Cannot connect Vista Bus to SBS even after KB926505 - Problem with nshelp.exe

I just went through the Vista hell myself.
Turned off the firewall?

Some will differ, but have you tried joining the PC the old fashioned way, under computer name and workgroup/domain name settings?
right-click on computer, properties, name tab, etc....

Hi Bkellyboulderit,
Well if it was just the one pc I'd have gone that route and coped with the anomalies as they occured but I need to resolve using the wizard so that all the SBS stuff is resolved nice and dandy. I've learnt my lesson regarding trying to hack SBS . . .do at peril !!

Turned firewall off and get same result. I have tried renaming the workstation removing the old name from the server and AD then adding the new name to the server through the wizards but no go.

Hope someone can help . ..
Cheers
Trev.

This is all true, however I wanted to find out if you could join the domain to isolate the problem. Meaning, if you could join the domain, then I would probably wonder if it the server end first and if not, then I would suspect the workstation. Not that I would do this for a rollout, ack...but to troubleshoot this one machine. Since it's not deployed, it would just be a test.

You should ask TechSoEasy. He is the man.

Ah Yes (to both points)
I'm knida hoping Jeff is about tonight to throw some SBS pearls of wisdom my way.
I can connect to the domain manually . . just tried. Any ideas on a debug approach

Regards
Trev

Not so much with Vista. Yet. I really wish SP1 was out.

SP1 ??? Yeah I've been hanging on for that but the pressure is too great now. Users and new clients don't see the need to wait. Some one is going to deploy if for me unless I get upto speed quickly. I though SP1 was due out about now ???

Regards
Trev

Yeah, they pushed it back to next year. Users and clients....the bane of our existence ;-() I guess the WOW is now.

KB926505 is only partially what's needed.  Please see this article for the full how-to:
http://blogs.technet.com/sbs/archive/2007/02/09/sbs-vista-client-update-ripcurl-now-available.aspx

Jeff
TechSoEasy

Good Morning Jeff,
Sorry I did not mention that I too had found this blog and had followed it through. It seems to presume that the latest ISA2004 is SP2, I have SP3. The KB for fixing 64-bit connections says that the component does not exist on my server (this is not a problem for me since I'm running 32-bit Vista).

Have you seen this before, some others have but no known cure . . .

Thanks for responding
Regards
Trev.

SP3 is indeed the latest.  So you're fine there...

But have you installed this yet?  http://support.microsoft.com/kb/936594

Jeff
TechSoEasy

OK I did look at the NIC on the VISTA workstation (which is new) and turned off the TCP offloading feature and rebooted. That didn't help. I didn't see this KB in the white paper or blog, have just downloaded and giving it a try. I'll remove the Vista workstation from the domain after last nights manual connection first.
Thanks, I'll post back with results in a short while.
REgards
Trev.

If you manually connected... you need to follow the full steps to rejoin:  http://sbsurl.com/rejoin including renaming the machine.

Jeff
TechSoEasy

Yep, been there and you've already taught me that lesson. Thanks again
Trev

Hi Jeff,
I disconnected the workstation according to procedure, also checked the server NIC for Offloading features (there are none available for my 3 year old intel box) I ran the KB936954 and rebooted the server as requested.
Removed the workstation from the SBS control panel and entered a new name for the workstation.

Tried to run http://servername/connectcomputer but got same problem.

If its of any help the following text is in the SBSNetSetuo.log in the ..\clients folder that your rejin procedure says to delete/rename. It repeats each time you attempt to connect.

11/10/2007 10:31
-- Starting SBS Net Setup --
-- DoDNSQueryCompanyWeb(): Current server IP 192.168.3.1 --
-- Query for the IP of 'CompanyWeb'. SBS Server is [192.168.3.1] --
-- ServerURL is [http://192.168.3.1/connectcomputer/] --
CNSHelp::Start() - DownloadFile(server.txt) failed [-2146697191]
CNSHelp::Start() - one or more files missing, showing an error and exiting

Server.txt contains the following text:
<?xml version="1.0"?>
<root>
      <server ip="" domain="XXXDOMAIN.local" netbios="XXXDOMAIN" name="XXX2003"/>
</root>

Should the server ip be blank ???

Regards
Trev.

Hi All,
Just found this at http://msmvps.com/blogs/sbsdiva/archive/2007/08/16/gt-gt-gt-hot-topics-for-august-2007-lt-lt-lt.aspx
Unfortunately it doesn't fix my problem, the connectcomputer site was listening on 192.168.3.1 as it should in my case but I thought I'd try anyway. This is the problem I am having though and I can't resolve. Al files are in the inetpub/connectcomputer folder.

ISSUE
=====
When join a computer (vista) to the SBS (no ISA) domain, it shows the
following error message when running the connection link:

"An error occurred whil trying to copy the Client Setup files. Check the
following, and then try again:
If you use a public proxy server to browse the Intrernet, clear the Internet
Explorer connectino setting for using a proxy server. ...
If you do not have a public proxy configured for Internet Explorer, then
your network administrator must reinstall the Client Deployment component on
the server. ..."

The SBSNetSetup log has this:

-- Starting SBS Net Setup --
-- DoDNSQueryCompanyWeb(): Current server IP 10.0.0.3 --
-- Query for the IP of 'CompanyWeb'. SBS Server is [10.0.0.3] --
-- ServerURL is [http://10.0.0.3/connectcomputer/] --
CNSHelp::Start() - DownloadFile(server.txt) failed [-2146697191]
CNSHelp::Start() - one or more files missing, showing an error and exiting

CAUSE
======
Default web site is not listening on "All Unassigned" for port 80.

RESOLUTION
===========
Set default web site to listen on "All Unassigned" for port 80. To do so:

Open IIS MMC, right click Default Web Site and then click Properties. In the
Web site tab, make sure "All Unassigned" is selected in IP address field.

