Why doesn't this configuraiton nopen port 4125 on Cisco PIX ?
I have a PIX forwarding ports to a Small Business Server... If I do an external port check on 444 it says there is a service.. if I try it on 4125 is says no service...Why is it not getting though?
If I connect using the RWW from an internal machine and check the ports in use, I do see 444 and 4125 being used... but from the outside I cannot get 4125 to be active (nor and I connect to another internal computer).. Thanks
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd uEiKQo2MB76WQPYq encrypted
hostname pixfirewall
domain-name ciscopix.com
clock timezone EST -5
clock summer-time EDT recurring
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol tftp 69
names
name 192.168.1.102 AMD-Server
name 192.168.1.250 sbs
access-list outside_in permit tcp any interface outside eq 3389
access-list outside_in permit tcp any interface outside eq 1231
access-list outside_in permit tcp any interface outside eq pptp
access-list outside_in permit tcp any interface outside eq 5900
access-list outside_in permit tcp any interface outside eq 4662
access-list outside_in permit tcp any interface outside eq 4672
access-list outside_in permit tcp any interface outside eq 4711
access-list outside_in permit tcp any interface outside eq ftp-data
access-list outside_in permit tcp any interface outside eq ftp
access-list outside_in permit udp any interface outside eq 4672
access-list outside_in permit tcp any interface outside eq www
access-list outside_in permit tcp any interface outside eq https
access-list outside_in permit tcp any interface outside eq 444
access-list outside_in permit tcp any interface outside eq 4125
access-list outbound permit tcp any any eq smtp
access-list outbound permit tcp host sbs any eq smtp
access-list outbound deny tcp any any eq smtp log
access-list outbound permit ip any any
pager lines 24
logging on
logging timestamp
logging trap debugging
logging host inside sbs
mtu outside 1500
mtu inside 1500
ip address outside dhcp setroute
ip address inside 192.168.1.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm location AMD-Server 255.255.255.255 inside
pdm location 0.0.0.0 255.255.255.255 outside
pdm location 0.0.0.0 255.255.255.0 outside
pdm location sbs 255.255.255.255 inside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp interface 3389 AMD-Server 3389 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 1231 AMD-Server 1231 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface pptp AMD-Server pptp netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 5900 AMD-Server 5900 netmask 255.255.255.255 0 0
static (inside,outside) tcp X.Y.Z.A 4662 AMD-Server 4662 netmask 255.255.255.255 0 0
static (inside,outside) udp X.Y.Z.A 4672 AMD-Server 4672 netmask 255.255.255.255 0 0
static (inside,outside) tcp X.Y.Z.A 4711 AMD-Server 4711 netmask 255.255.255.255 0 0
static (inside,outside) udp X.Y.Z.A 4662 AMD-Server 4662 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface www sbs www netmask 255.255.255.255 0 0
static (inside,outside) tcp interface https sbs https netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 444 sbs 444 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 4125 sbs 4125 netmask 255.255.255.255 0 0
access-group outside_in in interface outside
access-group outbound in interface inside
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet 192.168.1.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.33 inside
dhcpd dns sbs 167.206.245.12
dhcpd wins sbs
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
terminal width 80
If I connect using the RWW from an internal machine and check the ports in use, I do see 444 and 4125 being used... but from the outside I cannot get 4125 to be active (nor and I connect to another internal computer).. Thanks
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd uEiKQo2MB76WQPYq encrypted
hostname pixfirewall
domain-name ciscopix.com
clock timezone EST -5
clock summer-time EDT recurring
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol tftp 69
names
name 192.168.1.102 AMD-Server
name 192.168.1.250 sbs
access-list outside_in permit tcp any interface outside eq 3389
access-list outside_in permit tcp any interface outside eq 1231
access-list outside_in permit tcp any interface outside eq pptp
access-list outside_in permit tcp any interface outside eq 5900
access-list outside_in permit tcp any interface outside eq 4662
access-list outside_in permit tcp any interface outside eq 4672
access-list outside_in permit tcp any interface outside eq 4711
access-list outside_in permit tcp any interface outside eq ftp-data
access-list outside_in permit tcp any interface outside eq ftp
access-list outside_in permit udp any interface outside eq 4672
access-list outside_in permit tcp any interface outside eq www
access-list outside_in permit tcp any interface outside eq https
access-list outside_in permit tcp any interface outside eq 444
access-list outside_in permit tcp any interface outside eq 4125
access-list outbound permit tcp any any eq smtp
access-list outbound permit tcp host sbs any eq smtp
access-list outbound deny tcp any any eq smtp log
access-list outbound permit ip any any
pager lines 24
logging on
logging timestamp
logging trap debugging
