jaysonfranklin
asked on
CONNECTION ERROR WHEN ACCESSING CLIENT DESKTOP\SERVERS IN RWW
"The client could not connect to the remote computer. Remote connections might not be enabled or the computer might be too busy to accept new connections. It is also possible that network problems are preventing your connection. Please try connecting again later."
Is the message i get....
Here's my access-list on the pix...
sh access-list
access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 1024)
alert-interval 300
access-list Outside_In; 9 elements
access-list Outside_In line 1 permit tcp any host x.x.49.67 eq https (hitcnt=207) -----> was told i need this for rww
access-list Outside_In line 2 permit tcp any host x.x.49.67 eq 444 (hitcnt=0) -----> was told i need this for rww
access-list Outside_In line 3 permit tcp any host x.x.49.67 eq smtp (hitcnt=742)
access-list Outside_In line 4 permit tcp any host x.x.49.67 eq 3389 (hitcnt=0) -----> was told i need this for rww
access-list Outside_In line 5 permit tcp any host x.x.49.67 eq 4125 (hitcnt=0) -----> was told i need this for rww
access-list Outside_In line 6 permit tcp any host x.x.49.67 eq pptp (hitcnt=0) -----> was told i need this for rww
access-list Outside_In line 7 permit icmp any any echo-reply (hitcnt=0)
access-list Outside_In line 8 permit icmp any any time-exceeded (hitcnt=1)
access-list Outside_In line 9 permit icmp any any unreachable (hitcnt=7)
Also, on the sbs server, under the 'remote' tab, remote connections are enabled and remote web workplace users are added.
Anything else i need to do or that i should check?
Is the message i get....
Here's my access-list on the pix...
sh access-list
access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 1024)
alert-interval 300
access-list Outside_In; 9 elements
access-list Outside_In line 1 permit tcp any host x.x.49.67 eq https (hitcnt=207) -----> was told i need this for rww
access-list Outside_In line 2 permit tcp any host x.x.49.67 eq 444 (hitcnt=0) -----> was told i need this for rww
access-list Outside_In line 3 permit tcp any host x.x.49.67 eq smtp (hitcnt=742)
access-list Outside_In line 4 permit tcp any host x.x.49.67 eq 3389 (hitcnt=0) -----> was told i need this for rww
access-list Outside_In line 5 permit tcp any host x.x.49.67 eq 4125 (hitcnt=0) -----> was told i need this for rww
access-list Outside_In line 6 permit tcp any host x.x.49.67 eq pptp (hitcnt=0) -----> was told i need this for rww
access-list Outside_In line 7 permit icmp any any echo-reply (hitcnt=0)
access-list Outside_In line 8 permit icmp any any time-exceeded (hitcnt=1)
access-list Outside_In line 9 permit icmp any any unreachable (hitcnt=7)
Also, on the sbs server, under the 'remote' tab, remote connections are enabled and remote web workplace users are added.
Anything else i need to do or that i should check?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The error means that it is timing out. In other words, it cannot find an open connection to the target computer. The computers have been joined to the domain correctly, or most likely they would not display as an available client or server in the Remote Web Workplace.
Your error also has nothing to do with the ActiveX control. You are receiving the error from the RDP ActiveX control, so it is installed. This can be verified by going to Internet Options->General Tab->View Objects.
Because the target computer is in the list we know that Remote Desktop is enabled. Because you aren't getting a prompt for the username and password it cannot contact the target computer. I believe the port tunneling is incomplete. I've personally always had a tough time with the Cisco Pix. I've had my config look exactly the way I needed it to but always missed one thing. I never took the time to wrap my head around it so I just stay away from them. I'm sure they're great.
In my first comment I suggested that you attempt to connect to a client workstation using RWW from within your network. You really should try this before you start rejoining workstations to the domain.
Your error also has nothing to do with the ActiveX control. You are receiving the error from the RDP ActiveX control, so it is installed. This can be verified by going to Internet Options->General Tab->View Objects.
Because the target computer is in the list we know that Remote Desktop is enabled. Because you aren't getting a prompt for the username and password it cannot contact the target computer. I believe the port tunneling is incomplete. I've personally always had a tough time with the Cisco Pix. I've had my config look exactly the way I needed it to but always missed one thing. I never took the time to wrap my head around it so I just stay away from them. I'm sure they're great.
In my first comment I suggested that you attempt to connect to a client workstation using RWW from within your network. You really should try this before you start rejoining workstations to the domain.
ASKER
Yes, it works from inside the network.