If not, please change it and run "iisreset".
Note: Before above steps, you may need to check the following:
1. Run CEICW to re-configure the network and firewall on the SBS server.
2. Configure workstations to point to the SBS 2003 server for DNS.
3. Add the ConnectComputer server's IP address or FQDN to the Local Intranet
zone in the Internet Explorer of the client workstations.
4. Make sure the IP addresses of those client workstations are in the same
subnet as the SBS internal NIC.

Anymore thoughts anyone ?????

Actually, even though those are similar, the article states, "When join a computer (vista) to the SBS (no ISA) domain" and you are using ISA, right?

error code -2146697191 is Invalid Certificate.  So... how about installing the SBS Certificate manually?  Do this by going to your RWW site which should produce a certificate error so you can view it and install.

Jeff
TechSoEasy

Yep just to confirm I am using ISA2004SP3, will try your suggestion now.
Regards
Trevor

Hi,
The certificate error also comes up when I try the connectcomputer (documented above)
I did try to install the certificate at that time but no means to do so was available (as far as I could tell in Vista) In XPpro one could click the certificate error icon in the address bar and an option to install the certificate would display. Its not the same in Vista.
How do we install a currently untrusted certificate in Vista in this scenario ???
Cheers
Trev.

To install it, click on the LOCK icon in the address bar, then View Certificate.

Jeff
TechSoEasy

No Lock icon, only ''Certificate error' directly adjacent to address bar with a shield and cross in it.
Trev

Click that.

Did click that but no options to install the certificate, you can read all about them but nothingto install (I know that in XP you could install by this method but in Vista it appears different).
Is there another way to get the cert. file and install . . .
Trev

There's no difference between XP and VISTA... if you are using IE7 (there is a difference between IE6 and IE7 though).

So when you get the first warning page that says, "There is a problem with this website's security certificate" you then click "Continue to this website (not recommended)", which will then make the address bar red (pink) and place a Certificate Error to the right of the URL.  If you click "Certificate Error" there should be a "View Certificates" at the bottom of the pop-up.

HI,
Running IE7 (checked to make sure)
I do as you indicate and get the view certificate, click it and get three tabs (General, Details, Certificate) General displayed as default with Issuer statement (greyed out), OK, and Learn more about cerificates. None of the links in the window expose an option to install the certificate. Is this a user rights issue or something???

In XP the install Cert comes next to the Issuer Statement button

Trev

If the Install Certificate Button is missing, you're running IE in Protected Mode, and you need to disable that.

Jeff
TechSoEasy

Hi Jeff,
OK turned protected mode off for Intranet zone and install cert to default location.
Still get same message etc.
Closed IE7 started again but still get certificate error . . . its the publishing.xxxdoamin.local cert. also still get error message. The entry in that SBSNetSetup log file is still the same (I checked the time)
So there is still a certificate problem ???
Hmmmm
Trev

Can you post a complete IPCONFIG /ALL from both the SBS and the Workstation?

Jeff
TechSoEasy

Hi Jeff
Here are both Ipconfig /all captures

VISTA Laptop (Wireless NIC is disabled)

Windows IP Configuration

   Host Name . . . . . . . . . . . . : XXX-WVIB0005
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : XXXDOMAIN.local

Wireless LAN adapter Wireless Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/Wireless 3945ABG Network Connection
   Physical Address. . . . . . . . . : 00-18-DE-C0-64-FC
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : XXXDOMAIN.local
   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
   Physical Address. . . . . . . . . : 00-16-D4-9F-6E-4C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::ecc3:1fe4:de92:9401%8(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.3.19(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 11 October 2007 10:15:42
   Lease Expires . . . . . . . . . . : 19 October 2007 10:15:43
   Default Gateway . . . . . . . . . : 192.168.3.1
   DHCP Server . . . . . . . . . . . : 192.168.3.1
   DHCPv6 IAID . . . . . . . . . . . : 201332436
   DNS Servers . . . . . . . . . . . : 192.168.3.1
   Primary WINS Server . . . . . . . : 192.168.3.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

   Connection-specific DNS Suffix  . : XXXDOMAIN.local
   Description . . . . . . . . . . . : isatap.XXXDOMAIN.local
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::5efe:192.168.3.19%14(Preferred)
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 192.168.3.1
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 7:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{DD4C5EA7-3396-473D-9CE8-9F4E4F01C547}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes





SERVER IPCONFIG /ALL

Windows IP Configuration

   Host Name . . . . . . . . . . . . : XXX2003
   Primary Dns Suffix  . . . . . . . : XXXDOMAIN.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : XXXDOMAIN.local

Ethernet adapter Internal:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel 8255x-based PCI Ethernet Adapter (10/100)
   Physical Address. . . . . . . . . : 00-02-B3-D8-88-BD
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.3.1
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 192.168.3.1
   Primary WINS Server . . . . . . . : 192.168.3.1


Ethernet adapter External:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel 8255x-based PCI Ethernet Adapter (10/100) #2
   Physical Address. . . . . . . . . : 00-02-B3-D8-88-60
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.100.251
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.100.254
   DNS Servers . . . . . . . . . . . : 192.168.3.1
   Primary WINS Server . . . . . . . : 192.168.3.1
   NetBIOS over Tcpip. . . . . . . . : Disabled

Thanks for percevering with this.
Trev.

PS> How come I see WINS  and DNS  on the external adapter pointing to the internal side?

http://www.isaserver.org/tutorials/Configuring_ISA_Server_Interface_Settings.html

It's early this morning. I hope I'm not just babbling on in you question....

Hi BKelly . .
Remember this is an SBS box and we refer all DNS to to the local server which forwards.
The wizards look after most of that which is why I hadn't questioned it.
Cheers
Trev

Hey Guys,
Nothing doing here., I'm still stuck with this error.
I'm trying the certificate error route but can't find out anything about out to resolve -> anyone got a pointer for me. Whats the time where you are ??
REgards
Trevor

In an attempt to prove my SBS2003R2 infrastructure I've just joined an XPpro box to my domain using the procedure that is currently failing on the Vista box. Significantly, after I install the certificate it is recognised and the certificate error does not occur and all proceeds as expected through to application installation and all.