logging host inside sbs
mtu outside 1500
mtu inside 1500
ip address outside dhcp setroute
ip address inside 192.168.1.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm location AMD-Server 255.255.255.255 inside
pdm location 0.0.0.0 255.255.255.255 outside
pdm location 0.0.0.0 255.255.255.0 outside
pdm location sbs 255.255.255.255 inside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp interface 3389 AMD-Server 3389 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 1231 AMD-Server 1231 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface pptp AMD-Server pptp netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 5900 AMD-Server 5900 netmask 255.255.255.255 0 0
static (inside,outside) tcp X.Y.Z.A 4662 AMD-Server 4662 netmask 255.255.255.255 0 0
static (inside,outside) udp X.Y.Z.A 4672 AMD-Server 4672 netmask 255.255.255.255 0 0
static (inside,outside) tcp X.Y.Z.A 4711 AMD-Server 4711 netmask 255.255.255.255 0 0
static (inside,outside) udp X.Y.Z.A 4662 AMD-Server 4662 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface www sbs www netmask 255.255.255.255 0 0
static (inside,outside) tcp interface https sbs https netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 444 sbs 444 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 4125 sbs 4125 netmask 255.255.255.255 0 0
access-group outside_in in interface outside
access-group outbound in interface inside
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet 192.168.1.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.33 inside
dhcpd dns sbs 167.206.245.12
dhcpd wins sbs
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
terminal width 80
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
911bob,
From the IPCONFIG /ALL in your previous question (http:Q_22076413.html) it shows that your server's hostname is DELL1400, not AMD-Server. Plus, your server is at 192.168.1.250 and AMD-Server is pointed to 192.168.1.102, while "sbs" is pointed to 192.168.1.250.
While you don't state which model PIX you have, you can find a very good overview of the correct settings here: http://snipurl.com/13t5r
I'd suggest that you reset it to factory defaults first though... because you have a lot of garbage entries there... such as
name 192.168.1.102 AMD-Server
name 192.168.1.250 sbs
Jeff
TechSoEasy
From the IPCONFIG /ALL in your previous question (http:Q_22076413.html) it shows that your server's hostname is DELL1400, not AMD-Server. Plus, your server is at 192.168.1.250 and AMD-Server is pointed to 192.168.1.102, while "sbs" is pointed to 192.168.1.250.
While you don't state which model PIX you have, you can find a very good overview of the correct settings here: http://snipurl.com/13t5r
I'd suggest that you reset it to factory defaults first though... because you have a lot of garbage entries there... such as
name 192.168.1.102 AMD-Server
name 192.168.1.250 sbs
Jeff
TechSoEasy
I'd also note here, that you should really be running DHCP on your server and not the PIX. See the bottom of http://sbsurl.com/dhcp for instructions on how to change this.
You may also run into problems using the SBS's VPN connection with MTU set at 1500. Generally it should be at 1472 to work.
Jeff
TechSoEasy
You may also run into problems using the SBS's VPN connection with MTU set at 1500. Generally it should be at 1472 to work.
Jeff
TechSoEasy
ASKER
couple of Points..
1) I have a W2K server with Terminal Services that I access remotely. It is not on the same domain as the SBS. Hence some ports are forwarded to the AMD-Server and aSome to the Dell1400
2) I have DHCP running and used on the DELL1400 Server. the PIX also has it enabled primarily as a backup, in case the DELL Server goes down.
It is a 501 PIX.
I thought having the Name commans made it easier to see what the setup is. Is it a good idea to use just the IP addresses ??
Currently not running the VPN connection on the server.
1) I have a W2K server with Terminal Services that I access remotely. It is not on the same domain as the SBS. Hence some ports are forwarded to the AMD-Server and aSome to the Dell1400
2) I have DHCP running and used on the DELL1400 Server. the PIX also has it enabled primarily as a backup, in case the DELL Server goes down.
It is a 501 PIX.
I thought having the Name commans made it easier to see what the setup is. Is it a good idea to use just the IP addresses ??
Currently not running the VPN connection on the server.
ASKER
Update.. I removed the DHCPD from the inside so only the SBS is providing DHCP
I modified the Nat from: nat (inside) 1 0.0.0.0 0.0.0.0 0 0
to be: nat (inside) 1 192.168.1.0 255.255.255 0 0
I know Port 443 is open as I can connect to RWW via htps. Port 4125 shows as open from an external port scan.
444 show connection refused.. but not sure why.
I can connect via RWW to the SBS and then connect to either the Server or Client Computers from inside, but not outside.
I modified the Nat from: nat (inside) 1 0.0.0.0 0.0.0.0 0 0
to be: nat (inside) 1 192.168.1.0 255.255.255 0 0
I know Port 443 is open as I can connect to RWW via htps. Port 4125 shows as open from an external port scan.
444 show connection refused.. but not sure why.
I can connect via RWW to the SBS and then connect to either the Server or Client Computers from inside, but not outside.
