Solved

Error Trying to Connect to Terminal Server through IIS Client

Posted on 2002-06-12
8
563 Views
Last Modified: 2007-11-27
When I try to connect to my terminal server Via the WEB Client which has been perfectly functional for about 5 months now, I get this error Message on ALL MACHINES (About 14 of them)
Problem Report
 Access denied to system because of URL Filter Configuration, while attempting to retrieve the URL: (Edited for Security Purposes).
 
Message ID
 FILTER_DENIED
 
Problem Description
 Your system was configured to deny access to this URL.
 
Possible Problem Cause
 Request denied, as specified in the local filter list configuration.
 
Possible Solution
 Contact your network support team if this problem persists.

I have Checked IIS and everything seems Fine, I can access IIS INTERNALLY but not from outside the Network through the router, I have checked router settings and all is well, NOTHING has changed, Could it be an ISP Issue of some sort?  Thanks for a quick response, Down time is NOT Good time!!!

Microsoft KB says this is a Browser issue (on the Users side) But how could that possibly be, All 14 pc's browsers somehow reconfigured at the same time not to work.... Makes no sense.
 

 
0
Comment
Question by:belink
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 7

Expert Comment

by:franka
ID: 7075546
clients are all the same os?
Do you use a proxy? or any virus protection?

this message is normally generated by the IE Content Advisor
0
 

Author Comment

by:belink
ID: 7075715
Clients are all Win2k - Using McaFee on the server, Have tried disabling and that has no effect, I have one PC that I am attempting to connect with and I have disabled all virus Protection on it.  It seems like it might be a DSL Modem Issue, Im still trying my own troubleshooting on this end, When I do a tracert, It times out on the hop at the Default gateway and wont make it to the actaul IP, Of course there is a firewall but that is set to pass port 80 to the server for IIS, Just so strange that all PC's stoped working at the same time, Seems like it has to be something on the server side or the ISP.  This is a tough one. (for me at least!!)
0
 
LVL 7

Accepted Solution

by:
franka earned 100 total points
ID: 7075736
many firewalls filter ICMP (tracert) and pass port 80.

No proxy is used?

disabling av won't help. you really have to stop the services.

ISP can be a reason indeed.
0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 
LVL 6

Assisted Solution

by:jdfulton
jdfulton earned 100 total points
ID: 7075753
It sounds like someone set up IPSec?  Make sure its not set up if you dont want to use it.  Here is how you set it up. You should be able to use this to remove it also.

 
PSS ID Number: Q315055
Article last modified on 04-01-2002
 
:2000
 

 

======================================================================
 
-------------------------------------------------------------------------------
The information in this article applies to:
 
 - Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server
-------------------------------------------------------------------------------
 
IN THIS TASK
------------
 
 - SUMMARY
 
    - How to Create the IPSec Filter List for Terminal Services Communications
- How to Create and Enable the IPSec Policy to Secure Terminal Services
  Communications
- How to Ensure That Clients Respond to the Terminal Server's Requests for
  Security
- Troubleshooting
 
SUMMARY
=======
 
You can use Windows 2000 Terminal Services to gain access to programs in a
multiple-user Terminal server environment. Communications between the Terminal
Services client computer and the server that has Terminal Services enabled can
contain sensitive information; therefore, you may want to optimize security
between the Terminal Services client and the Terminal server. This step-by-step
article describes how to configure the Terminal server to require varying
degrees of encryption by using the RC4 algorithm to secure Terminal Services
communications.
 
Many organizations use standardized Internet Protocol security (IPSec) for
network security. You can configure IPSec policies on Terminal servers to force
all Terminal Services communications to be protected by IPSec.
 
This article assumes that you are configuring computers that are a part of a
domain structure. If the computer is not part of a domain structure, you may
also have to configure encryption and authentication services.
 
For additional information about troubleshooting IPSec, click the article number
below to view the article in the Microsoft Knowledge Base:
 
   Q257225 Basic IPSec Troubleshooting in Windows 2000
 
To enable IPSec protection for Terminal Services:
 
1. Create an IPSec filter list to match Terminal Services packets.
 
2. Create an IPSec policy to enforce IPSec protection, and then enable the
  policy.
 
3. Enable the Client (respond-only) policy on the Terminal Services clients.
 
How to Create the IPSec Filter List for Terminal Services Communications
------------------------------------------------------------------------
 
1. Click Start, point to Programs, point to Administrative Tools, and then click
  Local Security Policy.
 
2. Click to expand Security Settings, right-click IP Security Policies, and then
  click "Manage IP filter lists and filter actions".
 