So . . . is it KB926505 that modifies the connectcomputer site, if so are there any further KB/hotfixes that need applying. Are there any certificate management or user rights issues that I need to be aware of. I can't be sure I was using 'run as administrator for the IE7 session everytime, but it makes no difference at the moment.

I'm at a loss as to what to do next, I did read on one of Jeffs sites that early Vista releases could not be connected to SBS by wizards. I presume all of that has now been addressed otherwise people would be saying as such wouldn't they . . . . hmmmm ???? . . . just asking ???

Well I'm about all evening with a blackberry in my pocket in case someone wants to try an angle on this.
Regards
Trev
 

Well, here's the problem...

IPv6 is not compatible with SBS.  Uninstall it from the Network Connection's protocols and only use IPv4.

Also, the wireless connection needs to be fully turned off... it shouldn't even show up in the IPCONFIG.

Jeff
TechSoEasy

Oh, one other thing... remove the WINS address from your SBS's External NIC.  That shouldn't be there.  After doing that you need to rerun the CEICW.

Jeff
TechSoEasy

I also removed ipv6. Seems pointless right now.

It's pointless when the DNS Server that is handling the client doesn't support it.  Wait until the next release of SBS, then it'll make sense.

Jeff
TechSoEasy

Hi Guys,
Just trying tis before I turn in.
Have disabled the wireless NIC in network connections. Can't quite see how to remove the IPv6 protocol at present. The uninstall button gets greyed every time I highlight it. I have unbound it from the NIC by unticking the box but it still appear in the ipconfig.

I tried a reboot but that didn't work either. Maybe a fresh look tomorrow, any last minute ideas ??
Cheers
Trev

Hmmmm
IPv6 is not now displayed for the local NIC, but those two tunnel adapters are still there and it is bound to them. I still cannot use connectcomputer. Action is exactly as before .. . .I really thought you had it that time . . .@$*&^%!!!

Must turn in now so as to make early start tomorrow.
Thanks each for sticking with this.
Trev

You need to get rid of those... that's definitely the issue.

Jeff
TechSoEasy

I only unbound it myself. Sorry I said remove....

Ok so how do I get rid of those two tunnel adaptors . . . they don't appear in network connections
Trev

No, they wouldn't.... what other protocols do you still have installed on your NICs?

Jeff
TechSoEasy

Good Morning Jeff,
On the local NIC just IPv4 (IPv6 is unbound but still installed) , Link Layer Topology Discovery Mapper I/O driver, and Link Layer Topology Discovery Responder. Not sure if the latter two are truly protocols or not.

Same applies to the Wireless NIC but this is disabled now at the NetworksConnections Properties page.

Thanks
Trev

Yeah... uninstall the Link Layer ones for now.  The truth is that Vista Networking is really cool... but it's a bit ahead of it's time with regards to most networks.

Jeff
TechSoEasy

FYI:  http://blog.libertech.net/blogs/lketchum/archive/2007/06/23/holy-toredo-vista-networking-rocks.aspx

Also, when you uninstall the protocol on the Wired NIC, it'll uninstall it on both.

Jeff
TechSoEasy

Have unbound the link layer stuff rebooted and tried the connect computer but no joy.
Have done removed that WINs setting on the server, done ipconfig /release then renew tried again but no joy. Last bit 'cos I'm pulling at straws.
Thanks for that article I read later and take up some of the references.

I'll uninstall the alink layer stuff now but I can't uninstall the IPv6 the button greys out when I highlight IPv6
any ideas why??
Trev

The IPv6 Teredo ports must be listed in the Network Connections folder on Vista.  I never know how to get to that location directly, (it's apparently in the Control Panel) I always just search Vista's Help for "Uninstall Network Connection" and it comes up.

Jeff
TechSoEasy

Uninstalled the link layer protocols  . . . still no go.
Still can't see how to uninstall IPv6, saw another article on Vista beta 'Prevent network flooding and connection drops'  this explained how to uninstall Link Layer but only explained how to unbind IPv6. Is this significant. Just going to see if HP have an updated driver for this PC.

Trev

You can actually uninstall and reinstall the NIC from the Device Manager which may remove those.

Jeff
TechSoEasy

FYI, I have been trying to boot my virtual Vista Machine to play around with it... but it's in the middle of updates so it'll take awhile.

Have downloaded the uptodate driver.
What are those 'Teredo' Tunneling ports anyway ??
I'll uninstall the NIC and rinstall as you suggest.

Thanks for your help and time on all of this, as ever it is greatly appreciated.

Trev.

Hi,
Uninstalled the Local Ethernet Adaptor (after installing replacement drivers from HP) the device immediatly reinstalled itself (no prompts, just got on with it) I still have the Teredo Tunnel ports there.

To Recap I have just been through all of the stuff we have discussed to ensure nothing left out:

1. Turned off the Vista firewall (well you never know!!)
2. Ensured IPv6 not bound to NIC's, only protocols installed are IPv6 and 4 (4 is only one bound)
3. Run IE7 as admin and check that Proxy server not ticked.
4. try to run https://servername/connectcomputer IE& creates another instance of itself presumably since unprotected Intranet zone. (Starts in protect internet zone)
5. Get certificate error (still) so install it, this completes OK (or so it says)
6. Click 'connect to network now' and get File Diownload - Security Warning for nshelp.exe
7. Click Run and get Small Business Server Network Configuration Wizard dialogue stating an error "An errior occured while trying to copy the Client setup files. Check the following and try again"
8. The following text says check that the proxy box is not ticked (it isn't) It also says if I don'y have a Proxy setup then I need to rerun the Client Deployment component on the server. Since IE7 appears to be setup with a Proxy until I disable it I haven't run the Client Deployment component on the server.

I did look to see how this might be done but its was not apparent, unless the whole of the SBS setup process had to be run again which I'd rather not do unless absolutely necessary.

Thats it . . summary over
Trev . . any more your end???

