?
Solved

Can't logon to member TS in a SBS2003 domain after authenticating via PPTP

Posted on 2006-06-08
11
Medium Priority
?
395 Views
Last Modified: 2011-10-03
Hi all,

I have an issue where after I log into the network via PPTP as administrator I can't connect an rdp session to a Terminal Server (call it machine2). The SBS2003 server (call it machine1) will accept RDP connections with no hassles.

I can rdp from the SBS2003 server to the terminal server (machine2).

I've checked the Remote Desktop Users group on machine2 and added Administrator in.

I've also created a GP for 'Allow logon through TS' under computer > windows settings > security settings > local policies > user rights assignment and applied this against the MyServers OU and limited it to machine2 so as not to interfere with my currently working machine1 rdp sessions.

I've checked the RDP connection details and ensured that the correct domain is being entered.

There is no ISA firewall configured at all on this machine it is completely disabled.

Anyone have any thoughts - I'm banging my head on this one.

Cheers
0
Comment
Question by:gorlaz
  • 6
  • 5
11 Comments
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16859529
How did you add your Terminal Server to your network?  Did you use the http://<servername>/connectcomputer wizard?  Did you follow the prescribed methods for configuring a TS in an SBS environment?  If you did, then you can easily connect to the Terminal Server via Remote Web Workplace without having to RDP into the SBS first.

The group policy you created isn't necessary if you follow the guidlines in http://sbsurl.com/sbstss

Jeff
TechSoEasy
0
 

Author Comment

by:gorlaz
ID: 16865887
Hi Jeff,

Yes I did use the Add Server wizard per the guidelines in the documentation you've linked to. I didn't think the group policy was necessary but added it anyway to try and get it working.

I also can't get to RWW either - am getting a gateway not found error.

I started to look into this separately but do you know of any troubleshooting documents for RWW? Everything I've found says to run the CIECW wizard but nothing really tells you what RWW is dependent on other than ports 4125 and 443 and 3389 for TS.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16867290
Please post an IPCONFIG /ALL from your server as well as the Terminal Server.

The CEICW is all that needs to be run for RWW, so I'm guessing you may not have your Network settings configured correctly to begin with.

Jeff
TechSoEasy
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Author Comment

by:gorlaz
ID: 16867459
My machine that I'm using to try to access the TS;

>ipconfig /all

Windows IP Configuration

        Host Name . . . . . . . . . . . . : mymachine
        Primary Dns Suffix  . . . . . . . : mydomain
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : mydomain

Ethernet adapter Local Area Connection:

        Media State . . . . . . . . . . . : Media disconnected
        Description . . . . . . . . . . . : Broadcom 570x Gigabit Integrated Con
troller
        Physical Address. . . . . . . . . : 00-0F-1F-1B-28-EC

Ethernet adapter Wireless Network Connection:

        Media State . . . . . . . . . . . : Media disconnected
        Description . . . . . . . . . . . : Dell Wireless 1450 Dual Band WLAN Mi
ni-PCI Card
        Physical Address. . . . . . . . . : 00-90-96-A9-ED-08

Ethernet adapter Local Area Connection 2:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Microsoft TV/Video Connection
        Physical Address. . . . . . . . . : 00-00-00-00-00-00
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        Autoconfiguration IP Address. . . : 0.8.0.5
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . :

***Not sure what this one is - I've never seen it before***

PPP adapter Internet Dial up:
***This is my dial up connection to the internet

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
        Physical Address. . . . . . . . . : 00-53-45-00-00-00
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 144.139.31.199
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . : 144.139.31.199
        DNS Servers . . . . . . . . . . . : 203.49.70.20
                                            139.134.2.190
        NetBIOS over Tcpip. . . . . . . . : Disabled

PPP adapter RemoteDomain PPTP:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
        Physical Address. . . . . . . . . : 00-53-45-00-00-00
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 10.0.0.58
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . : 10.0.0.58
        DNS Servers . . . . . . . . . . . : 10.0.0.1
        Primary WINS Server . . . . . . . : 10.0.0.1


On the TS itself;

:\Documents and Settings\james>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : server2
   Primary Dns Suffix  . . . . . . . : remotedomain.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : remotedomain.local

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
   Physical Address. . . . . . . . . : 00-13-72-1A-8B-1E
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 10.0.0.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.0.0.9
   DNS Servers . . . . . . . . . . . : 10.0.0.1

Router is 10.0.0.9...

0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16868226
I was hoping to see the SBS's IPCONFIG as well... that is really the telling one... however....

Let's start with the workstation you are trying to connect with...

1.  Disable both the Broadcom 570x Gigabit Integrated Controller and Dell Wireless 1450 Dual Band WLAN Mini-PCI Card just for now so you can test this in a much cleaner environment.

2.  The Microsoft TV/Video Connection is created when you plug in a Digital Camera to your system.  http://support.microsoft.com/kb/303302 explains.  It's not a problem.

