?