The Teredo Tunneling Ports are IPv6 virtual devices.  So uninstalling IPv6 should have removed them.  However, I'm thinking that perhaps because the Wireless NIC was disabled when you uninstalled the protocol they may not have disappeared as expected.

You can try to delete them from the device manager > show hidden devices.  But if that doesn't work, re-enable the wireless NIC, reinstall the IPv6 protocol, reboot, uninstall IPv6, disable Wireless NIC.

Yeow.

Jeff
TechSoEasy

Oh wait... you only unbound the IPv6 protocol... you didn't uninstall it?  

Uninstall it!

P. S. that's what I had recommended back in http:#20061571

Jeff
TechSoEasy

Jeff, I can't un-install teh IPv6 protiocol the button is greyed out.

Sorry, forgot about that...

Please do the following:

In the Network Connections folder, obtain properties on all of your connections and adapters and clear the check box next to the Internet Protocol version 6 (TCP/IPv6) component in the list under This connection uses the following items.

This method disables IPv6 on your LAN interfaces and connections, but does not disable IPv6 on tunnel interfaces or the IPv6 loopback interface.
 
" Add the following registry value (DWORD type) set to 0xFF:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\DisabledComponents

This method disables IPv6 on all your LAN interfaces, connections, and tunnel interfaces but does not disable the IPv6 loopback interface. You must restart the computer for this registry value to take effect.
 
per:  http://www.microsoft.com/technet/network/ipv6/ipv6faq.mspx

Jeff
TechSoEasy

I have been trying to find away to un-install but no go.
Did find a command line using netsh (that defined for every flavour of windows but Vista) but it complained about the uninstall keyword. I've lost the reference now, could find again if needed.

Just got another message from you
trev

Ok good news is the tunnel adpaters have gone. But I still can't use connectcomputer, same problem.
@*&^%$£ !!!!!

Trev
PS have unbound QoS packet scheduler too . . for good measuer, still no go.

What error are you getting from connectcomputer now?

Jeff
TechSoEasy

Still the Cannot copy client files?

See:  http://groups.google.com/group/microsoft.public.windows.server.sbs/browse_thread/thread/45a79c5b84e98da/6da52c305d1cd404?hl=en&lnk=st

Jeff
TechSoEasy

It hasn't change, the SBSNetSetup.txt file has exactly the same entry in it as before (you said that was a certificate error).

Trev.

I've seen an earlier vesrion of this before (Thats Mr Li from MS) This describes a permissions issue on the %windir%DownLoaded Program Files folder. Trouble is you can't change the permissions, there aren't any to change in the properties window. That folder is a different class to normal folders. It has a different Icon (folder with an IE7 icon in it) and you only get General and Previous Version tabs in the properties window. How do I check the permissions ???

Trev.

I don't have acces to that folder, certainly at an interactive user level. I am a local administrator but may be this folder needs system credentials in order to write to it.

I see we have two issues:
1. The certificate issue.
2. a rights issue downloading files to that folder.

Would you concur
Trev.

The Downloaded Programs Files folder is just the IE ActiveX objects.  You should normally have full access if you are logged in with an administrator account.

If you can view the files and "update" files in that folder you are fine there.

Jeff
TechSoEasy

FYI, I'm ready to blame all of this on ISA Server anyhow... but then again, I don't have one to blame it on.  :-)

I can't update any part of any file in that folder. The only file there is Windows Genuine Advantage Validatiion Tool. I acn't rename it copy it, delete, or anything. I certainly can't copy any file to that folder. I just get a 'red circle with a red band across it' icon when ever I try to copy to it.

have I git this right. The NSHELP program has been involked when we run connectcomputer. That program tries to copy files from the connectcomputer website to the '%windir%Downloaded Program Files' folder. What priviliges has the nshelp program when it runs and how do we check them ???

Trev

Could it be that the ocx which was originally downloaded and installed by IE7 was installed with incorrect priveliges and needs uninstalling now and then we start afresh ???
Trev

After two days, I wonder if you may look at a fresh server install, if you can. Diminishing rate of return here..... :-)

I don't think the problem is with the server. We are not trying to just resolve the issue on my system. The problem needs to be understood so that others installations (mine and others out there) can proceed without a hitch. I have already proved the connectcomputer works fine with an XPpro machine.

Answer IMO: NO.
Thanks all the same
Trev

Sorry to be a pain. I was just referenceing your "I'm ready to blame all of this on ISA Server anyhow... " :-)

Thats fine BK, that was Jeffs comment and hes getting ready for the next generation SBS (IE no ISA server) so its tempting to blame ISA :-)) All comments welcome . . that is what this site is for hey!!

Jeff, Whats the story on how I should be able to access that client download folder. I don't know wether to keep trying that angle or look else where. Is there anyway we can prove the theory that permission on this folder are the problem. By,say, manually doing the first part of the nshelp program (copying files) as suggested by Mr Li. I don't see anywhere on the web where he has successfully achieved what he is recommending.

Trev.

Mr. Li's comments are all about accepting the ActiveX download from http://<servername>/connectcomputer.  He merely states that it will download into that folder... not that you have to actually do anything to make that happen.

Are you even getting an ActiveX download prompt when running connectcomputer?  If you aren't then that's where he suggests that you add the SBS 2003 server's IP address or FQDN to the clients' Local Intranet zone.

Also, let me double-check that you've downloaded and installed the updated ISA Firewall Client ?
 http://go.microsoft.com/fwlink/?LinkId=77006

Jeff
TechSoEasy

Yeah thats just my point. I do get the prompt to download the activeX. I'm unclear as to exactly what happens next. If the dialogue to start running the nshelp.exe program is generated before the file is actually copied than I feel the copy is failing and I need to look at why. If this dialogue is only generated after the copy succeeds then maybe there is permissions issue on the way nshelp is running.

I confirm that I have down loaded the ISA2004/vistaupdated firewall client. Have been trying it enables and disabled each time.

I'm about to send MrLi an email to try and determine if anyone has resolved copying files to that folder.

Trev

Just thought are there any config changes needed in the ISA2004/Vista client firewall. I had one issue a while ago that required a specific change for things to work.

