Clients connecting & getting "Connection failed" due to NAT Negotiation failed -Err 2

[texastoby 1]

Greetings,

normaly I dont register on Forums as google pretty much knows most of the answers I need for my every day Problems with setting up certain Software. But oh boy... ArmA 2: OA Dedicated Server (For Windows) sure gives me a run for my money.

I think I read pretty much every thread in this (and other forums for that matter) regarding the topic and it seems that there is no solution whatsoever to that Problem.

Also one side is blaming Gamespy, the other BIS. Infinite Loop comes to mind... oh well, I am already this close doing some physical harm to my server that I had to post this to relieve some stress.

I try to provide as much Information on the matter as I can remember.

1.) The Game is bought via Steam.

2.) I downloaded it via Steam on my Windows Server 2008 RC 2 (incl. the dedicated Server)

3.) I set the Windows Server Firewall to accept every incoming AND outgoing TCP & UDP Port for ARMA2OASERVER.exe

4.) I configured my Router to forward Ports (UDP, UDP & TCP) 2302, 2303 and 2305 to my Server.

5.) I even tried opening the Ports needed for the Gamespy Servers. Also both TCP & UDP.

6.) The Dedicated Server is configured with TA2DST (Port 2302). No Mods are installed. Vanilla installation.

7.) The Clients are Vanilla aswell.

8.) Connecting via LAN works like a charm

9.) Internet Searching in the Gamespy Server list, works. BUT The Ping is either "?" or 2500

10.) Connecting results in "Connection Failed" and the RPD (I think it was called) says

NAT Negotiation failed - unable to communicate with the server

NAT Negotiation failed (NNThink - result 2)

11.) Doesnt matter if I try to connect or my friends. We all get the same error.

I hope that is something to work with.

Some of the solutions I have found contain thinks like "Open UPNP Ports" or "Enable UPNP"

Well... not an option realy. Also, my Router has no ICMPv4 nor ICMPv6 settings.

Oh yeah, it's a Alice Modem WLAN 1421.

Like I said before, I am this close to loosing it so this is pretty much my last shot at getting it somehow fixed.

Suggestions are highly appreciated!

kind regards

Toby

[iOGC_Aenigma 1]

The only way I got around this was a new router. I have no idea what caused the issue but the only way I could solve getting a NAT negotiation error was to use a new router.

Am I right in thinking you are running a dedicated server through your router at your end?

I started getting this error a few beta patches back.

[Lokyi 10]

Have you set up server configs etc?

http://community.bistudio.com/wiki/server.cfg

http://community.bistudio.com/wiki/arma2.cfg

are a good place to start. Sounds like a router issue though, NAT can be a b*tch if your router is junk.

[texastoby 1]

First off, thanks for the replies!

Heavens... buying a new router is not realy an option.

Just to host a dedicated Server for the occasional coop game does not justify buying new hardware.

Especially since this is the ONLY Server that has ever given me any trouble with it.

Oh, yes the server is configured and running the dedicated windows variant.

Like I said, I start it (and configure it) with TA2DST and at least for LAN connections

it works just fine.

Doesnt bode well for my plans to get some coop games underway.

Also, just as a personal and slightly disgrunteled side note, implementing a solution in a game

that makes it impossible for a lot of people to even host simple none dedicated games is just

bad form. Be it BISs or Gamespys fault. At the very least there should be an alternate method

somewhere in there too. Kind of dissapointing.

Oh well... maybe the solution will come in the form of a reply at some point.

[Lokyi 10]

If it's NAT it's nothing to do with either BIS or Gamespy dude, it's your hardware that's the issue. Guaranteed.

Especially if the error explicitly says NAT.

Of course it will work fine on a LAN, the switching side of your router doesn't use NAT!!!!

NAT is designed to convert your external IP to an internal network IP. Hence the term "translation".

Playing on LAN it's just talking from LAN IP to LAN IP. No sweat.

Edited July 25, 2012 by Lokyi

[texastoby 1]

If it's NAT it's nothing to do with either BIS or Gamespy dude, it's your hardware that's the issue. Guaranteed.

Especially if the error explicitly says NAT.

Of course it will work fine on a LAN, the switching side of your router doesn't use NAT!!!!

NAT is designed to convert your external IP to an internal network IP. Hence the term "translation".

Playing on LAN it's just talking from LAN IP to LAN IP. No sweat.

Thanks again for the reply. I may have chosen a couple of wrong words to describe it. Despite having "texas" in my nick I am not actually

from the US, hence I sometimes mixup english words or phrases. That may have caused some confusion.

I know what NAT is and what is for. And here comes the but.

