Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 288
  • Last Modified:

Cannot connect to client computers though RWW from the Internet

I know there are many threads concerning this issue. I have looked through
them and just can't come up with a solution.

Internally on the LAN all clients are listed and I am able to connect to them.
Externally I am able to login to RWW, all clients are listed, but get the
error “The client could not connect to the remote computer” when connecting
to any of them.

Here is what I have tried so far that was recommended from various sources.

I am able to access email from RWW externally.
Port 4125 is forwarded/configured exactly as 443 is on my firewall to my SBS
machine.
XP Firewall on each client has the port 3389 exception enabled.
Remote Desktop is enabled on each client and the remote users are added for
access.
Also added access to the Web Workplace Users group.
I am not using ISA (as far as I know).
Netstat –aon | find “:4125” does not return anything so I don’t think that I
have the Mad.exe issue.
My home subnet is 192.168.0.0. My work subnet is 192.168.10.0.
Disabled the Popup Blocker in IE.

Any assistance would be greatly appreciated. Thanks.

0
sirvodka
Asked:
sirvodka
  • 8
  • 7
1 Solution
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
The fact that you've monkeyed around with the user groups may verywell be the problem. You shouldn't need to do that in order to make this work.

But first, make sure that where ever you are connecting from that the security settings for IE will allow an Active X script to be installed.  This is required before you will be able to access the remote machines.

Also, have you run the Configure Email and Internet Connection Wizard to enable Remote Web Workplace to be open within RRAS on the server?  This is the SBS's internal firewall.  See http://sbsurl.com/ceicw for the step-by-step.

Jeff
TechSoEasy
0
 
sirvodkaAuthor Commented:
Thanks for the response.

On the computers that are trying to access from RWW the ActiveX script has run. One of the computers is my laptop which connects just fine to the clients inside my lan.

What do you mean by "monkeyed around with user groups". What did I do wrong?
0
 
sirvodkaAuthor Commented:
Sorry, missed the last comment.

I have not run RRAS. I have an external hardware firewall.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
It doesn't matter that you have an external firewall... RUN THE Configure Email and Internet Connection Wizard!  It's required in order to complete the installation of your server.

As for user groups, If you are the one trying to access the desktops, and you are a Domain Administrator, then you should be able to do so without a problem, because Domain Admins are made members of the Local Administrators group when you attach a computer to the domain using the http://<servername>/connectcomputer wizard.

Also, any user you've assigned to that computer would also be made a member of the local administrators gorup.  

See http://sbsurl.com/add for an overview of this. (Althought this article recommends removing the user from the local administrators group, I don't agree with that part).

Jeff
TechSoEasy
0
 
sirvodkaAuthor Commented:
Jeff,

I have run the CEICW. It's the first thing I did on the ToDo list when setting up the server. I did not load RRAS and configure the SBS firewall. Are you telling me I must run RRAS on the server and configure the firewall for Remote Desktop to work through RWW? If that is the case why does it work fine internally on my LAN?

Thanks.
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
No, the CEICW configures RRAS for you.  But if you look at the link I provided above, you will see on the Web Services Configuration screen that there is a place to ENABLE RWW which will configure the appropriate ports and protocols for you.

Jeff
TechSoEasy
0
 
sirvodkaAuthor Commented:
Jeff,

I'm either confused or missing something here. When I ran the CEICW I did enable the RWW on the Web Services Configuartion page. I actually selected the items exactly as they are displayed on your link. I can login to RWW externally and internally. I don't think that would work if it was not selected would it?
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
It could work if you didn't select that... one of the things that the CEICW does is to ensure that your ROUTER is configured properly.  So, that's why I'm asking.  

Logging into RWW externally only requires port 443.  When you want to connect to a workstation, that requires port 4125.  

If you say that is open on your router and pointing to the SBS, then I would suggest that you try connecting from somewhere else and see if it works.  Because if everything works internally then it's either the router or the environment from which you are connecting.

(also, you can try rebooting your server to see if that clears up anything)

Jeff
TechSoEasy
0
 
sirvodkaAuthor Commented:
Jeff,

I don't remember seeing any kind of setup/configuration for my router/firewall during CEICW. Is it suppose to auto detect my Cyberguard SC560 and configure it?

I have another user in a different city that has the same issue connecting. It certainly makes sense that if I can access the clients internally the problem probably lies in the firewall configuration or the external site. I have read on this and other forums to check my "home" firewall and ISP to be sure port 4125 is not being blocked. As far as I can tell my "Home" Linksys firewall does not block anything outgoing. Only incoming. I'm assuming Sprint and Qwest do not block 4125 but I'll call to be sure.

Thanks.
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
You may not remember it... so rerun the wizard to see it... (http://www.12c4pc.com/sbs2k3/images/firewall-10.jpg is a screenshot of what I'm referring to).

It will configure your Cyberguard if you enable UPnP on the device.  

I'll bet though that it's the Cyberguard... Since that is a rather complex firewall, it's quite possible that you're double NATing which could cause issues.  You might try taking the Cyberguard out of the picture just to test to see if that's what's happening.

Jeff
TechSoEasy

0
 
sirvodkaAuthor Commented:
Jeff,

UPnP was not enabled on my firewall. I have enabled it and re-run CEICW and do not get the prompts to configure the firewall. I did notice in the instructions the "Network Connections" configuration is only enabled the first time you run CEICW. Could this be why I don't see the firewall configuration?

Thanks.
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Sorry, my error, you only get that screen when you have two NICs.  But you WOULD get the Web Services Configuration screen which also affects your firewall settings.

But all this aside, I'm tending to think it's the Cyberguard.

Jeff
TechSoEasy
0
 
sirvodkaAuthor Commented:
Jeff,

Thanks for all your help so far.

I guess I'll try and bypass the firewall temporarily to see if that is really it. It sounds logical but I have port 4125 forwarded exacly like HTTPS and SMTP. HTTPS and SMTP work fine. The only difference is I have to enter the port# 4125 when creating that service group vs selecting HTTPS and SMTP from a list. I then create the rules exactly the same way for all 3 service groups.

I'll post my results when I have an opportunity to test it.

0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Ahhh... did you configure the Packet Filter Rules for RWW/4125?  The SG 560 has stateful packet inspection which acts very much like ISA Server.  You need to specifically define the type of traffic that will be flowing through the port.  See their user manual for more info.

Jeff
TechSoEasy
0
 
sirvodkaAuthor Commented:
Jeff,

It was definitly an issue with the firewall. Something in my configuration of the poer 4125 Service Group. When I added 4125 to the HTTPS Service Group it started working. The Cyberguard manual is pretty vague on configuring ports that don't already exist in the Service Groups. Anyway, it's working fine now. Thanks for your help.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 8
  • 7
Tackle projects and never again get stuck behind a technical roadblock.
Join Now