Trev

You can't send him one directly without first posting to the Newsgroup.  It won't reach him.  If you do post to the newsgroup, don't post in the current thread, start a new one and reference that particular thread instead as "40697494-Vista cannot join SBS network"

Jeff
TechSoEasy

Did you add the FQDN of the server to the local Internet Zone though?

Yes I did add https://xxx2003/connectcomputer to the trusted sites zone. It added https://xxx2003 to the list. I have also added http://xxx2003 to the list too (I know we really want to authenticate with the site but no harm in seing if port 80 works.

What are your thoughts concerning that folder. I saw in an earlier version (or even thread) of MrLi's response to this problem that he expected the logged in user to be able to copy files to that folder. In every instance, that I've seen a comment to this thread, users have not been able to copy the files. I'll try to find the salient part of that thread and post here.

Trev.

No... that's not right... you need to add the FULLY QUALIFIED DOMAIN NAME which is: xxx2003.XXXDOMAIN.local

You can also add 192.168.3.1 per the recommendation of Mr. Li.

Jeff
TechSoEasy

Ahhh, yeah sorry. Will do straight away.
TW - Bungle head !!!

This is better than Kung Fu.  

Master Po: What do you hear?
Caine: I hear the grasshopper.

Funny... it's just backwards... the actual character in KungFu's name was spelled "Kane" which is my last name.

:-)  http://www.imdb.com/title/tt0068823/quotes

Ho Hum . . . placed the FQDN and the IP address in the trusted list and still no joy.
Trev

I stand corrected... I had thought it was Kane... which is how many folks spell it even for that role.  I must have confused it with http://www.youtube.com/watch?v=RgWmnX7iTvI

OMG, that's awesome. Thank you for sharing today, master.

Hi Guys . . finished watching the telly . . . sorry just joking :-)))))
Instead of runing the nshelp I tried saving. It saves to the desktop but when run causes the same message to appear as before. So file copy (at least for that file is OK) its what it does when run thats the issue. Even running as admin gives the same error.

Trev.

Trevor,

Can you please post the contents of C:\Inetpub\ConnectComputer\server.txt (from the SBS)?

If this goes much farther, I'd say to just manually add the computer... then do the http://sbsurl.com/rejoin steps again, because it may work after being joined once already.

Jeff
TechSoEasy

Sure,
<<Start>>

<?xml version="1.0"?>
<root>
      <server ip="" domain="XXXDOMAIN.local" netbios="XXXDOMAIN" name="XXX2003"/>
</root>

<<Finish>>
We have already done the manual join earlier and then done the rejoinas per your document. But maybe good idea since stuff has changed (protocols, etc)
Trev

Try one other thing for me here...

Can you go to http://xxx2003.XXXDOMAIN.local/ConnectComputer/Vista.htm

And try it from there?

Jeff
TechSoEasy

Hi,
I get the file download is blocked message, so right click the bar (as before) and select download the file. Then the dialogue box says do you want to run or save so I click run. Then the error box comes up as before.

Trev

That vista.html file is just copying that file and starting to run it. Under what account will it run it  . . .admin?? or system, or me. Whats the version of the nshelp.exe program supposed to be I have 5.2.2893.1 dated in feb of this year.

Is this folder updated by any of the KBs referenced so far . . well I know it must add the Vista.html but anything else.

Trev.

That's the right version and Absolutely you run it under Administrator.  

What do you mean you must add the Vista.htm ?

What I mean is that I presume part of the SBS update for Vista is to add script for when a vista client accesses connectcomputer site. I was just wondering if the update had happened correctly.

Trev

Will you run the script already!!!

Yeah I ran it a while ago my reply was ref :2006806
Trev

Okay, then you aren't running it as an Administrator

OK heres wghat I did.
1. Click Start-Programs-Accessories-run and a the run dialogue appears with a note that 'This task will be created with administrative priviliges' under the open : field.
2. Entered http://xxx2003.xxxDOMAIN.local/connectcomputer/vista.htm in the open: field clicked OK
3. IE7 launched with Certificate Error: Navigation Blocked and "?Protected mode is currently turned off for the Local Intranet zone" displayed in the information bar. (I closed the accompanying Information bar dialogue)
4. Clicked Continue to this websiet (not recommended)
5. Got Small Business Server Network Configuration tab in IE7 and "To Help protect your security, Internet Explorer has restricted this site from showing certain content. click for options" in the information bar. I Right Clicked the information bar.
6. Selected File Download Blocked-Download File. . .
7. Got File Download - Security Warning and Do you want to run or save this files (Name : nshelp.exe Type: Application From: xxx2003.xxxdomain.local. Draging the dialogue to one side reveals a 0% of nshelp.exe from xxx2003.xxxdomain.local  progress dialogue.
8. Clicked RUN in File Download dialogue. Got Small Business Server Network Configuration Wizard Error dialogue of "An error occured while trying to ciopy the client Setup files  . . . . etc." only option is to click OK
9. Clicked OK. Control returns to the Network Configuration tab with ?Protected mode is currently turned off for the local intranet zone" and When you are prompted to download nshelp, click run  . . . etc.

Was I runing the vista.html in admin mode ??? I thought so.

I'll try the manual connect and rejoin over the weekend if the wife and kids give me a moment.
Have a good weekend your self Jeff. Thanks for your support this, I'm sure it will be cracked but by whom I'm not sure at present.

Cheers
Trev.
10

Also ran above starting from 3. after starting IE7 with 'run as administrator'. Result was the same.
Trev

Trev,

When you view the certificate, does it say publishing.domain.com or XXX2003.xxxdomain.local?

Because if the publishing certificate is what's being fed by the connectcomputer virtual directory, then you need to change that.

Jeff
TechSoEasy

Sorry, my bad... I always get those backwards...

Your default website should have the publishing.xxxdomain.local certificate.  The other certificate should be whatever FQDN you used in the CEICW (ie, hostname.xxxdomain.com).