You can't forward the same ports to both your Windows 2000 server and your SBS. Why is it in a separate domain? Because if that's the case, it's still on the same IP Subnet, and there must be a domain controller on that domain which would be in conflict with the SBS at some point. Or is the Terminal Server in a Workgroup?
Do you have people that have two separate logins?
The problem is that SBS needs to be able to use port 3389 to finalize the path to the client computers for remote desktop. Please look at the "TS Proxy" diagram on http://sbsurl.com/rww to see what I'm referring to.
You'll also note that in that diagram it shows a Terminal Server which is accessed via RWW instead of directly. For information on how to make that happen, please follow the instructions here: http://sbsurl.com/tss2k Once you join your Terminal Server to the domain, you'll have the benefit of centrally managed group policies and security, and there will be an option automatically added to the RWW main menu to access the Terminal Server.
Jeff
TechSoEasy
Do you have people that have two separate logins?
The problem is that SBS needs to be able to use port 3389 to finalize the path to the client computers for remote desktop. Please look at the "TS Proxy" diagram on http://sbsurl.com/rww to see what I'm referring to.
You'll also note that in that diagram it shows a Terminal Server which is accessed via RWW instead of directly. For information on how to make that happen, please follow the instructions here: http://sbsurl.com/tss2k Once you join your Terminal Server to the domain, you'll have the benefit of centrally managed group policies and security, and there will be an option automatically added to the RWW main menu to access the Terminal Server.
Jeff
TechSoEasy
ASKER
The w2k server is on its way out, but I have a few systems running on it.. no users user it except me.. and I would typically connect to it via T.S. I changed the 3389 forward to go to sbs (192.168.1.250) and I can connect direct to it via TS from the outside so that is working.. but when I connect with RWW, I still cannot connect to other client computers, or to the server deskrop (the SBS desktop). both the SBS and AMD-Server are on the same subnet, but different domains. the W2K is the domain controller.. and the SBS is a domain controller for all the compters (except the AMD-Server) on the network.
I think the ports are OK as I would not get RWW (https) wihtout 442 open, 3389 is now verified as open, and a port scan of 4125 shos it connected to a service..
So I am still back at the original issue.
Thanks for you comments / suggestions so far.
I think the ports are OK as I would not get RWW (https) wihtout 442 open, 3389 is now verified as open, and a port scan of 4125 shos it connected to a service..
So I am still back at the original issue.
Thanks for you comments / suggestions so far.
ASKER
For everyone else's information the original issue started in the SBS 2003 listing..
https://www.experts-exchange.com/questions/22076413/Remote-Web-Workplace-cannot-conntect-to-Server-or-Workstations.html
https://www.experts-exchange.com/questions/22076413/Remote-Web-Workplace-cannot-conntect-to-Server-or-Workstations.html
What concerns me is the way you describe that "the W2K is the domain controller.. and the SBS is a domain controller for all the computers (except the AMD-Server ) on the network"
Since an SBS cannot just be added to a domain or network, and it can't be just "a" domain controller, I suspect that you have deeper configuration problems and this issue is just a symptom of those. What is also giving me a clue about this is that the IPCONFIG /ALL that you posted in http:Q_22076413.html shows that the Administrator account's profile was originally created without a domain in existence (hence it is now appended with the domain name). Or, that perhaps you attempted to change the domain name?
In any case, either of these scenarios is pretty serious with regards to the health of your system. So if you can please provide further background on how this all came to be, it would be helpful in knowing where the real problem lies.
Also, if you could please do a dcdiag /v and post the results here that would be helpful.
Jeff
TechSoEasy
Since an SBS cannot just be added to a domain or network, and it can't be just "a" domain controller, I suspect that you have deeper configuration problems and this issue is just a symptom of those. What is also giving me a clue about this is that the IPCONFIG /ALL that you posted in http:Q_22076413.html shows that the Administrator account's profile was originally created without a domain in existence (hence it is now appended with the domain name). Or, that perhaps you attempted to change the domain name?
In any case, either of these scenarios is pretty serious with regards to the health of your system. So if you can please provide further background on how this all came to be, it would be helpful in knowing where the real problem lies.
Also, if you could please do a dcdiag /v and post the results here that would be helpful.
Jeff
TechSoEasy
ASKER
I originally had the W2K server as the domain controller on the network.. I also had a W2k3 server that I tried to promote do DC, but the AD on the W2K system is corrupt as it will not allow the DC promo - to demote the W2k to NOT be a DC.
I rebuilt the DELL1400 with SBS2003 from scratch and the had each of the local computers join that domain. There is no trust or any connection between the AMD server and the Dell1400 other than being on the same subnet. ALL DNS is going though the DELL1400, the AMD server is hardcoded to go to itself and also the outside DNS for lookup.