BUT: The NAT Negotiation is part of the Gamespy API to make the server browser work correctly. Hence it has something do to with gamespay aswell as BIS as BIS had to implement it usding their SDK.

But that is besides my point. I agree that the Problem is on my side. Crappy Router probably. What I meant to say is, that there are a lot of people who have this problem that you would think that BIS or Gamespy would actually come up with an alternate Method of making it work. That is all I tried to day and also what I am trying to find.

Me saying LAN works fine was meant to show that the ArmA2 dedicated Server itself was configured correctly enough to actually play on. Nothing more.

That the LAN IP has nothing to do with my public WAN IP... well that is a gimme :)

Quick Edit: I gave in and ordered a new Router. Wish me luck that it will fix my ever so annoying problem with creating a reachable dedicated server.

Edited July 25, 2012 by texastoby

[Lokyi 10]

Yesssss... but neither BIS nor Gamespy have any influence on router manufacturers' firmware! Thus I don't see how you can expect them to help in that regard, or implement any other kind of solution, because it's just not possible! If you want to host a server, you need to know howto operate the hardware as well.

I think you'll find the problem could be whatever port Gamespy/BattleEye etc uses, which would be separate from the 2302 port Arma2 runs on. So you'll need to make sure that's mapped correctly as well.

Unless you and the client are running IPv6 where you can avoid NAT altogether, then sorry, you're gonna have problems.

[texastoby 1]

Yesssss... but neither BIS nor Gamespy have any influence on router manufacturers' firmware! Thus I don't see how you can expect them to help in that regard, or implement any other kind of solution, because it's just not possible! If you want to host a server, you need to know howto operate the hardware as well.

I think you'll find the problem could be whatever port Gamespy/BattleEye etc uses, which would be separate from the 2302 port Arma2 runs on. So you'll need to make sure that's mapped correctly as well.

Unless you and the client are running IPv6 where you can avoid NAT altogether, then sorry, you're gonna have problems.

I think we are in agreement on the basics, but differ in opinion in the details. But hey, that is what makes discussions fun right?

1.) I never said they had any influence on the manufacturers firmware. I agree with you that if the Router, for whatever reason, isnt able to complete a request or drops some packeges, etc., etc, BIS nor Gamespy have any influence on that and also it is not their fault. But since Gamespys API has a function implemented that is called NNThink (and granted, I havent read through the whole documentation) that supposedly processes any NAT Negotiations... well, you see how I got on the track that it may be a Gamespy / BIS Problem?

2.) And if that is the case, the combination of a crappy router and an specific funtion causing problems... I would assume that another solution is implemented at some point. They have fixed NAT Negotiation errors in the past and I highly doubt by that they meant sending out fixed firmwares for routers.

3.) Why did I think another solution is implemented? Well, there are more than enough servers (game and otherwise) on my Machine that run perfectly fine even though my router is a lot less manageable than most others. Its NAT Table is working just fine (or at least it is working as the packages are modfied or it wouldnt work at all). For example, my Visual SVN Server, MS SQL 2008, Open Sim Simulator and Day of Defeat Server run perfectly fine and without problems when people try to connect.

4.) Granted I am not an Network Administrator and I dont have a perfect knowledge of the layers 1 through 4 but I know my basics. I am working as a software developer that gives me a good enough overview. Why bring that up? You said If I want to host a Server I have to know how the hardware works. Well, I do to a certain degree, but someone who does not have any insights doesnt have to know that if he wants to run a none dedicated game on his machine to play with his friends. He would, in this state, run into the same problems as I have.

My final thoughts on the matter:

I guess the whole ordeal is caused by a Tri-Factor of Problems. Shady Router, Shaky Development of the API by Gamespy, maybe unclean implementation of the API by BIS.

OR I have overlooked something and I am to blame. We will see. Router should be here on monday.

Quick Edit: I am not saying you are wrong and that I am right, I am just trying to paint a picture of my thought process. That is all. Maybe complete rubbish. I just hope the new router will do the trick. Any thoughts on settings to avoid this maybe (any new ones I havent already taken into account in my first post)?

Edited July 26, 2012 by texastoby

[suma 8]

3.) I set the Windows Server Firewall to accept every incoming AND outgoing TCP & UDP Port for ARMA2OASERVER.exe

4.) I configured my Router to forward Ports (UDP, UDP & TCP) 2302, 2303 and 2305 to my Server.

5.) I even tried opening the Ports needed for the Gamespy Servers. Also both TCP & UDP.

6.) The Dedicated Server is configured with TA2DST (Port 2302). No Mods are installed. Vanilla installation.

What you did should effectively disable the port mapping and NAT traversal should be very easy. I have no idea why it did not help.