You SHOULD be getting the publishing.xxxdomain.local certificate when going to ConnectComputer... but if you view that certificate and look at the Issuers, hopefully it'll also have the other local FQDN names as well.

Jeff
TechSoEasy

Hi Jeff
Hope you have had a few hours break from techsville.
Viewing the certificate (clicking the Certificate Error-View Certificate) shows Issued to: publishing.XXXDOMAIN.local and Issued by: publishing.XXXDOMAIN.local. The Detaills tab reveals other detail but no other FQDN names. I take it this is the lesser of the two problems (Trusted Certificate installation versus failure of nshelp to download files).

Where should the certificate be installed to in order to be in the Trusted Root Certificates Store ? Can one check this or store there manually. ?

Trev

Good Morning All,
I hope this thread is providing entertainment for someone . . . it certainly isn't me.
OK, I have connected the Vista Laptop to the server manually and then followed the procedure for rejoining a network. IE As local admin on the Vista box unjoin to WORKGROUP, changed the name of the computer, deleted the c:\program files\MS Windows SBS\Clients folder. The registry key HKLM\Software\Microsoft\SmallBusinessServer did not exist so couldn't delete it, Network setting do get IP through DHCP. Went to the server and deleted the old vista name from the computer group in Server Management and setup a new computer with the new name.

IP Config at the Vista PS is:
Windows IP Configuration

   Host Name . . . . . . . . . . . . : XXX-WVIB0006
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : XXXDOMAIN.local

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : XXXDOMAIN.local
   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
   Physical Address. . . . . . . . . : 00-16-D4-9F-6E-4C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.3.19(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 15 October 2007 10:12:19
   Lease Expires . . . . . . . . . . : 23 October 2007 10:12:19
   Default Gateway . . . . . . . . . : 192.168.3.1
   DHCP Server . . . . . . . . . . . : 192.168.3.1
   DNS Servers . . . . . . . . . . . : 192.168.3.1
   Primary WINS Server . . . . . . . : 192.168.3.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Server IP config not change (apart from removing the WINS server from the External NIC)
Attempted to connect to SBS server using http:\\xxx2003\connectcomputer get same results as before.
Have checked all through the above thread to ensure that settings have not become unset. Still no joy. I appreciate the need to resolve this since it is not only me with the problem. So I'm happy to leave in this state for a few days to see what others have to offer. failing that I'm going to have to determine what the connectcomputer does and conduct this manually (but I really don't want to go down this route unless I have to).

Personally I think this has something to do with permissions and ISA2004. But don't know how to diagnose as yet.

What are anyone elses thoughts (once again thanks to Jeff for all the time he put into this last week)

Regards
Trev.

"Personally I think this has something to do with permissions and ISA2004. But don't know how to diagnose as yet."

Hate to say it but I have this exact same problem with our SBS 2003 box which doesnt run ISA!

https://www.experts-exchange.com/questions/22883435/Cannot-use-ConnectComputer-wizard-to-add-Vista-client-to-2003-SBS-domain.html

The SBSNetSetup produces the same error. I have a purchased certificate which after Jeffs comments, I am wondering is that my problem?

I know how you feel Trevor, this problem is driving me nuts and we are about to take on more staff who will end up with Vista Business notebooks!

Hey, just to check... do both of you have http://support.microsoft.com/kb/930955 installed on the Vista machines?

Jeff
TechSoEasy

Yep, double checked that one earlier today and have just double, double checked in the list of installed updates. It's definitely installed. I have another thread running on the microsoft.public.windows.server.sbs board. Not much joy at present. I'll post here anything that different to what we have discussed. Interesting that the same error comes up when no ISA though eh Jeff ???

Regards
Trev

Yeah, have this one installed already :(

Adam

Well, to be honest, the only thing we haven't tried here is to do what the error message tells you to do... reinstalling the Client Deployment component on SBS.

Jeff
TechSoEasy

Yeah I was rather fearing we'd get to this.
I did start the process then chickened out after getting messages like "pressing cancel after this point will invalidate your installation licence" or some such wording. It seemed to be heading to run the whole of the SBS setup again. I was rather hoping that this would just allow a portion of the setup to be modifiled.

Can you confirm how the setup should be started, is it in change and remove progs highlight Windows Small Business Server 2003 then click Change/Remove. This starts with Setup is loading 1 to 40 components and then starts the full setup dialogue . . . Welcome to MS Windows Small Bus Server Setup. It looks like it is going to start prompting for disks again and doing a default install. When does it determine that there is already a configured server there ????

Trev
Trev

"pressing cancel after this point will invalidate your installation licence"

Huh?  I've never heard this.  

"Can you confirm how the setup should be started, is it in change and remove progs highlight Windows Small Business Server 2003 then click Change/Remove. This starts with Setup is loading 1 to 40 components and then starts the full setup dialogue . . . Welcome to MS Windows Small Bus Server Setup."

Yes... that's exactly how you do it... it does trick you a bit because it says it'll take up to 30 minutes... and it really takes like 15 seconds.  (The 30 minutes is from the initial install dialogue).

Then you get to the "Component Selection" screen, and you need to set Server Tools to "Maintenance" and "Client Deployment" to "Maintenance" as well.  Then finish out the wizard.  It is really a pretty non-evasive procedure and should only take a few minutes.

Jeff
TechSoEasy

Ok got that far but, shouldn't I set the client deployment to reinstall . . .
Trev

No, you don't need to set it to reinstall...just Maintenance.  but if that doesn't do the trick for you, then you can always "Uninstall" and then run the wizard again to "Install".

Jeff
TechSoEasy

Ah but setting to maintenance doen't allow Next to be ungreyed. So I guess its set to Uninstall and run again to install . . .there is an option to 'Reinstall' why not that instead of the two pass approach
Trev

Maintenance in BOTH Server Tools AND Client Deployment? doesn't allow you to go forward?

Jeff
TechSoEasy

That is correct
trev

You're right it doesn't... I tested it right before posting http:#20081148 but my test server must have had something else pending because it did allow me to go forward at that point... rerunning setup I see that it doesn't.