The dcdiag /v is below:
Only failure is the service: * Checking Service: IsmServ
IsmServ Service is stopped on [DELL1400]
but I do not see it being listed under services to try to start it.
C:\Documents and Settings\Administrator.BSS
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine DELL1400, is a DC.
* Connecting to directory service on server DELL1400.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\DE
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... DELL1400 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\DE
Starting test: Replications
* Replications Check
* Replication Latency Check
* Replication Site Latency Check
......................... DELL1400 passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC DELL1400.
* Security Permissions Check for
DC=ForestDnsZones,DC=BSSI-
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=BSSI-
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=BSSI-S
(Configuration,Version 2)
* Security Permissions Check for
DC=BSSI-SBS,DC=local
(Domain,Version 2)
......................... DELL1400 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\DELL1400\netlogon
Verified share \\DELL1400\sysvol
......................... DELL1400 passed test NetLogons
Starting test: Advertising
The DC DELL1400 is advertising itself as a DC and having a DS.
The DC DELL1400 is advertising as an LDAP server
The DC DELL1400 is advertising as having a writeable directory
The DC DELL1400 is advertising as a Key Distribution Center
The DC DELL1400 is advertising as a time server
The DS DELL1400 is advertising as a GC.
......................... DELL1400 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=DELL1400,CN=Se
First-Site-Name,CN=Sites,C
Role Domain Owner = CN=NTDS Settings,CN=DELL1400,CN=Se
First-Site-Name,CN=Sites,C
Role PDC Owner = CN=NTDS Settings,CN=DELL1400,CN=Se
st-Site-Name,CN=Sites,CN=C
Role Rid Owner = CN=NTDS Settings,CN=DELL1400,CN=Se
st-Site-Name,CN=Sites,CN=C
Role Infrastructure Update Owner = CN=NTDS Settings,CN=DELL1400,CN=Se
ers,CN=Default-First-Site-
......................... DELL1400 passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 1609 to 1073741823
* DELL1400.BSSI-SBS.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1109 to 1608
* rIDPreviousAllocationPool is 1109 to 1608
* rIDNextRID: 1177
......................... DELL1400 passed test RidManager
Starting test: MachineAccount
Checking machine account for DC DELL1400 on DC DELL1400.
* SPN found :LDAP/DELL1400.BSSI-SBS.lo
* SPN found :LDAP/DELL1400.BSSI-SBS.lo
* SPN found :LDAP/DELL1400
* SPN found :LDAP/DELL1400.BSSI-SBS.lo
* SPN found :LDAP/23ea5efd-1508-4867-a
local
* SPN found :E3514235-4B06-11D1-AB04-0
0c-d84408676b5f/BSSI-SBS.l
* SPN found :HOST/DELL1400.BSSI-SBS.lo
* SPN found :HOST/DELL1400.BSSI-SBS.lo
* SPN found :HOST/DELL1400
* SPN found :HOST/DELL1400.BSSI-SBS.lo
* SPN found :GC/DELL1400.BSSI-SBS.loca
......................... DELL1400 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
IsmServ Service is stopped on [DELL1400]
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... DELL1400 failed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
DELL1400 is in domain DC=BSSI-SBS,DC=local
Checking for CN=DELL1400,OU=Domain Controllers,DC=BSSI-SBS,DC
domain DC=BSSI-SBS,DC=local on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=DELL1400,CN=Se
ite-Name,CN=Sites,CN=Confi
on,DC=BSSI-SBS,DC=local on 1 servers
Object is up-to-date on all servers.
......................... DELL1400 passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... DELL1400 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... DELL1400 passed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minut
es.
......................... DELL1400 passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... DELL1400 passed test systemlog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=DELL1400,OU=Domain Controllers,DC=BSSI-SBS,DC
CN=DELL1400,CN=Servers,CN=
tion,DC=BSSI-SBS,DC=local
are correct.
The system object reference (frsComputerReferenceBL)
CN=DELL1400,CN=Domain System Volume (SYSVOL share),CN=File Replication
Service,CN=System,DC=BSSI-
and backlink on CN=DELL1400,OU=Domain Controllers,DC=BSSI-SBS,DC
are correct.
The system object reference (serverReferenceBL)
CN=DELL1400,CN=Domain System Volume (SYSVOL share),CN=File Replication
Service,CN=System,DC=BSSI-
and backlink on
CN=NTDS Settings,CN=DELL1400,CN=Se
ites,CN=Configuration,DC=B
are correct.
