fl4ian
asked on
W2k PC Needs Access to Remote SBS 2003 Domain
I have a server at my location (SBS 2003) which is the domain controller. I have an employee that works from home, and her PC has W2k as an OS. I want her to be able to connect to the domain with her computer. How do I do that?
Incidentally, I don't want to have her do RDP because I want her to use Outlook for Exchange, and it complains about setting up an Outlook account on the same server that is hosting Exchange.
I'm a new Admin. Be gentle.
---todd
Incidentally, I don't want to have her do RDP because I want her to use Outlook for Exchange, and it complains about setting up an Outlook account on the same server that is hosting Exchange.
I'm a new Admin. Be gentle.
---todd
ASKER
Thanks for the links...
I see info on w2k server, is it also applicable to 2003? and also, if we both have dynamic ip addresses, how would this change the situation... ?
i have a no-ip address (similar to dyns.org or whatever it is), and it works just fine for remote desktop, but that's where i get hung up on the RRAS config on SBS 2003. it doesn't like it. am i doing something wrong?
thanks again for the quick help.
I see info on w2k server, is it also applicable to 2003? and also, if we both have dynamic ip addresses, how would this change the situation... ?
i have a no-ip address (similar to dyns.org or whatever it is), and it works just fine for remote desktop, but that's where i get hung up on the RRAS config on SBS 2003. it doesn't like it. am i doing something wrong?
thanks again for the quick help.
ASKER
also, the hardware must be vpn endpoint rather than vpn passthrough, is that correct also?
Never tried setting up a VPN hardware solution without a static IP Address... Personally, I think you would be much happier if you get yourself one.. they are cheap in today's world, at least here in the USA. I even have statics here at my home, where I run my own webserver (and have VPN capabilities)... At work, we run a Cisco VPN Concentrator and use Cisco Clients to connect to it.. again, once connected, we just log onto our network as usual, and have all the capabilities of being right there inside the network.. Not sure you want to spend the $ on this, but it is a nice way to go.. (if you are just setting up one VPN, it definitely is expensive, and cost prohibitive)
If you use a hardware VPN solution, or even a hardware VPN concentrator with a client (like Cisco), you don't need to worry about your server.. just if you want to use IPSec passthrough to your server.. and it should be the same setup as the 2K server..
If you use a hardware VPN solution, or even a hardware VPN concentrator with a client (like Cisco), you don't need to worry about your server.. just if you want to use IPSec passthrough to your server.. and it should be the same setup as the 2K server..
It's important to realize that SBS has many of these tools built in... so no need to go do other things. If you are looking to resolve this issue, I would suggest the following.
Have the user log into Remote Web Workplace via https://yourserver.no-ip.com/remote on the main menu page there are two important links.
The first is "Configure Outlook via the Internet" which will provide customized instructions on how to configure rpc over http which will allow the user to use their Outlook 2003 remotely without connecting to the VPN. If the user does not have Outlook installed you may provide it to them from the Outlook CD that came with SBS.
The second link is to Download the Small Business Server Connection Manager. This is the customized SBS VPN client which will help them to easily connect to your server via vpn. In order to be able to connect, you need to be sure that port 1723 is open and pointing to your server, and that any router you have has GRE protocol enabled. (usually called VPN Passthrough).
If you were having problems with the dynamic DNS address on the SBS config, was this with a particular wizard? Was there a specific error?
You can probably fix whatever it is that's not working by running the Configure Email and Internet Connection Wizard. Please see http://sbsurl.com/ceicw for a good how-to for the Configure Email and Internet Connection Wizard. Then on the Configure Remote Access Wizard, you would just need to enter the FQDN you have from No-IP... ie, yourserver.no-ip.com.
Jeff
TechSoEasy
Have the user log into Remote Web Workplace via https://yourserver.no-ip.com/remote on the main menu page there are two important links.