SO just select uninstall on Client Deployment, then rerun to Install.

Jeff
TechSoEasy

Oh, wait... does it say "Install" next to IE 6.0 and Outlook 2003?  If so, you need to change those to Install and it'll let you go forward.

Jeff
TechSoEasy

No With Maintenance selected the options for ie6 and ms office are
None (installed)
Remove
Reinstall

trev

Reinstall

Had feed disk 4 and Outlook disk  . . .is now complete will test
Trev

Ho Hum,
Same as before . . . haven't rebooted server as yet. Have booted Vista PC.
I'll post again tomorrow . . . I need to get some invoicing done tonight before I go to bed . . . . thanks for the hand holding.

Trev.

did you get an error that said SBS may have been overwritten, etc. and the Service Pack may need to be reinstalled?

Jeff
TechSoEasy

Trevor,

I probably should have asked for this long ago... but can you please post the results from running SYSTEMINFO at a CMD prompt on the SBS?

Thanks.

Jeff
TechSoEasy

Good Morning Jeff,
Sorry I had to go off line last night, I had some uregent admin to attend to.
No there were no messages like those you describe, just prompts for those 2 disks and a short wait. It didn't even ask me to reboot the server. Here is the sysinfo dump that you asked for.

SBS Sysinfo dump :
Host Name:                 XXX2003
OS Name:                   Microsoft(R) Windows(R) Server 2003 for Small Business Server
OS Version:                5.2.3790 Service Pack 2 Build 3790
OS Manufacturer:           Microsoft Corporation
OS Configuration:          Primary Domain Controller
OS Build Type:             Multiprocessor Free
Registered Owner:          a user at
Registered Organization:   Whytec Limited
Product ID:                74995-067-2942945-42742
Original Install Date:     10/05/2007, 20:31:08
System Up Time:            2 Days, 13 Hours, 55 Minutes, 38 Seconds
System Manufacturer:       Intel Corporation
System Model:              SE7500CW2
System Type:               X86-based PC
Processor(s):              2 Processor(s) Installed.
                           [01]: x86 Family 15 Model 2 Stepping 7 GenuineIntel ~2392 Mhz
                           [02]: x86 Family 15 Model 2 Stepping 7 GenuineIntel ~2392 Mhz
BIOS Version:              PTLTD  - 6040000
Windows Directory:         C:\WINDOWS
System Directory:          C:\WINDOWS\system32
Boot Device:               \Device\HarddiskVolume1
System Locale:             en-gb;English (United Kingdom)
Input Locale:              en-gb;English (United Kingdom)
Time Zone:                 (GMT) Greenwich Mean Time : Dublin, Edinburgh, Lisbon, London
Total Physical Memory:     1,023 MB
Available Physical Memory: 268 MB
Page File: Max Size:       2,473 MB
Page File: Available:      1,041 MB
Page File: In Use:         1,432 MB
Page File Location(s):     C:\pagefile.sys
Domain:                    XXXDOMAIN.local
Logon Server:              \\XXX2003
Hotfix(s):                 79 Hotfix(s) Installed.
                           [01]: File 1
                           [02]: File 1
                           [03]: File 1
                           [04]: File 1
                           [05]: File 1
                           [06]: File 1
                           [07]: File 1
                           [08]: File 1
                           [09]: File 1
                           [10]: File 1
                           [11]: File 1
                           [12]: File 1
                           [13]: File 1
                           [14]: File 1
                           [15]: File 1
                           [16]: File 1
                           [17]: File 1
                           [18]: File 1
                           [19]: File 1
                           [20]: File 1
                           [21]: File 1
                           [22]: File 1
                           [23]: File 1
                           [24]: File 1
                           [25]: File 1
                           [26]: File 1
                           [27]: File 1
                           [28]: File 1
                           [29]: File 1
                           [30]: Q147222
                           [31]: KB933854 - QFE
                           [32]: SP1 - SP
                           [33]: KB907747 - Update
                           [34]: KB911829 - Update
                           [35]: KB912442 - Update
                           [36]: KB916803 - Update
                           [37]: KB924334 - Update
                           [38]: KB926666 - Update
                           [39]: KB931832 - Update
                           [40]: KB917283 - Update
                           [41]: KB922770 - Update
                           [42]: KB928365 - Update
                           [43]: KB926601 - Update
                           [44]: Q927978
                           [45]: Q936181
                           [46]: IDNMitigationAPIs - Update
                           [47]: NLSDownlevelMapping - Update
                           [48]: KB925398_WMP64
                           [49]: KB929969 - Update
                           [50]: KB931768-IE7 - Update
                           [51]: KB933566-IE7 - Update
                           [52]: KB937143-IE7 - Update
                           [53]: KB938127-IE7 - Update
                           [54]: KB939653-IE7 - Update
                           [55]: KB914961 - Service Pack
                           [56]: KB921503 - Update
                           [57]: KB924667-v2 - Update
                           [58]: KB925876 - Update
                           [59]: KB925902 - Update
                           [60]: KB926122 - Update
                           [61]: KB927891 - Update
                           [62]: KB929123 - Update
                           [63]: KB930178 - Update
                           [64]: KB931768 - Update
                           [65]: KB931784 - Update
                           [66]: KB931836 - Update
                           [67]: KB932168 - Update
                           [68]: KB933360 - Update
                           [69]: KB933729 - Update
                           [70]: KB933854 - Update
                           [71]: KB935839 - Update
                           [72]: KB935840 - Update
                           [73]: KB935966 - Update
                           [74]: KB936021 - Update
                           [75]: KB936357 - Update
                           [76]: KB936594 - Update
                           [77]: KB936782 - Update
                           [78]: KB941202 - Update
                           [79]: XpsEPSC
Network Card(s):           2 NIC(s) Installed.
                           [01]: Intel 8255x-based PCI Ethernet Adapter (10/100)
                                 Connection Name: Internal
                                 DHCP Enabled:    No
                                 IP address(es)
                                 [01]: 192.168.3.1
                           [02]: Intel 8255x-based PCI Ethernet Adapter (10/100)
                                 Connection Name: External
                                 DHCP Enabled:    No
                                 IP address(es)
                                 [01]: 192.168.100.251

Cheers Jeff
Trev

Jeff,
I'm going back to bare metal on the Vista box. The OS is installed again and all MS updates applied. Also all the HP drivers have been downloaded and installed. I'm doing a check on what needs installing for Vista/SBS. As far as I can see there are no other updates to run on the Vista PC other than KB930955 - the Profile WMI provider. I'll need to run the updated Firewall client but not until after I connect.