......................... DELL1400 passed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : BSSI-SBS
Starting test: CrossRefValidation
......................... BSSI-SBS passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... BSSI-SBS passed test CheckSDRefDom
Running enterprise tests on : BSSI-SBS.local
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... BSSI-SBS.local passed test Intersite
Starting test: FsmoCheck
GC Name: \\DELL1400.BSSI-SBS.local
Locator Flags: 0xe00003fd
PDC Name: \\DELL1400.BSSI-SBS.local
Locator Flags: 0xe00003fd
Time Server Name: \\DELL1400.BSSI-SBS.local
Locator Flags: 0xe00003fd
Preferred Time Server Name: \\DELL1400.BSSI-SBS.local
Locator Flags: 0xe00003fd
KDC Name: \\DELL1400.BSSI-SBS.local
Locator Flags: 0xe00003fd
......................... BSSI-SBS.local passed test FsmoCheck
Test omitted by user request: DNS
Test omitted by user request: DNS
I rebuilt the DELL1400 with SBS2003 from scratch and the had each of the local computers join that domain. There is no trust or any connection between the AMD server and the Dell1400 other than being on the same subnet. ALL DNS is going though the DELL1400, the AMD server is hardcoded to go to itself and also the outside DNS for lookup.
The dcdiag /v is below:
Only failure is the service: * Checking Service: IsmServ
IsmServ Service is stopped on [DELL1400]
but I do not see it being listed under services to try to start it.
C:\Documents and Settings\Administrator.BSS
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine DELL1400, is a DC.
* Connecting to directory service on server DELL1400.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\DE
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... DELL1400 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\DE
Starting test: Replications
* Replications Check
* Replication Latency Check
* Replication Site Latency Check
......................... DELL1400 passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC DELL1400.
* Security Permissions Check for
DC=ForestDnsZones,DC=BSSI-
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=BSSI-
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=BSSI-S
(Configuration,Version 2)
* Security Permissions Check for
DC=BSSI-SBS,DC=local
(Domain,Version 2)
......................... DELL1400 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\DELL1400\netlogon
Verified share \\DELL1400\sysvol
......................... DELL1400 passed test NetLogons
Starting test: Advertising
The DC DELL1400 is advertising itself as a DC and having a DS.
The DC DELL1400 is advertising as an LDAP server
The DC DELL1400 is advertising as having a writeable directory
The DC DELL1400 is advertising as a Key Distribution Center
The DC DELL1400 is advertising as a time server
The DS DELL1400 is advertising as a GC.
......................... DELL1400 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=DELL1400,CN=Se
First-Site-Name,CN=Sites,C
Role Domain Owner = CN=NTDS Settings,CN=DELL1400,CN=Se
First-Site-Name,CN=Sites,C
Role PDC Owner = CN=NTDS Settings,CN=DELL1400,CN=Se
st-Site-Name,CN=Sites,CN=C
Role Rid Owner = CN=NTDS Settings,CN=DELL1400,CN=Se
st-Site-Name,CN=Sites,CN=C
Role Infrastructure Update Owner = CN=NTDS Settings,CN=DELL1400,CN=Se
ers,CN=Default-First-Site-
......................... DELL1400 passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 1609 to 1073741823
* DELL1400.BSSI-SBS.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1109 to 1608
* rIDPreviousAllocationPool is 1109 to 1608
* rIDNextRID: 1177
......................... DELL1400 passed test RidManager
Starting test: MachineAccount
Checking machine account for DC DELL1400 on DC DELL1400.
* SPN found :LDAP/DELL1400.BSSI-SBS.lo
* SPN found :LDAP/DELL1400.BSSI-SBS.lo
* SPN found :LDAP/DELL1400
* SPN found :LDAP/DELL1400.BSSI-SBS.lo
* SPN found :LDAP/23ea5efd-1508-4867-a
local
* SPN found :E3514235-4B06-11D1-AB04-0
0c-d84408676b5f/BSSI-SBS.l
* SPN found :HOST/DELL1400.BSSI-SBS.lo
* SPN found :HOST/DELL1400.BSSI-SBS.lo
* SPN found :HOST/DELL1400
* SPN found :HOST/DELL1400.BSSI-SBS.lo
* SPN found :GC/DELL1400.BSSI-SBS.loca
......................... DELL1400 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
IsmServ Service is stopped on [DELL1400]
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... DELL1400 failed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
DELL1400 is in domain DC=BSSI-SBS,DC=local
Checking for CN=DELL1400,OU=Domain Controllers,DC=BSSI-SBS,DC
domain DC=BSSI-SBS,DC=local on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=DELL1400,CN=Se
ite-Name,CN=Sites,CN=Confi
on,DC=BSSI-SBS,DC=local on 1 servers
Object is up-to-date on all servers.
......................... DELL1400 passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... DELL1400 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... DELL1400 passed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minut
es.
......................... DELL1400 passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... DELL1400 passed test systemlog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=DELL1400,OU=Domain Controllers,DC=BSSI-SBS,DC
CN=DELL1400,CN=Servers,CN=
tion,DC=BSSI-SBS,DC=local
are correct.