Sorry, I didn't mean to put blame on YOU for the wrong connection method... but the actual steps to rejoin a workstation are as follows:
At the client machine:
1. Log in with THAT machine's LOCAL administrator account.
2. Unjoin the domain into a WORKGROUP
3. Change the name of the computer (this is not an option, you must use a name that is unique and hasn't been used before on your SBS)
4. Delete or rename the following directory C:\Program Files\Microsoft Windows Small Business Server\Clients if it exists
5. Make sure that the network settings are configured to get an IP address automatically (DHCP enabled)
6. Reboot
Then on the server, from the Server Management Console:
1. Remove the client computers if it still shows in the Client Computer screen on the Server Management Console
2. Add the client with it's NEW name using the Add Computer wizard
Then, go back to the client machine, log back in with the local Administrator account and join the domain by opening Internet Explorer and navigating to http://servername/connectcomputer
You don't rejoin the SBS to the domain... as you stated... it IS the domain.
Jeff
TechSoEasy
At the client machine:
1. Log in with THAT machine's LOCAL administrator account.
2. Unjoin the domain into a WORKGROUP
3. Change the name of the computer (this is not an option, you must use a name that is unique and hasn't been used before on your SBS)
4. Delete or rename the following directory C:\Program Files\Microsoft Windows Small Business Server\Clients if it exists
5. Make sure that the network settings are configured to get an IP address automatically (DHCP enabled)
6. Reboot
Then on the server, from the Server Management Console:
1. Remove the client computers if it still shows in the Client Computer screen on the Server Management Console
2. Add the client with it's NEW name using the Add Computer wizard
Then, go back to the client machine, log back in with the local Administrator account and join the domain by opening Internet Explorer and navigating to http://servername/connectcomputer
You don't rejoin the SBS to the domain... as you stated... it IS the domain.
Jeff
TechSoEasy
P. S. rather than stating "was told i need this for rww" why don't you look at the documentation yourself. It's all rather clearly stated right there in your SBS's Help & Support.
:-)
Jeff
TechSoEasy
:-)
Jeff
TechSoEasy
Because you can successfully connect from within your network, then the problem is in your Pix or in RRAS. If the Configure Email and Internet Connection Wizard was run successfully, the RRAS should be setup correctly if you selected to enable the firewall and you selected to allow access to Remote Web Workplace. You can double-check that port 4125 is properly routed in the RRAS snap-in.
1. Right-click on My Computer
2. Select Manage from the popup menu
3. Expand Services and Applications
4. Expand Routing and Remote Access
5. Expand IP Routing
6. CLick on NAT/Basic Firewall
7. In the right hand panel, right-click on Network Connection (or your external adapter) and select Properties from the popup menu
8. Click on the Services and Ports tab
9. Search for the Remote Web Workplace Entry. It should be enabled. The port setting should be 4125 for incoming and outgoing. The private address should be 127.0.0.1 or the ip address of the internal NIC.
If an entry for RWW doesn't exist in RRAS you can add it manually, but you should really re-run the connection wizard.
1. Right-click on My Computer
2. Select Manage from the popup menu
3. Expand Services and Applications
4. Expand Routing and Remote Access
5. Expand IP Routing
6. CLick on NAT/Basic Firewall
7. In the right hand panel, right-click on Network Connection (or your external adapter) and select Properties from the popup menu
8. Click on the Services and Ports tab
9. Search for the Remote Web Workplace Entry. It should be enabled. The port setting should be 4125 for incoming and outgoing. The private address should be 127.0.0.1 or the ip address of the internal NIC.
If an entry for RWW doesn't exist in RRAS you can add it manually, but you should really re-run the connection wizard.
manicsquirrel,
Your recommendation that running the CEICW is what really should be done is spot on... and that's because those steps are exactly what would take place by running the CEICW and checking the box for Remote Web Workplace on the Web Services screen. BUT, that's not all that needs to be done to configure RWW. There are configuration steps in IIS, DNS and even more in RRAS. So the Configure Email and Internet Connection Wizard is really the ONLY way to make sure that everything is done correctly.
Jeff
TechSoEasy
Your recommendation that running the CEICW is what really should be done is spot on... and that's because those steps are exactly what would take place by running the CEICW and checking the box for Remote Web Workplace on the Web Services screen. BUT, that's not all that needs to be done to configure RWW. There are configuration steps in IIS, DNS and even more in RRAS. So the Configure Email and Internet Connection Wizard is really the ONLY way to make sure that everything is done correctly.