3. Click the "Manage IP Filter Lists" tab, and then click Add.
 
4. Type "terminal services" (without the quotation marks) in the Name box, and
  then type "for terminal services connections" (without the quotation marks)
  in the Description box.
 
5. Click to clear the Use Add Wizard check box, and then click Add .
 
6. Click the Addressing tab, click My IP Address in the Source address box, and
  then click Any IP Address in the Destination address box.
 
   After you complete this step, the filter is applied to outbound packets.
 
7. Verify that the Mirrored check box is selected.
 
   If this check box is selected, a packet filter is created to match inbound
  packets. All IPSec-secured communications must be protected in both
  directions; you cannot have unidirectional IPSec security.
 
8. Click the Protocol tab, click TCP in the "Select a protocol type" box, and
  then click "From this port"
 
9. Type "3389" (without the quotation marks) in the "From this port" box, click
  "To any port", and then click OK.
 
10. Click Close, and then click Close.
 
How to Create and Enable IPSec Policy to Secure Terminal Services Communications
--------------------------------------------------------------------------------
 
1. Start the Local Security Settings Microsoft Management Console (MMC),
  right-click IP Security Policies in the left pane, and then click "Create IP
  Security Policy".
 
2. After the IP Security Policy Wizard starts, click Next.
 
3. On the IP Security Policy Name page, type "secure terminal services
  connection" (without the quotation marks) in the Name box, and then click
  Next.
 
4. Click to clear the "Activate the default response rule" check box, and then
  click Next.
 
5. On the "Completing the IP Security Policy Wizard" page, verify that the Edit
  properties check box is selected, and then click Finish.
 
6. Click the Rules tab, click to clear the Use Add Wizard check box, and then
  click Add.
 
7. Click the IP Filter List tab, and then click "Terminal Services IP Filter
  List".
 
8. Click the Filter Action tab, and then click Require Security.
 
9. Click Apply, and then click OK.
 
10. Verify that the Terminal Services Filter List check box is selected, and
  then click Close.
 
11. Right-click the new policy, and then click Assign.
 
How to Ensure That Clients  Respond to the Terminal Server's Requests for Security
----------------------------------------------------------------------------------
 
1. Click Start, point to Programs, point to the Administrative Tools, and then
  click Local Security Policy.
 
2. Click to expand Security Settings in the left pane, right-click the "Client
  (respond only)" policy, and then click Assign.
 
Troubleshooting
---------------
 
To verify that IPSec is working, use the IPSec Monitor utility.
 
For additional information about IPSec Monitor, click the article number below to
view the article in the Microsoft Knowledge Base:
 
   Q313195 HOW TO: Use IPSec Monitor
 
Additional query words:
 
======================================================================
Keywords          : kbtool kbAudITPro kbHOWTOmaster
Technology        : kbwin2000AdvServ kbwin2000AdvServSearch kbwin2000DataServ kbwin2000DataServSearch kbwin2000Serv kbwin2000ServSearch kbwin2000Search kbWinAdvServSearch kbWinDataServSearch
Version           : :2000
Issue type        : kbhowto
=============================================================================
Copyright Microsoft Corporation 2002.


 


0
 

Author Comment

by:belink
ID: 7078125
OK, The problem has FIXED ITSELF.....Have absolutely no Idea what happened other than I was in touch with the ISP and I can only asume they found something on their end and fixed it.  I appreciate the time you guys took to respond to me quickly, I suppose the best thing would be just to split the points between the two of you, Of course Im not sure how to do this, Do you guys know?
0
 
LVL 7

Expert Comment

by:franka
ID: 7078140
many other reports (newsgroups) of that "filter_denied" problem were due to ISP.
Splitting points should be asked for in the EE support.
0
 
LVL 9

Expert Comment

by:fz2hqs
ID: 9825839
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:

Split points between franka and jdfulton

Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

fz2hqs
EE Cleanup Volunteer
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Debug Tools to analyse IIS process: This article focus on taking memory dumps from IIS to determine which code is taking more time and to analyse which calls hangs/causes more CPU usage. To take dumps,download the following. Install1: To st…
Running classic asp applications under Windows Server 2008 R2 (x64) and IIS 7 is not as easy as one may think. It took me a while to figure it out while getting error 8002801d a few times. After you install the OS you will need to install the fol…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question