The system object reference (frsComputerReferenceBL)
CN=DELL1400,CN=Domain System Volume (SYSVOL share),CN=File Replication
Service,CN=System,DC=BSSI-
and backlink on CN=DELL1400,OU=Domain Controllers,DC=BSSI-SBS,DC
are correct.
The system object reference (serverReferenceBL)
CN=DELL1400,CN=Domain System Volume (SYSVOL share),CN=File Replication
Service,CN=System,DC=BSSI-
and backlink on
CN=NTDS Settings,CN=DELL1400,CN=Se
ites,CN=Configuration,DC=B
are correct.
......................... DELL1400 passed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : BSSI-SBS
Starting test: CrossRefValidation
......................... BSSI-SBS passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... BSSI-SBS passed test CheckSDRefDom
Running enterprise tests on : BSSI-SBS.local
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... BSSI-SBS.local passed test Intersite
Starting test: FsmoCheck
GC Name: \\DELL1400.BSSI-SBS.local
Locator Flags: 0xe00003fd
PDC Name: \\DELL1400.BSSI-SBS.local
Locator Flags: 0xe00003fd
Time Server Name: \\DELL1400.BSSI-SBS.local
Locator Flags: 0xe00003fd
Preferred Time Server Name: \\DELL1400.BSSI-SBS.local
Locator Flags: 0xe00003fd
KDC Name: \\DELL1400.BSSI-SBS.local
Locator Flags: 0xe00003fd
......................... BSSI-SBS.local passed test FsmoCheck
Test omitted by user request: DNS
Test omitted by user request: DNS
ASKER
One thing I probably did wrong is the way i joined the computers to the Domain., I used the Client computers Join a domain under the Network ID, not the http://servername/connectcomputer.. as described is this listing.
https://www.experts-exchange.com/questions/21438638/Changing-SSL-certificates-in-Windows-2003-SBS-client-computers.html
The reason I did not is the the http://servername/connectcomputer gave me a page not found.
Also what is throwing me off is that it working internally.. If I prowse to dell1400.. get into RWW, and the ask it to connect to another computer or to the server it is OK.. so it would seem that it is setup OK and it is a firewall issue.
https://www.experts-exchange.com/questions/21438638/Changing-SSL-certificates-in-Windows-2003-SBS-client-computers.html
The reason I did not is the the http://servername/connectcomputer gave me a page not found.
Also what is throwing me off is that it working internally.. If I prowse to dell1400.. get into RWW, and the ask it to connect to another computer or to the server it is OK.. so it would seem that it is setup OK and it is a firewall issue.
Thanks so much for providing the background... it really helps to get perspective on where you are at. Also, thanks for posting the DCDIAG. It does look good, and that one error is normal with an SBS.
Have you run the Configure Email and Internet Connection Wizard (CEICW -- which is linked as Connect to the Internet in the Server Management Console > Internet and Email) since modifying your PIX? You should do that and make sure that Remote Web Workplace is enabled properly in the Web Services screen.
A visual how-to is here: http://sbsurl.com/ceicw and a full networking overview for SBS is at http://sbsurl.com/msicw
Also... too bad that you didn't fix the "page not found" error and join them the right way... because there's a ton of stuff that gets done automatically when you use connectcomputer... that you wouldn't have to deal with on into the future for these machines. So it is worth joining them correctly.
If you are getting a "page not found" then there are a couple of things that you can do troubleshoot. First, make sure that there are indeed files in C:\Inetpub\ConnectComputer
Then, you can follow these steps, (I've added a vew more steps since that post that you linked above):
At the client machine:
1. Log in with THAT machine's LOCAL administrator account.
2. Unjoin the domain into a WORKGROUP
3. Change the name of the computer (this is not an option, you must use a name that is unique and hasn't been used before on your SBS)
4. Delete or rename the following directory C:\Program Files\Microsoft Windows Small Business Server\Clients if it exists
5. Make sure that the network settings are configured to get an IP address automatically (DHCP enabled)
6. Reboot
Then on the server, from the Server Management Console:
1. Remove the client computers if it still shows in the Client Computer screen on the Server Management Console
2. Add the client with it's NEW name using the Add Computer wizard
Then, go back to the client machine, log back in with the local Administrator account and join the domain by opening Internet Explorer and navigating to http://<servername>/connectcomput
Jeff
TechSoEasy
Have you run the Configure Email and Internet Connection Wizard (CEICW -- which is linked as Connect to the Internet in the Server Management Console > Internet and Email) since modifying your PIX? You should do that and make sure that Remote Web Workplace is enabled properly in the Web Services screen.