The first is "Configure Outlook via the Internet" which will provide customized instructions on how to configure rpc over http which will allow the user to use their Outlook 2003 remotely without connecting to the VPN. If the user does not have Outlook installed you may provide it to them from the Outlook CD that came with SBS.
The second link is to Download the Small Business Server Connection Manager. This is the customized SBS VPN client which will help them to easily connect to your server via vpn. In order to be able to connect, you need to be sure that port 1723 is open and pointing to your server, and that any router you have has GRE protocol enabled. (usually called VPN Passthrough).
If you were having problems with the dynamic DNS address on the SBS config, was this with a particular wizard? Was there a specific error?
You can probably fix whatever it is that's not working by running the Configure Email and Internet Connection Wizard. Please see http://sbsurl.com/ceicw for a good how-to for the Configure Email and Internet Connection Wizard. Then on the Configure Remote Access Wizard, you would just need to enter the FQDN you have from No-IP... ie, yourserver.no-ip.com.
Jeff
TechSoEasy
ASKER
Techsoeasy: thanks for the help. I'm headed away for the weekend, but will try this when I get back. Thank you for taking the time to respond.
I'll write with questions in a couple of days.
Take care.
I'll write with questions in a couple of days.
Take care.
ASKER
i don't think i have something configured correctly... when i hit https://yourserver.no-ip.com/remote it doesn't work... the assigned no-ip domain is xxx.hopto.org, so i tried https://xxx.hopto.org/remote and it timed out. i think i've screwed something up to begin with.
also, would i be able to have her access shared network drives from this solution?? or just login for Outlook.?
also, would i be able to have her access shared network drives from this solution?? or just login for Outlook.?
No, you may not be able to use https:// with hopto.org you might have to just use http:// and then your SBS will switch over to https if you have the Remote directory configured to require SSL connections, but still leaving port 80 open.
If you need further details on this, please advise.
Also, just FYI as I re-read your question -- you stated you don't want her to use RDP. You should know that RDP for users (called Terminal Server in Application Mode) is not available on an SBS. Instead, Remote Web Workplace allows users with a computer in the office to connect to it from a remote location. If this user only works from home and does not have a computer in the office, then the Small Business Server Connection Manager (VPN) is the way to go.
The only way she can use the RPC over HTTP configuration is if she has Outlook 2003 installed, by the way. Otherwise, she should use Outlook Web Access for email. This can also be accessed through RWW or direcdtly at http://yourserver.hopto.org/exchange
Accessing network shares can be handled in a couple of different ways as well. Either using the Connection Manager (VPN) or if you store company documents in SharePoint, then she can access those through RWW's link to Companyweb.
More on RWW: http://sbsurl.com/rww and http://support.microsoft.com/kb/833983
Jeff
TechSoEasy
If you need further details on this, please advise.
Also, just FYI as I re-read your question -- you stated you don't want her to use RDP. You should know that RDP for users (called Terminal Server in Application Mode) is not available on an SBS. Instead, Remote Web Workplace allows users with a computer in the office to connect to it from a remote location. If this user only works from home and does not have a computer in the office, then the Small Business Server Connection Manager (VPN) is the way to go.
The only way she can use the RPC over HTTP configuration is if she has Outlook 2003 installed, by the way. Otherwise, she should use Outlook Web Access for email. This can also be accessed through RWW or direcdtly at http://yourserver.hopto.org/exchange
Accessing network shares can be handled in a couple of different ways as well. Either using the Connection Manager (VPN) or if you store company documents in SharePoint, then she can access those through RWW's link to Companyweb.
More on RWW: http://sbsurl.com/rww and http://support.microsoft.com/kb/833983
Jeff
TechSoEasy
ASKER
I think setting up a share point server would be great, and probably close to what I'm after.
I have the server, and I also have hosting with a hosting company.
But I should probably do the VPN, bercause as I'm learning, it will probably be more helpful to understand them a little better before implementing a sharepoint server.
