Solved

Error Trying to Connect to Terminal Server through IIS Client

Posted on 2002-06-12
8
550 Views
Last Modified: 2007-11-27
When I try to connect to my terminal server Via the WEB Client which has been perfectly functional for about 5 months now, I get this error Message on ALL MACHINES (About 14 of them)
Problem Report
 Access denied to system because of URL Filter Configuration, while attempting to retrieve the URL: (Edited for Security Purposes).
 
Message ID
 FILTER_DENIED
 
Problem Description
 Your system was configured to deny access to this URL.
 
Possible Problem Cause
 Request denied, as specified in the local filter list configuration.
 
Possible Solution
 Contact your network support team if this problem persists.

I have Checked IIS and everything seems Fine, I can access IIS INTERNALLY but not from outside the Network through the router, I have checked router settings and all is well, NOTHING has changed, Could it be an ISP Issue of some sort?  Thanks for a quick response, Down time is NOT Good time!!!

Microsoft KB says this is a Browser issue (on the Users side) But how could that possibly be, All 14 pc's browsers somehow reconfigured at the same time not to work.... Makes no sense.
 

 
0
Comment
Question by:belink
8 Comments
 
LVL 7

Expert Comment

by:franka
ID: 7075546
clients are all the same os?
Do you use a proxy? or any virus protection?

this message is normally generated by the IE Content Advisor
0
 

Author Comment

by:belink
ID: 7075715
Clients are all Win2k - Using McaFee on the server, Have tried disabling and that has no effect, I have one PC that I am attempting to connect with and I have disabled all virus Protection on it.  It seems like it might be a DSL Modem Issue, Im still trying my own troubleshooting on this end, When I do a tracert, It times out on the hop at the Default gateway and wont make it to the actaul IP, Of course there is a firewall but that is set to pass port 80 to the server for IIS, Just so strange that all PC's stoped working at the same time, Seems like it has to be something on the server side or the ISP.  This is a tough one. (for me at least!!)
0
 
LVL 7

Accepted Solution

by:
franka earned 100 total points
ID: 7075736
many firewalls filter ICMP (tracert) and pass port 80.

No proxy is used?

disabling av won't help. you really have to stop the services.

ISP can be a reason indeed.
0
Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

 
LVL 6

Assisted Solution

by:jdfulton
jdfulton earned 100 total points
ID: 7075753
It sounds like someone set up IPSec?  Make sure its not set up if you dont want to use it.  Here is how you set it up. You should be able to use this to remove it also.

 
PSS ID Number: Q315055
Article last modified on 04-01-2002
 
:2000
 

 

======================================================================
 
-------------------------------------------------------------------------------
The information in this article applies to:
 
 - Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server
-------------------------------------------------------------------------------
 
IN THIS TASK
------------
 
 - SUMMARY
 
    - How to Create the IPSec Filter List for Terminal Services Communications
- How to Create and Enable the IPSec Policy to Secure Terminal Services
  Communications
- How to Ensure That Clients Respond to the Terminal Server's Requests for
  Security
- Troubleshooting
 
SUMMARY
=======
 
You can use Windows 2000 Terminal Services to gain access to programs in a
multiple-user Terminal server environment. Communications between the Terminal
Services client computer and the server that has Terminal Services enabled can
contain sensitive information; therefore, you may want to optimize security
between the Terminal Services client and the Terminal server. This step-by-step
article describes how to configure the Terminal server to require varying
degrees of encryption by using the RC4 algorithm to secure Terminal Services
communications.
 
Many organizations use standardized Internet Protocol security (IPSec) for
network security. You can configure IPSec policies on Terminal servers to force
all Terminal Services communications to be protected by IPSec.
 
This article assumes that you are configuring computers that are a part of a
domain structure. If the computer is not part of a domain structure, you may
also have to configure encryption and authentication services.
 
For additional information about troubleshooting IPSec, click the article number
below to view the article in the Microsoft Knowledge Base:
 
   Q257225 Basic IPSec Troubleshooting in Windows 2000
 
To enable IPSec protection for Terminal Services:
 
1. Create an IPSec filter list to match Terminal Services packets.
 
2. Create an IPSec policy to enforce IPSec protection, and then enable the
  policy.
 
3. Enable the Client (respond-only) policy on the Terminal Services clients.
 
How to Create the IPSec Filter List for Terminal Services Communications
------------------------------------------------------------------------
 
1. Click Start, point to Programs, point to Administrative Tools, and then click
  Local Security Policy.
 
2. Click to expand Security Settings, right-click IP Security Policies, and then
  click "Manage IP filter lists and filter actions".
 
