Smart questions
Smart answers
Smart people
Join Tek-Tips Forums
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Member Login




Remember Me
Forgot Password?
Join Us!

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips now!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

Join Tek-Tips
*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.
Jobs from Indeed

Link To This Forum!

Partner Button
Add Stickiness To Your Site By Linking To This Professionally Managed Technical Forum.
Just copy and paste the
code below into your site.

VPN

Nortel Contivity/Extranet Access Client
Posted: 8 Sep 03 (Edited 21 Jan 06)

The following list of errors and causes have been compiled by myself over the last 6 months of supporting a Nortel Contivity Switch using the Nortel Contivity/Extranet Access Client software(s).

---------------

First, let me cover a few checklist items if you are having trouble connecting with the Nortel Contivity/Extranet Access Client software.

1) If you are using Windows 98 or ME, make sure you have native VPN support installed.  To install this support do the following:

a) Start -> Settings -> Control panel
b) Add/Remove Software
c) Windows Setup     
d) COMMUNICATIONS
e) [DETAILS]
f) Virtual Private Networking
g) [OK]
h) [OK]
i) It will either copy some files and ask you to reboot or it will ask for the CD then copy some files and ask you to reboot, please reboot and proceed with the troubleshooting guide.

** NOTE: Windows 95 has this support, however you will be required to install the Dial-up Networking Patch v1.3b or higher (I recommend v1.4 as it was the latest update.) to get this added support.

2) If you are using Windows 2000 or Windows XP, make sure that the IPSEC service is disabled in your services list.  To check this, do the following:

a) Right click My Computer -> Manage
b) Click the + beside æServices and ApplicationsÆ
c) Services
d) Look for IPSEC Policy Agent (on Windows 2000) or IPSEC Services (Windows XP)
e) Disable the service if it is not disabled already. (it should be disabled by default).

3) Before upgrading ANY existing Nortel Contivity/Extranet Access Client Software; it is important to remember to uninstall the existing installation.  Failing to uninstall the old software can lead to serious software conflicts and can corrupt the entire network stack.

---------------

Error: Failed to get DNS and WINS settings from the server.

Cause: This is usually an error received on Windows 98 & Windows ME.  It is caused by an incompatible version of the Nortel Contivity/Extranet Access Client software.  Typically, this error will be encountered if you are using software version V02_xx.xx and simply upgrading to V04_xx.xx will alleviate the problem.

---------------

Error: Not compatible with this version of Windows.

Cause: You are using an outdated version of the Contivity/Extranet Access Client. I would recommend using V04_65.14 or higher on Windows 2000 & Windows XP.

---------------

Error: Login failure due to remote host not responding.

Cause: This is typically caused by UDP500 traffic not getting back to the requesting client through a firewall and/or router.  If your firewall/router supports IPSec passthrough you must enable IP50, IP51, UDP500 on both the source and destination (i.e. bidirectional) in order for the client to establish the connection.  Some firewalls/routers have a generic setting "Enable IPSec" or "Enable IPSec Passthrough" and simply turning this on will usually solve the problem.  However, if you do not have this setting then you will have to program this manually.  On a last note, make sure that your firewall/router is using the latest software/firmware if you are having further issues getting it to work.

---------------

Error: The decompression of %s failed. There may not be enough free disk space available in the TEMP directory.

Cause: You'll get this error sometimes when running installer programs that use InstallShield.  The install says "extracting files needed for installation" and then fails with the aforementioned error message. Re-running the installer usually does not help, but does sometimes.

The following suggestion is not a definitive solution - it is known to not work sometimes no matter what you do.

1) Make sure you have the right amount of free hard drive space (always check the obvious first.)

2) In Windows 95/98 check your autoexec.bat to see what your temp directory is. In other words, look for a line like this: SET TEMP=C:\TEMP or something like that. If you have no such line, it defaults to: C:\WINDOWS\TEMP which does often cause problems over time. Make a separate C:\TEMP directory just for running the installers on the client's machine.  Or if you are using Windows 2000 or Windows XP the default path for TEMP files is %USERPROFILE%\Local Settings\Temp (although XP is famous for still using C:\WINDOWS\TEMP\ directory even though the global environment variable is set elsewhere.)

** NOTE: Kerberos itself doesn't use a TEMP variable. It uses TMP. Set both of these variables to different directories, i.e.:

SET TEMP=C:\TEMP
SET TMP=C:\TMP

That way you get Windows-generated temporary files in C:\TEMP, and Kerberos tickets, your Netscape cache, etc. are set up to go in C:\TMP. It makes it easy to quickly clear out C:\TEMP if Windows starts misbehaving on you. And always clean out these directories periodically right after boot for good measure. Make sure you don't clean them out while other applications are running.

3) Make sure C:\TEMP really exists!

4) Make sure C:\TEMP is completely empty. In particular, look for folders with '~' or '_' as the first character - those are symptoms of previously failed installations.

5) Check the installer program: if it has its read-only file attribute set, uncheck it. Right click on the file name and select "Properties" to get that dialog box.

6) Reboot

7) Now try rerunning the installer.

If it still doesn't work, clean out C:\TEMP again and reboot.