Can you confirm that is correct.
Regards
Trevor

Before you do that... I think you should check your SBS.  There's a brand new SBS Best Practices Analyzer that just came out yesterday.  Please download and run on the server:

http://www.microsoft.com/downloads/details.aspx?FamilyId=3874527A-DE19-49BB-800F-352F3B6F2922&displaylang=en

Jeff
TechSoEasy

Too late for the Vista box but I'll run the best practices Analyser anyway on the server.. . can you confirm the KB's for the Vista Box. I have to on site this morning back later this pm.

REgards
Trevor

No, that's not the only update... but rather than just give you confirmation on that, why don't you use Philip's RipCurl Checklist:  http://blog.mpecsinc.ca/2007/05/sbs-2k3-r2-windows-vista-ripcurl.html

Jeff
TechSoEasy

Well from the check list here I determined the following:
Vista Requirements after normal Autoupdates:
KB930955
KB929556 (ISA2004 Vista FWC)

SBS2003SP2/ISA2004SP3
KB926505
KB911829
KB930414 (Cannot find component, probably due to SP3)

Ran the \\XXX2003\connectcomputer and got exactly the same message as before. Turned off all the stuff referenced in the error message regarding IE but still no joy.

I'm going to look at your best practices analyser and report back

Cheers
Trev.

Just to note, I ran the best practises analyser and it didnt list anything conclusive in my enviroment.

I am currently building two Virtual Machines, one SBS box and an XP client to see if I can get it to work in that environment.

This problem is getting ridiculous!

Yep, this prob is certaunly that . . . £$%^& rediculous !!!!
As your self I didn't uncover anything either a couple of registery setting cleared up the two criticals that I had . . . which I don't think were actually causing a problem only potential issues.

I now have 3 warnings :
1. Daylight savings time not updated despite applying Sharepoint Services SP3. It references other hotfixes which I don't appear to be able to apply or SBS says I've already applied.
2. Windows SBS 2003 R2 Technologies installed - but Sevice pack 2 for windows Sharepoint service 2.0 is not installed (yeah I know I've run SP3 now !!!)
3. PMTU Discovery is enabled - which was part of a fix or work-a-round for SBSSP2 as I recall

Where do we go from here ??????

Trev

Well, I don't see WSS v2 SP3 listed in your SYSTEMINFO above.  So I do wonder if it's actually installed?  KB923643?

"PMTU Discovery is enabled - which was part of a fix or work-a-round for SBSSP2 as I recall"
Do you have a reference for that?  Because I'm not aware of that specific workaround... and if it was a workaround that may not be the better method of resolving whatever problem which prompted you to enable it.  All networking issues from SP's have been resolved with patches at this point.

Jeff
TechSoEasy

Hi Jeff,
Contrary to my statement earlier I have WSUSv3 not v2SP3 sorry for any confusion. This means that KB is not relevant ????

Regarding the PMTU issue I have dug out this note but notice there is more entailed within the actual KB. Is this of relevance to this problem.
Hi there,

check your settings as below. Make SURE you have the newest NIC drivers. There is a problem in SP2 with SBS 2003
Peter

Important settings for ISA 2004

Ensure that your NIC have the newest drivers.
Check the NIC configuration and set all Offload settings to OFF 
The following registry changes have to be made

Root Cause (if known) - PMTU Discovery was disabled in the registry, a default setting.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcp/Ip\Paramters\EnablePMTUDiscovery=1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcp/Ip\Paramters\DisableTaskOffload=1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcp/Ip\Paramters\EnableRSS=1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcp/Ip\Paramters\EnableTCPChimney=1
Before changing any registry settings backup and confirm on Google in case there is a new change.
http://support.microsoft.com/kb/902347 

Regards
Trev

After reading the KB article in full I believe it sensible to disable PMTU IE set reg value to 0. Since my server is never likely to be overworked on my small network. Also I don't believe I have the ISA2004 fire wall setup to participate anyway.

REgards
Trevor

Hi Jeff and fellow Vista connectcomputer wannabees,
I have been in contact with Rebert Li of Microsoft who found the problem after some exchanges of various IIS information. The following was Roberts suggestion after spotting a difference between his test setup and my server.

1. Open IIS.
2. Go to Server(local computer)\Web Sites\Default Web Site\Connectcomputer.
3. Right click Connectcomputer and select properties.
4. On the Directory Security tab and [TW - under Secure Communications], click Edit.
5. Remove the selection of Require secure channel(SSL) and Require 128-bit encryption.
6. Click OK two times and try again.

I don't know why my setup was fine with XP and not Vista. But this is likely to help others out there with a similar problem.
Thanks Jeff for your time and effort, which must earn the points from this site. Can you make an entry referring back to this item so that 'accepted solution' points here.

You may also have comments on Roberts findings.

Regards
Trevor

Hi Jeff,

I did a test ShadowProtect back and restore on an inhouse test SBS 2003 R2 server and a Vista SP1 client. The server restored just fine and all XP workstations logged on with no issue. When I finished restoring the Vista SP1 client I couldn't logon - it complained that the computer SID didn't match (perhaps the vistaPE based restore shadowprotect uses creates a new SID?). I decided to take the machine back to workgroup status and then re-run connectcomputer. At this point I ran into the error that this thread is about with the nshelp.exe error message that it couldn't copy the files. The require SSL box and 128 encryption were checked. I never made that change so I'm wondering what would cause those to be checked if they're not supposed to?

Doug