Debugging NAT traversal failures is often hard, as some routers are very unpredictable in their mapping behaviour. Still, chance is we might be able to learn more.

This is really strange. Does the .rpt file contain more details about how NAT Negotiation worked? Can you copy the relevant part here?

[texastoby 1]

### Quick Edit ###

For some reason unknown to me a clean install of the arma 2 OA server people can now connect to the server

without problems. FINALLY! :)

Though I on the other hand can only connect via LAN. Connecting through the gamespy server wont work for me. But that I can happily ignore.

Only downside is that the ping shows to me and my friends as "?" or 2500 AND the server dissapears after a few minutes

from the gamespy server list. Dunno why.

### original post ###

Hey,

I dont understand it either.

I tried connecting with RCon to my Server from work today. It worked perfectly, but connecting a game is still not working. Even with the new router.

Putting it in the DMZ had no effect either.

The .rpt Files containt the following:

Server: Nothing, it is empty.

Client:

The last Stable Patch:

=====================================================================

== d:\games\steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA.exe

== "d:\games\steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA.exe"

=====================================================================

Exe timestamp: 2012/07/20 23:30:49

Current time: 2012/07/22 22:10:56

Version 1.60.87580

NAT Negotiation failed (NNThink - result 2)

ca\missions\MPScenarios\MP_Deathmatch.chernarus: string @str_mpdeathmatch_subname cannot be localized client-side - move to global stringtable

Client: Nonnetwork object f71d2840.

Client: Nonnetwork object f71d2700.

Client: Nonnetwork object f71d25c0.

NAT Negotiation failed - unable to communicate with the server

NAT Negotiation failed - unable to communicate with the server

NAT Negotiation failed (NNThink - result 2)[/Quote]

The Current Stable Patch:

=====================================================================

== d:\games\steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA.exe

== "d:\games\steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA.exe"

=====================================================================

Exe timestamp: 2012/07/25 17:59:16

Current time: 2012/07/25 22 : 31:53

Version 1.62.95248

Warning: looped for animation: ca\anims\characters\data\anim\sdr\mov\erc\wlk\non\non\amovpercmwlksnonwnondf.rtm differs (looped now 0)! MoveName: amovpercmstpsnonwnondnon_amovpercmstpsraswpstdnon

Warning: looped for animation: ca\anims\characters\data\anim\sdr\mov\erc\wlk\non\non\amovpercmwlksnonwnondf.rtm differs (looped now 1)! MoveName: amovpercmrunsnonwbindf_rfl

[/Quote]

With the new Betapatch:

=====================================================================

== D:\Games\Steam\steamapps\common\arma 2 operation arrowhead\Expansion\beta\arma2oa.exe

== "D:\Games\Steam\steamapps\common\arma 2 operation arrowhead\Expansion\beta\arma2oa.exe" -mod=Expansion\beta;Expansion\beta\Expansion

=====================================================================

Exe timestamp: 2012/07/26 22:11:15

Current time: 2012/07/27 19:22:11

Version 1.62.95389

Warning: looped for animation: ca\anims\characters\data\anim\sdr\mov\erc\wlk\non\non\amovpercmwlksnonwnondf.rtm differs (looped now 0)! MoveName: amovpercmstpsnonwnondnon_amovpercmstpsraswpstdnon

Warning: looped for animation: ca\anims\characters\data\anim\sdr\mov\erc\wlk\non\non\amovpercmwlksnonwnondf.rtm differs (looped now 1)! MoveName: amovpercmrunsnonwbindf_rfl

Edited July 27, 2012 by texastoby

[Lokyi 10]

just out of interest, what's your reportingIP in your settings? Should be:

reportingIP="arma2oapc.master.gamespy.com";

---------- Post added at 01:27 AM ---------- Previous post was at 01:23 AM ----------

I imagine the problem with you trying to join from a PC on the same LAN, is a potential port problem in parallel with your server, it could also be causing a conflict.

Although I haven't looked much into the gamespy side of things, I imagine that the server should be broadcasting to GS on a particular port, but your game PC may be looking to use that same port through the router... see the potential problem?

[texastoby 1]

Another quick edit:

It seems that some users can connect others can't.

out of the 5 people that wanted to play only 2 where able to connect without problems.

Yup, that is the reportingIP.

Also, I do, had the same thought aswell.

So I tried it with a couple of friends and they all had the same problem. They could connect (again, Finally! :) ) but the ping was either "?" or 2500.

I can see Gamespy, or whom ever is responsible for resolving the ping, would think about it as people would create none dedicated games aswell. And that makes

me think that I am still missing a key port for that. Though I have the Heartbeat Server Port forwarded. The Custom UDP Ping also.

