W2k PC Needs Access to Remote SBS 2003 Domain

I have a server at my location (SBS 2003) which is the domain controller.  I have an employee that works from home, and her PC has W2k as an OS.  I want her to be able to connect to the domain with her computer.  How do I do that?

Incidentally, I don't want to have her do RDP because I want her to use Outlook for Exchange, and it complains about setting up an Outlook account on the same server that is hosting Exchange.

I'm a new Admin.  Be gentle.

---todd
fl4ianAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Fatal_ExceptionSystems EngineerCommented:
You need to setup a VPN for your user, that once established, allows her to logon to the server..  Personally, I would suggest a hardware to hardware VPN for this..  Or, you can place something like a PIX firewall, or Cisco VPN concentrator at your perimeter, and let her connect with the Cisco VPN client...

VPN basics:

http://www.homenethelp.com/vpn/

http://www.chicagotech.net/vpnsetup.htm

If you wish to do this with software only:

http://support.microsoft.com/default.aspx?kbid=308208

0
fl4ianAuthor Commented:
Thanks for the links...

I see info on w2k server, is it also applicable to 2003?  and also, if we both have dynamic ip addresses, how would this change the situation...  ?

i have a no-ip address (similar to dyns.org or whatever it is), and it works just fine for remote desktop, but that's where i get hung up on the RRAS config on SBS 2003.  it doesn't like it.  am i doing something wrong?

thanks again for the quick help.
0
fl4ianAuthor Commented:
also, the hardware must be vpn endpoint rather than vpn passthrough, is that correct also?
0
Cloud Class® Course: Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

Fatal_ExceptionSystems EngineerCommented:
Never tried setting up a VPN hardware solution without a static IP Address...  Personally, I think you would be much happier if you get yourself one..  they are cheap in today's world, at least here in the USA.  I even have statics here at my home, where I run my own webserver (and have VPN capabilities)...  At work, we run a Cisco VPN Concentrator and use Cisco Clients to connect to it..  again, once connected, we just log onto our network as usual, and have all the capabilities of being right there inside the network..  Not sure you want to spend the $ on this, but it is a nice way to go..  (if you are just setting up one VPN, it definitely is expensive, and cost prohibitive)

If you use a hardware VPN solution, or even a hardware VPN concentrator with a client (like Cisco), you don't need to worry about your server..  just if you want to use IPSec passthrough to your server..  and it should be the same setup as the 2K server..
0
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
It's important to realize that SBS has many of these tools built in... so no need to go do other things.  If you are looking to resolve this issue, I would suggest the following.

Have the user log into Remote Web Workplace via https://yourserver.no-ip.com/remote  on the main menu page there are two important links.  

The first is "Configure Outlook via the Internet"  which will provide customized instructions on how to configure rpc over http which will allow the user to use their Outlook 2003 remotely without connecting to the VPN.  If the user does not have Outlook installed you may provide it to them from the Outlook CD that came with SBS.

The second link is to Download the Small Business Server Connection Manager.  This is the customized SBS VPN client which will help them to easily connect to your server via vpn.  In order to be able to connect, you need to be sure that port 1723 is open and pointing to your server, and that any router you have has GRE protocol enabled. (usually called VPN Passthrough).

If you were having problems with the dynamic DNS address on the SBS config, was this with a particular wizard?  Was there a specific error?

You can probably fix whatever it is that's not working by running the Configure Email and Internet Connection Wizard.  Please see http://sbsurl.com/ceicw for a good how-to for the Configure Email and Internet Connection Wizard.  Then on the Configure Remote Access Wizard, you would just need to enter the FQDN you have from No-IP... ie, yourserver.no-ip.com.

Jeff
TechSoEasy
0
fl4ianAuthor Commented:
Techsoeasy: thanks for the help. I'm headed away for the weekend, but will try this when I get back. Thank you for taking the time to respond.

I'll write with questions in a couple of days.

Take care.
0
fl4ianAuthor Commented:
i don't think i have something configured correctly...  when i hit https://yourserver.no-ip.com/remote it doesn't work...  the assigned no-ip domain is xxx.hopto.org, so i tried https://xxx.hopto.org/remote   and it timed out.  i think i've screwed something up to begin with.

also, would i be able to have her access shared network drives from this solution?? or just login for Outlook.?
0
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
No, you may not be able to use https:// with hopto.org you might have to just use http:// and then your SBS will switch over to https if you have the Remote directory configured to require SSL connections, but still leaving port 80 open.  