3.  You are missing the connection specific suffix on your "PPP adapter RemoteDomain PPTP".  This is probably because you created this connection manually rather than using the SBS's connection client.  The truth of the matter is that you don't need to make a VPN connection for this anyhow... you should be using Remote Web Workplace.  If you followed the SBS method to configure and connect your Terminal Server, you would have a menu option on Remote Web Workplace for "Connect to my Company's Application Server".  This is a much easier way for people to connect since it's not reliant on any of your other connections that you may have on the remote machine.

I would see if you can connect to your Terminal Server from inside your LAN first to make sure that it's also not having problems at that level.

So... first figure out why RWW isn't working... posting the IPCONFIG /ALL from the SBS should provide a clue.

Jeff
TechSoEasy
0
 

Author Comment

by:gorlaz
ID: 16892886
Hi Jeff,

Apologies for the delay.

SBS Output whilst I was connected to it via PPTP;

C:\Documents and Settings\Administrator>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Server1
   Primary Dns Suffix  . . . . . . . : domain.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : domain.local

Ethernet adapter Server Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
   Physical Address. . . . . . . . . : 00-11-43-2C-C9-34
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 10.0.0.1
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.0.0.9
   DNS Servers . . . . . . . . . . . : 10.0.0.1
   Primary WINS Server . . . . . . . : 10.0.0.1

PPP adapter RAS Server (Dial In) Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
   Physical Address. . . . . . . . . : 00-53-45-00-00-00
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 10.0.0.58
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Disabled

Re RWW - I've been doing a lot more reading around here and have read most of your other posts re this - its definitely a lot easier way to manage connections than PPTP in and TS to the servers.

I've opened the necessary ports and am currently getting the below error that I'm about to off and research;

You are not authorized to view this page
The Web server you are attempting to reach has a list of IP addresses that are not allowed to access the Web site, and the IP address of your browsing computer is on this list.
--------------------------------------------------------------------------------

Please try the following:

Contact the Web site administrator if you believe you should be able to view this directory or page.
HTTP Error 403.6 - Forbidden: IP address of the client has been rejected.
Internet Information Services (IIS)

--------------------------------------------------------------------------------

Technical Information (for support personnel)

Go to Microsoft Product Support Services and perform a title search for the words HTTP and 403.
Open IIS Help, which is accessible in IIS Manager (inetmgr), and search for topics titled About Security, Limiting Access by IP Address, IP Address Access Restrictions, and About Custom Error Messages.


Re your second last point - I can create a RDP connection to the TS with no issues from the SBS server.
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 2000 total points
ID: 16894292
To fix your problem with RWW, just rerun the Configure Email and Internet Connection Wizard (CEICW -- linked as Connect to the Internet in the Internet & Email Section of the Server Management Console) and check the box to enable Remote Web Workplace on the Web Services Page.

Just as you suspected in the first response!  

This will modify the IP restrictions on the IIS Virtual Directory.

Jeff
TechSoEasy
0
 

Author Comment

by:gorlaz
ID: 16898454
Hi Jeff,

K, now we've get something funky going on.

I reran the CIECW and sure enough RWW wasn't ticked so I ticked it, followed through and finished it. No errors appeared on the summary screen.

Tried to access via IP (no DNS set up for sername\domainname yet) and got the same IIS error as above.

Went back into CIECW and RWW wasn't ticked still - is there something that can stop RWW from being enabled?
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16900379
You'd have to look at the logs to see what happened.  You'll find that at

C:\Program Files\Microsoft Windows Small Business Server\Support\icwlog.txt

And also take a look at the copy of which settings you chose the last time you ran the CEICW which you'll find at:

C:\Program Files\Microsoft Windows Small Business Server\Networking\ICW\IcwdetailsXX.htm (where XX is the incremental number assigned each time you run the CEICW)

Jeff
TechSoEasy
0
 

Author Comment

by:gorlaz
ID: 16950430
Hi Jeff,

Apologies on the delay on this one, I've had other issues with this system that required more attention.

I rerean IECW and checked the logs again and this time RWW actually installed. Only thing different between this week and last week was a couple of Windows Updates that were installed.

Tried to access it internally and it worked!

Tried externally and received the same forbidden error again.

I checked IIS and the IP for remote had been restricted to local host and internal network possibly as a result of ISA being uninstalled. The IECW hadn't changed it. I checked a couple more posts and a working SBS installation and the IP address had been opened up on those so I did the same on this installation. Is this normal in your experience Jeff?
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16952338
Well, this is the first you mentioned that you UNINSTALLED ISA... so it doesn't surprise me at all that there were things that were a bit off.

And honestly... the way you resolved it is how I resolve most issues... I have the advantage of having about 20 different SBS networks to look at in order to compare settings and configurations.  I generally try to keep everything the same as much as possible, so it becomes fairly obvious when "one of these things is not like the other!"

Jeff
TechSoEasy
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Small Business Server 2011. NOTE: This guide has been written using the preview version of SBS2011 therefore some of the screens may …
The problem of the system drive in SBS 2003 getting full continues to be an issue, even though SBS 2008 and SBS 2011 are both in the market place.  There are several solutions to this, including adding additional drive space or using third party uti…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question