You are correct, she only works from home and does not have a PC at the office. And thanks for drawing the distinction on the RDP for SBS.
---todd
I have the server, and I also have hosting with a hosting company.
But I should probably do the VPN, bercause as I'm learning, it will probably be more helpful to understand them a little better before implementing a sharepoint server.
You are correct, she only works from home and does not have a PC at the office. And thanks for drawing the distinction on the RDP for SBS.
---todd
You don't have to set up a SharePoint server, it's configured already by your SBS in the initial default configuration. Just open a web browser and go to http://companyweb on the server or any LAN workstation to see it.
Jeff
TechSoEasy
Jeff
TechSoEasy
ASKER
when i go to http://companyweb, it asks for the password for ""; my password as a domain admin won't work, nor the Administrator account. i tried going through the server setup to re-set them, and the remote access wizard failed and gave me an errorlog. it's using the wrong no-ip.com address...
any suggsetions?
any suggsetions?
Woah... that sounds like you didn't use the Add User wizards to create your users, and perhaps when you created them you did it directly in Active Directory and didn't use the Default OU of MyBusiness\Users\SBSUsers.
SBS is a pre-configured server that requires many settings to be done the "SBS-way". You should probably review http://sbsurl.com/itpro to see what I'm talking about... and then you will probably need to go back and read the SBS deployment papers to get a better understanding of how to manage your server. The best resource I've found is at http://sbsurl.com/techguide.
Jeff
TechSoEasy
SBS is a pre-configured server that requires many settings to be done the "SBS-way". You should probably review http://sbsurl.com/itpro to see what I'm talking about... and then you will probably need to go back and read the SBS deployment papers to get a better understanding of how to manage your server. The best resource I've found is at http://sbsurl.com/techguide.
Jeff
TechSoEasy
ASKER
no, i did use the add users wizard, and i know that they're in the path you specifiied... what else could i have done?
ASKER
i read in one of the links you just specified, to make sure you set it up completely before you customize it. i wonder if thats where i went wrong. i just now tried to add a user, and it said to reinstall SBS. that's my next step.
thanks for the links, btw.
thanks for the links, btw.
Well, reinstallation is probably a hefty task, but legend has it that it takes THREE installations before anyone gets it right. (It took me FOUR).
Jeff
TechSoEasy
Jeff
TechSoEasy
ASKER
well, that makes me feel a little less stupid. :) i'm almost done with the install...
The thing is that most folks don't realize that you really need to allow SBS to do it's thing. Since you would never put all those server components into one box in an Enterprise environment, you also should never treat SBS like an enterprise server. The way that the SBS development team was able to allow all of those things to work together so harmoniously REQUIRES that they be configured simultaneously... and unless you have six hands and four sides to your brain, manual configuration should be avoided.
The wizards are just GUI scripts anyhow, for the most part... a couple of them (the CEICW and the add-user wizards) are rather complex programs which can't be replicated any other way.
Jeff
TechSoEasy
The wizards are just GUI scripts anyhow, for the most part... a couple of them (the CEICW and the add-user wizards) are rather complex programs which can't be replicated any other way.
Jeff
TechSoEasy
ASKER
o.k. i got it back up and setup properly (although i DO see one more install in my future)...
beside port 1723, what else do i need to forward to the server in order for my assistant to get in? and typing xxx.hopto.org/remote times out.
any suggestions? i do see the companyweb now... do you know of any good tutorials on how to maximize the benefit of it; really use it to it's fullest?
beside port 1723, what else do i need to forward to the server in order for my assistant to get in? and typing xxx.hopto.org/remote times out.
any suggestions? i do see the companyweb now... do you know of any good tutorials on how to maximize the benefit of it; really use it to it's fullest?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
VPN basics:
http://www.homenethelp.com/vpn/
http://www.chicagotech.net/vpnsetup.htm
If you wish to do this with software only:
http://support.microsoft.com/default.aspx?kbid=308208