If you need further details on this, please advise.

Also, just FYI as I re-read your question -- you stated you don't want her to use RDP.  You should know that RDP for users (called Terminal Server in Application Mode) is not available on an SBS.  Instead, Remote Web Workplace allows users with a computer in the office to connect to it from a remote location.  If this user only works from home and does not have a computer in the office, then the Small Business Server Connection Manager (VPN) is the way to go.

The only way she can use the RPC over HTTP configuration is if she has Outlook 2003 installed, by the way.  Otherwise, she should use Outlook Web Access for email.  This can also be accessed through RWW or direcdtly at http://yourserver.hopto.org/exchange

Accessing network shares can be handled in a couple of different ways as well.  Either using the Connection Manager (VPN) or if you store company documents in SharePoint, then she can access those through RWW's link to Companyweb.

More on RWW:  http://sbsurl.com/rww and http://support.microsoft.com/kb/833983

Jeff
TechSoEasy
0
fl4ianAuthor Commented:
I think setting up a share point server would be great, and probably close to what I'm after.

I have the server, and I also have hosting with a hosting company.

But I should probably do the VPN, bercause as I'm learning, it will probably be more helpful to understand them a little better before implementing a sharepoint server.

You are correct, she only works from home and does not have a PC at the office. And thanks for drawing the distinction on the RDP for SBS.

---todd
0
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
You don't have to set up a SharePoint server, it's configured already by your SBS in the initial default configuration.  Just open a web browser and go to http://companyweb on the server or any LAN workstation to see it.

Jeff
TechSoEasy
0
fl4ianAuthor Commented:
when i go to http://companyweb, it asks for the password for ""; my password as a domain admin won't work, nor the Administrator account.  i tried going through the server setup to re-set them, and the remote access wizard failed and gave me an errorlog.  it's using the wrong no-ip.com address...

any suggsetions?
0
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Woah... that sounds like you didn't use the Add User wizards to create your users, and perhaps when you created them you did it directly in Active Directory and didn't use the Default OU of MyBusiness\Users\SBSUsers.

SBS is a pre-configured server that requires many settings to be done the "SBS-way".  You should probably review http://sbsurl.com/itpro to see what I'm talking about... and then you will probably need to go back and read the SBS deployment papers to get a better understanding of how to manage your server.  The best resource I've found is at http://sbsurl.com/techguide.

Jeff
TechSoEasy
0
fl4ianAuthor Commented:
no, i did use the add users wizard, and i know that they're in the path you specifiied...  what else could i have done?
0
fl4ianAuthor Commented:
i read in one of the links you just specified, to make sure you set it up completely before you customize it.  i wonder if thats where i went wrong.  i just now tried to add a user, and it said to reinstall SBS.  that's my next step.

thanks for the links, btw.
0
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Well, reinstallation is probably a hefty task, but legend has it that it takes THREE installations before anyone gets it right.  (It took me FOUR).  

Jeff
TechSoEasy
0
fl4ianAuthor Commented:
well, that makes me feel a little less stupid.  :)  i'm almost done with the install...
0
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
The thing is that most folks don't realize that you really need to allow SBS to do it's thing.  Since you would never put all those server components into one box in an Enterprise environment, you also should never treat SBS like an enterprise server.  The way that the SBS development team was able to allow all of those things to work together so harmoniously REQUIRES that they be configured simultaneously... and unless you have six hands and four sides to your brain, manual configuration should be avoided.

The wizards are just GUI scripts anyhow, for the most part... a couple of them (the CEICW and the add-user wizards) are rather complex programs which can't be replicated any other way.

Jeff
TechSoEasy
0
fl4ianAuthor Commented:
o.k.  i got it back up and setup properly (although i DO see one more install in my future)...

beside port 1723, what else do i need to forward to the server in order for my assistant to get in?  and typing xxx.hopto.org/remote times out.  

any suggestions?  i do see the companyweb now...  do you know of any good tutorials on how to maximize the benefit of it; really use it to it's fullest?
0
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
These are the SBS ports that are generally needed:

25 - SMTP
443 - HTTPS (for RWW and OWA)
444 - SharePoint
1723 - PPTP VPN
3389 - RDP for remote administration
4125 - Remote Web Workplace

The TechGuide link I provided above is pretty good.  There are also two books I recommend by Harry Brelsford, http://sbsurl.com/best and http://sbsurl.com/advanced

There's also a decent TechNet online seminar here:  http://sbsurl.com/seminar

Jeff
TechSoEasy

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.