Jeff
TechSoEasy
ASKER
Here's the thing, as i was playing with it from home this weekend, i found RRAS is not enabled on the SBS Server. I enabled it while at my house and it dropped the rdp connection. I was still vpn'd to the network but couldnt rdp to anything from that point on. my desktop, any other servers, etc. i could ping them all though. couln't even browse by servername. I went to work and turned it off and everything started working again. I will have to set it up to forward dhcp requests to another machine. but is that the reason it went down this weekend? it seemed like it starting broadcasting something b/c of the way it effected the other machines. i thought maybe b/c it seemed like turning rras on, automatically turns dhcp on until you tell it to forward the requests.
Again, i'm new to SBS and i'm more network than server side so, i can catch on quickly once i figure out the concept of what it's doing...thanks again for all your help.
Again, i'm new to SBS and i'm more network than server side so, i can catch on quickly once i figure out the concept of what it's doing...thanks again for all your help.
Do you have the same subnet in use at home that you are using in the office? ie, 192.168.1.x ?
Jeff
TechSoEasy
Jeff
TechSoEasy
ASKER
no. the home is 0.x and work is 10.x
"i found RRAS is not enabled on the SBS Server. I enabled it while at my house and it dropped the rdp connection"
Of course it did. Your routing was being handled externally by your ISP's router or your pix. You really cannot reconfigure routing remotely, you need to be onsite.
I get the impression this was dropped in your lap and you have to make it work. If routing was not enabled on the SBS and you are not running ISA firewall, then you are really going to have to reconfigure your network topography.
You don't have to do anything major, but your server really isn't setup correctly or completely. Hopefully Jeff can chime in with the URL for the two nic setup for SBS for you to use as a guide.
Of course it did. Your routing was being handled externally by your ISP's router or your pix. You really cannot reconfigure routing remotely, you need to be onsite.
I get the impression this was dropped in your lap and you have to make it work. If routing was not enabled on the SBS and you are not running ISA firewall, then you are really going to have to reconfigure your network topography.
You don't have to do anything major, but your server really isn't setup correctly or completely. Hopefully Jeff can chime in with the URL for the two nic setup for SBS for you to use as a guide.
ASKER
yeah..some consultants set it up. Right now we have the pix handing out ips and doing the routing. the only routing is really just routing from the inside out and vice versa. the pix is plugged directly into two switches that piggy-back each other. So, yeah...aside from it obviously not being set up correctly, (i have noticed other odd behavior in the network which i've had to fix) i really would just like it to work. So, im assuming sbs wants to be the master and claim itself dhcp server, router, d.c., etc. stingy eh?
It's not that its being stingy, but with SBS you have acquired a lot of inter-releated technologies and the expectation is that you will use it as a one box does all. Make no mistake, you can make it work with any configuration, but I cannot stress enough how absolutely easy and uncomplicated it is to setup an SBS.
I would leave the pix out of the equation for about thirty minutes. Plug your ISPs feed into one NIC on the SBS. Plug the other nic on the SBS to the switch that is feeding your network. Then, open the Server Management console and run through the Configure Email and Internet Connection Wizard.
It won't take any time at all. When it is done, reboot the clients or renew their ip addresses. Make sure they can get on the internet. Make sure you can remote in using RWW and access email using OWA.
Then, if you still want to use your pix, put your pix between the ISP and your server's external nic. Then reconfigure your pix. On the SBS, open the Server Management console and run the Change Server IP Address wizard.
This all should take you less than half an hour. When you are satisfied that everything is working, then setup the VPN access (if needed) using the Configure Remote Access wizard.
I would leave the pix out of the equation for about thirty minutes. Plug your ISPs feed into one NIC on the SBS. Plug the other nic on the SBS to the switch that is feeding your network. Then, open the Server Management console and run through the Configure Email and Internet Connection Wizard.
It won't take any time at all. When it is done, reboot the clients or renew their ip addresses. Make sure they can get on the internet. Make sure you can remote in using RWW and access email using OWA.
Then, if you still want to use your pix, put your pix between the ISP and your server's external nic. Then reconfigure your pix. On the SBS, open the Server Management console and run the Change Server IP Address wizard.
This all should take you less than half an hour. When you are satisfied that everything is working, then setup the VPN access (if needed) using the Configure Remote Access wizard.
ASKER
the static maps were off in the firewall.
ASKER
but thanks for the help anyway...
ASKER
im assuming to test things out on a client pc, im just going to unjoin domain, then log in locally as admin, and do the http://<servername>/connectcomput