Sunday 30 June 2013

TFTP gets Timed out, No error message.

We had a issue with Windows XP laptop, the TFTP server stops responding. We checked the ports were fine, and was not used by any other tftp server. The windows XP firewall was off. Tried with two TFTP servers Solarwinds and TFTPD , both were not responding.

No error message :-( , if we reboot it in safe mode, it was working. So first clue , some service was stopping the TFTP operation.

Identifying service was also very frustrating, but looks like it was Cisco VPN client, which has Stateful firewall, once we stop this service, the TFTP was working fine.

From Cisco :

================================

How can I disable the Stateful Firewall Feature during the installation of the Cisco VPN Client?

A. For VPN Client versions prior to 5.0:

Refer to the Documentation Changes section of the VPN Client Rel 4.7 Release Notes in order to learn about the two topics "Using MSI to Install the Windows VPN Client without Stateful Firewall" and "Using InstallShield to Install the Windows VPN client without Stateful Firewall".

For VPN client versions after 5.0:

Beginning with Cisco VPN Client release 5.0.3.0560, an MSI installation flag was added to avoid the installation of the guild in firewall files:

msiexec.exe /i vpnclient_setup.msi DONTINSTALLFIREWALL=1

Refer to Bypassing Installation of Firewall Files When Stateful Firewall Is Not Required section for more information regarding this.


Ref:http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_qanda_item09186a00801c2dbe.shtml


Solarwinds TFTP server documentation also states something similar:

Error message: " %Error opening tftp://IP_Address/filename (Timed out) ERROR: Failed to open archive file tftp://IP_Address/filename." when you try to transfer a file in TFTP Server

This error is typically caused by a firewall blocking access. We recommend disabling any firewalls on the machine running the TFTP Server.

FYI, Cisco's VPN client has a setting under options that states "Stateful Firewall Always On". If you have this client installed, you will want to uncheck this setting.


=====================================

Hope it helps someone !