** NOTE: As a last resort using Windows 2000 or Windows XP, try setting the temp environment variables to a different directory other than the one the system is trying to use.  Once you set it to a different location (i.e. C:\TEMP), reboot and in most cases it will install fine.

---------------

Error: The Contivity VPN Client driver was not loaded.  The system was not rebooted after the Contivity VPN Client installation or the Contivity VPN Client installation encountered an error and needs to be installed again.

Cause: This is caused by Windows not cleaning up behind itself and in a lot of cases it cannot simply be corrected.  However, there are a few things you can do to try and correct this.

1) Uninstall the Nortel Contivity/Extranet Access Client and reboot.

2) Remove and reinstall the TCP/IP Stack on the system and reboot.

3) Try reinstalling the software again and reboot.

4) If the error still persists, the only resolve I have found is a reload of Windows

---------------

Error: The DLL32.DLL file cannot start

Cause: This is also caused by Windows not cleaning up behind itself and left a copy of DLL32.DLL floating around under C:\WINDOWS\SYSTEM directory.  Sometimes this can be resolved with a few simple steps:

1) Delete the mminst.dll file from the windows\system directory, then execute setup.exe again.

2) If you cannot find mminst.dll, make sure that the Explorer View options are set to show all files.

3) If you get a message saying that the file cannot be deleted because it is being used by Windows, reboot the machine and then delete the file.

---------------

Error: Checking for banner text from <a URL or IP address>" [followed by a 15 second pause] then you receive "The secure Contivity VPN connection has been lost. Click Connect to re-establish connection."

Cause: This problem is indicative of udp500 traffic not getting back from the host to the requesting client.  In most cases this is because of a firewall/router that is dropping the packet due to a setting.  Typically, if you have gotten this far there is nothing wrong on the client or the host, but merely a dropped packet.  Once you correct this in the firewall/router the problem will clear up.

** NOTE: If you are not on a LAN/WAN setup but have broadband (i.e. at your home) be aware that your cable modem or DSL modem can be configured to handle security and/or firewalling/routing and should be checked to ensure it is not dropping your needed packets.

---------------

Error: Failed to get Registry key value for NT_IPSECSHM

Cause: This is caused because an important registry key cannot be found in the system registry.  To correct this issue, perform the following actions:

1) START -> RUN -> REGEDIT

2) Navigate to HKEY_LOCAL_MACHINE - System - CurrentControlSet - ENUM - ROOT - NT_IPSECSHM


3) Select the Key "0000" below NT_IPSECSHM, and you will be presented with all the details concerning the IPSEC adapter.

4) Check the details pane at the right.  You will notice the absence of the entry "Driver : REG_SZ : {4D36E972-E325-11CE-BFC1-08002BE10318}\0008

5) This line is essential to link the driver to the adapter.  With the "0000" highlighted in the left pane, choose EDIT - Add Value.  Enter "Driver" as the value name, and make sure that REG_SZ is the data type.  Choose OK to proceed.

6) Highlight the "Driver : REG_SZ : " in the right pane, choose EDIT - STRING from the menu.  Enter the value: {4D36E972-E325-11CE-BFC1-08002BE10318}\0008  in the field for "value".  Click OK to proceed.

** NOTE: Since all registry changes are made real-time, you do not have to reboot.  Close the registry editor.

---------------

Error: The routing table cannot be altered after the Contivity VPN Connection has been established.  The Contivity VPN connection has been closed.

Cause: This occurs because your system is renewing its IP address or routing tables.  Here is the most common fix:

1) START -> RUN -> REGEDIT

2) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

3) Add the line:  "PerformRouterDiscovery"=dword:00000000

OR

The problem could be that every time the OS changes the MTU for a specific path, it recorded that information in the routing table.  By disabling PMTUD you can alleviate this problem.  (This potential fix provided by wfaulk)

---------------

Error: The secure Contivity VPN connection has been lost. Click Connect to re-establish connection.

Cause: Several things can cause this; here are the most common reasons:

1) Make sure that TCP/IP is the only protocol bound to the ethernet adapter.  Having more than TCP/IP has been known to cause connection drops. (i.e. IPX/SPX and NETBEUI)

2) Make sure you don't have more than 4 adapters (both virtual and physical) installed in the network control panel.

3) Make sure you have reliable Internet connection.

---------------

Error: Login Failure due to: Driver Failure

Cause: This is generally caused by either not having Admin rights to the PC or by using a client software package that predates the operating system.  Update your client software to a newer one. (I recommend using V04_65.xx or higher).

---------------

Error: Create socket failed with 10048.

Cause: This problem generally will occur whenever you have another VPN client software installed on the system.  The most noted conflicting clients are: AOL software, Cisco VPN Client(s), SSH Sentinel and PGP.

Removing these clients will in most cases, resolve the issue.

---------------

Error: Login Failed. Please consult the switch log for details.

Cause: The most common reason for this error is an expired password on the host you are attempting to login to.

---------------

**FINAL NOTE: I will update this FAQ as I find more solves or updated information to troubles.

-edemiere

Back to Remote access issues FAQ Index
Back to Remote access issues Forum

My Archive

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close