A visual how-to is here: http://sbsurl.com/ceicw and a full networking overview for SBS is at http://sbsurl.com/msicw
Also... too bad that you didn't fix the "page not found" error and join them the right way... because there's a ton of stuff that gets done automatically when you use connectcomputer... that you wouldn't have to deal with on into the future for these machines. So it is worth joining them correctly.
If you are getting a "page not found" then there are a couple of things that you can do troubleshoot. First, make sure that there are indeed files in C:\Inetpub\ConnectComputer
Then, you can follow these steps, (I've added a vew more steps since that post that you linked above):
At the client machine:
1. Log in with THAT machine's LOCAL administrator account.
2. Unjoin the domain into a WORKGROUP
3. Change the name of the computer (this is not an option, you must use a name that is unique and hasn't been used before on your SBS)
4. Delete or rename the following directory C:\Program Files\Microsoft Windows Small Business Server\Clients if it exists
5. Make sure that the network settings are configured to get an IP address automatically (DHCP enabled)
6. Reboot
Then on the server, from the Server Management Console:
1. Remove the client computers if it still shows in the Client Computer screen on the Server Management Console
2. Add the client with it's NEW name using the Add Computer wizard
Then, go back to the client machine, log back in with the local Administrator account and join the domain by opening Internet Explorer and navigating to http://<servername>/connectcomput
Jeff
TechSoEasy
ASKER
Thanks for the input.. it wil probably be a day or two till I get to that... When I made the SBS Excahnge my mail server it limits me a bit what / when I can do things... so if you do not see an update for a day or so.. don't thnk I have given up.. got to master that SBS..
Running the CEICW does not interrupt mail flow on the Exchange server at all if you select "do not change configuration" on the Email portion of the wizard. Even if you did select that, it wouldn't interrupt mail flow for more than 5 or 10 seconds. Basically a non-event.
Jeff
TechSoEasy
Jeff
TechSoEasy
ASKER
re-ran the CEICW wizzard.. and the ConnectComputer only has one file called server.txt. its contents are:
<?xml version="1.0"?>
<root>
<server ip="" domain="BSSI-SBS.local" netbios="BSSI-SBS" name="DELL1400"/>
</root>
<?xml version="1.0"?>
<root>
<server ip="" domain="BSSI-SBS.local" netbios="BSSI-SBS" name="DELL1400"/>
</root>
ASKER
I found the issue. on installation it failed to install teh client setup pieces (IE and Outlook) at the time It gave a warining that you could not run Outlook 2003 on SBS so I did not think it should be installed...
Anyway, got it installed, and now the ConnectComputer has fiels and I can browse to it from another computer..
So now I will remove a workstation..etc..etc.. and rejoing via the web connectcomputer..
Thanks
Anyway, got it installed, and now the ConnectComputer has fiels and I can browse to it from another computer..
So now I will remove a workstation..etc..etc.. and rejoing via the web connectcomputer..
Thanks
So, you installed Outlook via the SBS Integrated Setup Component Selection, I hope.
Jeff
TechSoEasy
Jeff
TechSoEasy
ASKER
yes. just the client part for installation on the local machine..
but.. I removed one computer and then added it per the instructions above.
but now on reboot-- it waits at Applying Computer Settings for 15 minutes...
Everything I find says it is DNS..
The Dell 1400 is the Only server on the network (I turned off the other one for now). The other 2 machines reboot OK
I did change from DHCP to Static on the PC with the Dell1400 IP as the DNS thinking it may help.. but no go..
and to top it all off, I still cannot connect to the computer via the RWW. so I think we went back a few steps.
but.. I removed one computer and then added it per the instructions above.
but now on reboot-- it waits at Applying Computer Settings for 15 minutes...
Everything I find says it is DNS..
The Dell 1400 is the Only server on the network (I turned off the other one for now). The other 2 machines reboot OK
I did change from DHCP to Static on the PC with the Dell1400 IP as the DNS thinking it may help.. but no go..
and to top it all off, I still cannot connect to the computer via the RWW. so I think we went back a few steps.
Please post a complete IPCONFIG /ALL from both the server and the workstation and I'll be happy to take a look. You ahaven't gone back a few steps... and you don't want a static IP.
Jeff
TechSoEasy
Jeff
TechSoEasy
Also... your other question you stated a couple days ago that you got the error cannot find scw.exe. So how did you follow the steps I listed above? Because scw.exe is the Add Computer Wizard in the Server Management Console.