Hm... I am slowly but steady running out of ideas.

Edited July 29, 2012 by texastoby

[texastoby 1]

I take it this will remain a cold case then?

[viper.cless 1]

4.) I configured my Router to forward Ports (UDP, UDP & TCP) 2302, 2303 and 2305 to my Server.

Try to forward UDP 2304 also. At least the arma linux server is listening on 2304 UDP and not on 2303 UDP, so why would the windows version.

9.) Internet Searching in the Gamespy Server list, works. BUT The Ping is either "?" or 2500

Make sure ICPM echo request are answered and not dropped by your firewall.

Edited August 4, 2012 by Viper.cless

[jackwhitter 1]

I can confirm that we are experiencing the same problems with our server hosted at dedicated hosting facility behind a Cisco ASA firewall. i've opened up a bunch of ports tcp and udp. everything that netstat -a shows in use for the game plus any ports i can find for gamespy.

we have some people who can join through the server browser, but not everyone (probably not most people). if you put in the remote address, then it connects fine. we can configure the ASA firewall, but we need to know what to configure.

[JayC 0]

I can confirm that we are experiencing the same problems with our server hosted at dedicated hosting facility behind a Cisco ASA firewall. i've opened up a bunch of ports tcp and udp. everything that netstat -a shows in use for the game plus any ports i can find for gamespy.

we have some people who can join through the server browser, but not everyone (probably not most people). if you put in the remote address, then it connects fine. we can configure the ASA firewall, but we need to know what to configure.

I'm not up on Cisco ASA's, so I can't tell you what the command line is... but the problem is fixable on them...

You need to set a source port rule on the outbound NAT to use static mapping... so if an inbound packet on 230x is shown as outbound on the same port... This happens on a lot of routers with UDP packets.

[Dwarden 1124]

does this problem still exist for You with 95948 build ?

[james_manring 1]

I take it this will remain a cold case then?

I sure hope not. From a simple internet search it appears this problem has existed for many people for years (I found issues posted as early as 2009) and is quite serious, even though it appears to not be taken seriously by GameSpy. From what I have read they refuse to talk to end-users and are quite obstinate about this "not being their issue". To be quite honest it seems everywhere you look for answers it is someone saying it isn't their issue or suggesting you forward UDP ports or to set ICMP rules in the firewall. Obviously if users are connecting, the UDP ports were forwarded properly. Setting custom ICMP rules in the firewall does not change anything whatsoever. I suppose this is not a problem if sales are still up and this title isn't going to be actively supported for much longer but there are upset customers like us out here that don't have the energy to constantly gripe about an issue like this for years on end. It would be nice to not feel like our issues are "swept under the carpet", as I have noticed other users on various forums basically stating. If third party server browser software can UDP ping properly, then GameSpy can do the same but is unwilling. To be honest I am surprised that Bohemia Interactive still uses their services with the uncooperative attitude that GameSpy displays.

To analogize, it feels like the boy at the market bagging your groceries just ripped a bag and dumped your yogurt and eggs on the ground. When you ask him to fix it he says, "I will only talk to food manufacturers. This is not my problem.". It makes you not want to go back, but you will get hungry again and you do really like shopping at the Bohemia grocery store. You will go back and suffer through it for whatever eggs and yogurt you can manage to squeeze passed that clumsy grocery boy named GameSpy. And yes, I did just compare random internet players to picking up eggs and yogurt.

does this problem still exist for You with 95948 build ?

Yes, this problem still exists. It persists on to 96015 and 96061 as well. I have contacted Cisco over this issue. Their SOHO networking routers are not the problem according to them. The technicians thought this is likely an issue with GameSpy.

I would love for people to be able to find my server without having to resort to using a 3rd party browser or guess which 2500 ping is really a lie. If you would, please contact them and ask them kindly to start working on their issues.

Edited August 28, 2012 by James_Manring

[t0pz 1]

I can confirm this is still happening. We have had this issue about a year ago and decided to switch hosting provider, where we never had issues.

Now we are back on a datacenter in Dallas, and the same issue arises yet again. (We have made no changes in the server setup whatsoever during the migration)

In the past few months we were doing well in terms of player population. Servers filled up instantly. Now with the new machine (dedicated server) we are struggling to get even 6 to 8 players on, even though our name is established already. A lot of regulars are reporting not being able to find the server (25000 or ? ping) or not being able to join it at all ("Connecting Failed").

Some players on the other hand seem to be able to find and join fine. In either case, it killed our server within a few days, with little to no-one playing on it anymore. We ran into a dead end last year when researching this problem, and are yet again very frustrated with this...