Barracuda Network Access Client

Troubleshooting

This page provides you with solutions to some common problems concerning the Barracuda Network Access Client.

Troubleshooting

ProblemSolution

Initialization of the Personal Firewall service takes very long and thus the system's health state can not be validated.

E_PENDING 0x8000000A The data necessary to complete the operation is not yet available.

Debug Log output:

WMIXP2SecureCenter2.cpp(863)* Register FW Status Provider 

WMIXP2SecureCenter2.cpp(62)* RegisterFWStatusProvider 

WMIXP2SecureCenter2.cpp(112)* QueryInterface for Register failed Error: 0x8000000a 

WMIXP2SecureCenter2.cpp(870)* RegisterFWStatusProvider failed. wait 1000 ms...(0)


The Personal Firewall's API registrations takes too long because the required MS Windows Security Center service (WSCSVC) is not yet started. By default, MS Windows starts the WSCSVC service with startup type: Automatic (delayed Start)

Set the Startup type value of WSCSVC to Automatic.
WSCSVC-Startup-type.png 

Connection to the VPN server breaks immediately after establishing.

A firewall rule set may have been damaged during transfer from the VPN server to the client. Disconnect all applications and connect again to solve the issue. This behavior may also occur with slow connections. Increase the Keep alive (seconds) parameter (see Advanced Settings Tab) if you encounter any problems.

Connection breaks if IP address assignment via DHCP is used.

A connection problem occurs when the firewall slot is closed too early. Create a local firewall rule set to solve the issue: Action > Pass Service > BOOTPS (out: UDP 67; in: UDP 68).

VPN Gateway not reachable via VPN tunnel is logged into the Events window.

Open the Expert tab  (see Advanced Settings Tab) and change the value from Virtual Adapter Configuration to Direct assignment or the other way around.

Session PHS: signature check failed (bad decrypt) is logged into the Events window.

Deactivate Private Encrypt (see Connection Dialog, X.509 Authentication).

Error code 0x0000142 is continuously thrown by phionHADlg.exe in Barracuda NG Access Client 2.0 SPx.

The following error popup shows permanently up in Windows XP:

image2013-5-2 18:0:44.png

This is an operating system issue (see also this Microsoft article: http://support.microsoft.com/kb/950312/en-us).

As a workaround, you may disable the respective process entry in the Microsoft Event Monitor by disabling the process monitor for the Barracuda NG Access Client 2.0 SPx. To do so, set this DWORD registry entry to a value of "0":

HKEY_USERS\.DEFAULT\Software\Phion\phionvpn\settings\ProcessMonitor

Subsequently restart the computer.

Authentication using X.509 and eToken / SmartCard fails in Barracuda NG Access Client 2.0 SPx.

The following error message is generated into VPN client log while trying to connect to the VPN server:

ERROR: Crypto Key Provider doesn't support 
native RSA CryptEncrypt/CryptDecrypt

The crypto service provider (e.g., Smartcard from aTrust) does not support native RSA access.

In this case, set the Probe Encryption option within VPN Profile > Properties > Connection Entries to No. Thereby, the probe encryption will not be executed prior to the actual connecting process. The user is then prompted for the PIN and will have 20 seconds to enter it before the timeout at the VPN service is reached.

image2013-5-2 18:1:56.png

A VPN connection can not be not established due to a Firewall Status mismatch error. 

The VPN Service on the Barracuda NG Firewall drops incoming connection request by a Barracuda NG Network Access Client with a version number below 2.0 SP3 and generates the following error message into the VPN Log:

Warning Session PGRP-AUTH-user01: 
reply unsuccesful handshake:
100 36 Firewall Status mismatch

Barracuda NG Network Access Clients prior to version 2.0 SP3 cannot interpret the VPN Service's Firewall Always ON option which therefore effectively prevents connection establishment for these clients.

To allow these older clients to connect to the VPN service, navigate in Barracuda NG Admin to Config > Box > Virtual Servers > [Servername] > Assigned Services > [Servicename] > Client to Site > External CA > Group Policy and clear the Firewall Always ON check box. Ask your administrator to process this if you have no access to the Barracuda NG Firewall by yourself.

image2013-5-2 18:2:53.png

 

The VPN Client cannot open a connection due to a timeout.

Barracuda NG Network Access Client 2.0 SPx breaks the VPN connection and generates the following error message into the client log:

Could not connect to serverConnectLib,
Open() failed: could not open DIRECT connection,
IOStreamSock: Connect(x.x.x.x:691): TIMEOUT
Error while connect to x.x.x.x:691 (proto=TCP)

This message appears only if the server's IP address is reachable, but at the same time no listen port (UDP/TCP 691) is available.

The VPN Service listens by default on the first and the second server IP address. For additional server IP addresses, it is necessary to bind the service manually to these additional IP addresses. Navigate to Config > Box > Virtual Servers > [Servername] > Assigned Services > [Servicename] > Service Properties > Service Availability in order to achieve this.


Feedback Did you find this article helpful: |

Still need help?

If you have a technical issue with the product, please contact Barracuda Networks Technical Support.