Jeff
TechSoEasy
Jeff
TechSoEasy
ASKER
Client:
Windows IP Configuration
Host Name . . . . . . . . . . . . : DELL-933
Primary Dns Suffix . . . . . . . : BSSI-SBS.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : BSSI-SBS.local
BSSI-SBS.local
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : BSSI-SBS.local
Description . . . . . . . . . . . : 3Com EtherLink XL 10/100 PCI For Complete PC Management NIC (3C905C-TX)
Physical Address. . . . . . . . . : 00-01-03-21-AB-42
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.150
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.250
DNS Servers . . . . . . . . . . . : 192.168.1.250
Primary WINS Server . . . . . . . : 192.168.1.250
Lease Obtained. . . . . . . . . . : Friday, December 08, 2006 6:21:15 PM
Lease Expires . . . . . . . . . . : Saturday, December 16, 2006 6:21:15PM
Server:
Windows IP Configuration
Host Name . . . . . . . . . . . . : DELL1400
Primary Dns Suffix . . . . . . . : BSSI-SBS.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : BSSI-SBS.local
Ethernet adapter Server Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100 Network Connection
Physical Address. . . . . . . . . : 00-B0-D0-FC-1E-85
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.250
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.250
Primary WINS Server . . . . . . . : 192.168.1.250
For the scw.exe... I went to Control panel.. did a add/remove for windows 2003 SBS.. and added the Client Deployment under Component Selection (it had failed on the original installation due to a message that you cannot install Outlook 2003 on an Exchange Server.
Windows IP Configuration
Host Name . . . . . . . . . . . . : DELL-933
Primary Dns Suffix . . . . . . . : BSSI-SBS.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : BSSI-SBS.local
BSSI-SBS.local
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : BSSI-SBS.local
Description . . . . . . . . . . . : 3Com EtherLink XL 10/100 PCI For Complete PC Management NIC (3C905C-TX)
Physical Address. . . . . . . . . : 00-01-03-21-AB-42
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.150
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.250
DNS Servers . . . . . . . . . . . : 192.168.1.250
Primary WINS Server . . . . . . . : 192.168.1.250
Lease Obtained. . . . . . . . . . : Friday, December 08, 2006 6:21:15 PM
Lease Expires . . . . . . . . . . : Saturday, December 16, 2006 6:21:15PM
Server:
Windows IP Configuration
Host Name . . . . . . . . . . . . : DELL1400
Primary Dns Suffix . . . . . . . : BSSI-SBS.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : BSSI-SBS.local
Ethernet adapter Server Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100 Network Connection
Physical Address. . . . . . . . . : 00-B0-D0-FC-1E-85
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.250
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.250
Primary WINS Server . . . . . . . : 192.168.1.250
For the scw.exe... I went to Control panel.. did a add/remove for windows 2003 SBS.. and added the Client Deployment under Component Selection (it had failed on the original installation due to a message that you cannot install Outlook 2003 on an Exchange Server.
From the SBS, can you ping DELL-933 ?
ASKER
yes
Can you please then, try using RWW again from inside by going to https://dell1400/remote ? Then try to connect to DELL-933.
You will have to allow the ActiveX script to install.
Jeff
TechSoEasy
You will have to allow the ActiveX script to install.
Jeff
TechSoEasy
ASKER
Yes it works.. but is always has worked from inside... That is why I moved the question here.. I thought it was a firewall issue.
Sorry about that, but the wording in your question wasn't entirely clear: "If I connect using the RWW from an internal machine and check the ports in use, I do see 444 and 4125 being used... but from the outside I cannot get 4125 to be active (nor and I connect to another internal computer)." I just wanted to be absolutely sure.
And what I'm rather sure of now, is that your PIX configuration is really a problem. I'm certainly not a PIX expert, but I can definitely recognize that the way your configuration is set, with forwarding to two different servers, is definitely a problem. You had stated eariler that you were able to RDP to your SBS, but I don't see how that is possible because your PIX has 3389 pointing to the AMD-Server. Since you had also mentioned that the AMD-Server was being retired, I would suggest that you do that now, and get your PIX config cleaned up so that it's understandable and tracable.
Take a look at this question to see a better looking config file: http:Q_21608138.html (even though he had a small error in it, it was easy to spot!).
Jeff
TechSoEasy
And what I'm rather sure of now, is that your PIX configuration is really a problem. I'm certainly not a PIX expert, but I can definitely recognize that the way your configuration is set, with forwarding to two different servers, is definitely a problem. You had stated eariler that you were able to RDP to your SBS, but I don't see how that is possible because your PIX has 3389 pointing to the AMD-Server. Since you had also mentioned that the AMD-Server was being retired, I would suggest that you do that now, and get your PIX config cleaned up so that it's understandable and tracable.
Take a look at this question to see a better looking config file: http:Q_21608138.html (even though he had a small error in it, it was easy to spot!).
Jeff
TechSoEasy
ASKER
There was nothing wrong in the config, it shouldhave worked.. found the problem at the remote end.. a blocked port there..
I awarded the point to the person who confirmed the config was OK.. but I will also award points to TechSoEasy on the original question on the SBS site
I awarded the point to the person who confirmed the config was OK.. but I will also award points to TechSoEasy on the original question on the SBS site
ASKER