3. Click the "Manage IP Filter Lists" tab, and then click Add.
 
4. Type "terminal services" (without the quotation marks) in the Name box, and
  then type "for terminal services connections" (without the quotation marks)
  in the Description box.
 
5. Click to clear the Use Add Wizard check box, and then click Add .
 
6. Click the Addressing tab, click My IP Address in the Source address box, and
  then click Any IP Address in the Destination address box.
 
   After you complete this step, the filter is applied to outbound packets.
 
7. Verify that the Mirrored check box is selected.
 
   If this check box is selected, a packet filter is created to match inbound
  packets. All IPSec-secured communications must be protected in both
  directions; you cannot have unidirectional IPSec security.
 
8. Click the Protocol tab, click TCP in the "Select a protocol type" box, and
  then click "From this port"
 
9. Type "3389" (without the quotation marks) in the "From this port" box, click
  "To any port", and then click OK.
 
10. Click Close, and then click Close.
 
How to Create and Enable IPSec Policy to Secure Terminal Services Communications
--------------------------------------------------------------------------------
 
1. Start the Local Security Settings Microsoft Management Console (MMC),
  right-click IP Security Policies in the left pane, and then click "Create IP
  Security Policy".
 
2. After the IP Security Policy Wizard starts, click Next.
 
3. On the IP Security Policy Name page, type "secure terminal services
  connection" (without the quotation marks) in the Name box, and then click
  Next.
 
4. Click to clear the "Activate the default response rule" check box, and then
  click Next.
 
5. On the "Completing the IP Security Policy Wizard" page, verify that the Edit
  properties check box is selected, and then click Finish.
 
6. Click the Rules tab, click to clear the Use Add Wizard check box, and then
  click Add.
 
7. Click the IP Filter List tab, and then click "Terminal Services IP Filter
  List".
 
8. Click the Filter Action tab, and then click Require Security.
 
9. Click Apply, and then click OK.
 
10. Verify that the Terminal Services Filter List check box is selected, and
  then click Close.
 
11. Right-click the new policy, and then click Assign.
 
How to Ensure That Clients  Respond to the Terminal Server's Requests for Security
----------------------------------------------------------------------------------
 
1. Click Start, point to Programs, point to the Administrative Tools, and then
  click Local Security Policy.
 
2. Click to expand Security Settings in the left pane, right-click the "Client
  (respond only)" policy, and then click Assign.
 
Troubleshooting
---------------
 
To verify that IPSec is working, use the IPSec Monitor utility.
 
For additional information about IPSec Monitor, click the article number below to
view the article in the Microsoft Knowledge Base:
 
   Q313195 HOW TO: Use IPSec Monitor
 
Additional query words:
 
======================================================================
Keywords          : kbtool kbAudITPro kbHOWTOmaster
Technology        : kbwin2000AdvServ kbwin2000AdvServSearch kbwin2000DataServ kbwin2000DataServSearch kbwin2000Serv kbwin2000ServSearch kbwin2000Search kbWinAdvServSearch kbWinDataServSearch
Version           : :2000
Issue type        : kbhowto
=============================================================================
Copyright Microsoft Corporation 2002.


 


0
 

Author Comment

by:belink
ID: 7078125
OK, The problem has FIXED ITSELF.....Have absolutely no Idea what happened other than I was in touch with the ISP and I can only asume they found something on their end and fixed it.  I appreciate the time you guys took to respond to me quickly, I suppose the best thing would be just to split the points between the two of you, Of course Im not sure how to do this, Do you guys know?
0
 
LVL 7

Expert Comment

by:franka
ID: 7078140
many other reports (newsgroups) of that "filter_denied" problem were due to ISP.
Splitting points should be asked for in the EE support.
0
 
LVL 9

Expert Comment

by:fz2hqs
ID: 9825839
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:

Split points between franka and jdfulton

Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

fz2hqs
EE Cleanup Volunteer
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Prologue It is often required to host multiple websites on a single instance of IIS, mostly in development environments instead of on production servers. I am sure it is not much a preferred solution on production servers but this is at least a pos…
Lync server 2013 Backup Service Error ID 4049 – After File Share Migration
This tutorial demonstrates a quick way of adding group price to multiple Magento products.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now