Solved

Why doesn't this configuraiton nopen port 4125 on Cisco PIX ?

Posted on 2006-11-30
28
666 Views
Last Modified: 2013-11-16
I have a PIX forwarding ports to a Small Business Server... If I do an external port check on 444 it says there is a service.. if I try it on 4125 is says no service...Why is it not getting though?

If I connect using the RWW from an internal machine and check the ports in use, I do see 444 and 4125 being used... but from the outside I cannot get 4125 to be active (nor and I connect to another internal computer).. Thanks

PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd uEiKQo2MB76WQPYq encrypted
hostname pixfirewall
domain-name ciscopix.com
clock timezone EST -5
clock summer-time EDT recurring
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol tftp 69
names
name 192.168.1.102 AMD-Server
name 192.168.1.250 sbs
access-list outside_in permit tcp any interface outside eq 3389
access-list outside_in permit tcp any interface outside eq 1231
access-list outside_in permit tcp any interface outside eq pptp
access-list outside_in permit tcp any interface outside eq 5900
access-list outside_in permit tcp any interface outside eq 4662
access-list outside_in permit tcp any interface outside eq 4672
access-list outside_in permit tcp any interface outside eq 4711
access-list outside_in permit tcp any interface outside eq ftp-data
access-list outside_in permit tcp any interface outside eq ftp
access-list outside_in permit udp any interface outside eq 4672
access-list outside_in permit tcp any interface outside eq www
access-list outside_in permit tcp any interface outside eq https
access-list outside_in permit tcp any interface outside eq 444
access-list outside_in permit tcp any interface outside eq 4125
access-list outbound permit tcp any any eq smtp
access-list outbound permit tcp host sbs any eq smtp
access-list outbound deny tcp any any eq smtp log
access-list outbound permit ip any any
pager lines 24
logging on
logging timestamp
logging trap debugging
logging host inside sbs
mtu outside 1500
mtu inside 1500
ip address outside dhcp setroute
ip address inside 192.168.1.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm location AMD-Server 255.255.255.255 inside
pdm location 0.0.0.0 255.255.255.255 outside
pdm location 0.0.0.0 255.255.255.0 outside
pdm location sbs 255.255.255.255 inside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp interface 3389 AMD-Server 3389 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 1231 AMD-Server 1231 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface pptp AMD-Server pptp netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 5900 AMD-Server 5900 netmask 255.255.255.255 0 0
static (inside,outside) tcp X.Y.Z.A 4662 AMD-Server 4662 netmask 255.255.255.255 0 0
static (inside,outside) udp X.Y.Z.A 4672 AMD-Server 4672 netmask 255.255.255.255 0 0
static (inside,outside) tcp X.Y.Z.A 4711 AMD-Server 4711 netmask 255.255.255.255 0 0
static (inside,outside) udp X.Y.Z.A 4662 AMD-Server 4662 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface www sbs www netmask 255.255.255.255 0 0
static (inside,outside) tcp interface https sbs https netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 444 sbs 444 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 4125 sbs 4125 netmask 255.255.255.255 0 0
access-group outside_in in interface outside
access-group outbound in interface inside
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet 192.168.1.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.33 inside
dhcpd dns sbs 167.206.245.12
dhcpd wins sbs
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
terminal width 80
0
Comment
Question by:911bob
  • 15
  • 12
28 Comments
 

Author Comment

by:911bob
Comment Utility
Exact message from the canyouseeme.org port scan is "Connection Refused"
0
 
LVL 8

Accepted Solution

by:
charan_jeetsingh earned 250 total points
Comment Utility
have you checked on your server within the lan whether the services are running properly??

you can use : www.angryziber.com/ipscan/ to check this..... nothing seems wrong to the config,

beides this you shud always use

nat (inside) 1 <internal subnet> <netmastk>

instead of : nat (inside) 1 0.0.0.0 0.0.0.0 0 0
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
Comment Utility
911bob,

From the IPCONFIG /ALL in your previous question (http:Q_22076413.html) it shows that your server's hostname is DELL1400, not AMD-Server.  Plus, your server is at 192.168.1.250 and AMD-Server is pointed to 192.168.1.102, while "sbs" is pointed to 192.168.1.250.

While you don't state which model PIX you have, you can find a very good overview of the correct settings here:  http://snipurl.com/13t5r

I'd suggest that you reset it to factory defaults first though... because you have a lot of garbage entries there... such as
name 192.168.1.102 AMD-Server
name 192.168.1.250 sbs


Jeff
TechSoEasy



0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
Comment Utility
I'd also note here, that you should really be running DHCP on your server and not the PIX.  See the bottom of http://sbsurl.com/dhcp for instructions on how to change this.

You may also run into problems using the SBS's VPN connection with MTU set at 1500.  Generally it should be at 1472 to work.

Jeff
TechSoEasy
0
 

Author Comment

by:911bob
Comment Utility
couple of Points..

1) I have a W2K server with Terminal Services that I access remotely. It is not on the same domain as the SBS. Hence some ports are forwarded to the AMD-Server and aSome to the Dell1400

2) I have DHCP running and used on the DELL1400 Server. the PIX also has it enabled primarily as a backup, in case the DELL Server goes down.

It is a 501 PIX.

I thought having the Name commans made it easier to see what the setup is. Is it a good idea to use just the IP addresses ??

Currently not running the VPN connection on the server.
0
 

Author Comment

by:911bob
Comment Utility
Update.. I removed the DHCPD from the inside so only the SBS is providing DHCP

I modified the Nat from: nat (inside) 1 0.0.0.0 0.0.0.0 0 0
to be: nat (inside) 1 192.168.1.0 255.255.255 0 0

I know Port 443 is open as I can connect to RWW via htps. Port 4125 shows as open from an external port scan.

444 show connection refused.. but not sure why.

I can connect via RWW to the SBS and then connect to either the Server or Client Computers from inside, but not outside.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
Comment Utility
You can't forward the same ports to both your Windows 2000 server and your SBS.  Why is it in a separate domain?  Because if that's the case, it's still on the same IP Subnet, and there must be a domain controller on that domain which would be in conflict with the SBS at some point.  Or is the Terminal Server in a Workgroup?

Do you have people that have two separate logins?

The problem is that SBS needs to be able to use port 3389 to finalize the path to the client computers for remote desktop.  Please look at the "TS Proxy" diagram on http://sbsurl.com/rww to see what I'm referring to.

You'll also note that in that diagram it shows a Terminal Server which is accessed via RWW instead of directly.  For information on how to make that happen, please follow the instructions here:  http://sbsurl.com/tss2k  Once you join your Terminal Server to the domain, you'll have the benefit of centrally managed group policies and security, and there will be an option automatically added to the RWW main menu to access the Terminal Server.

Jeff
TechSoEasy
0
 

Author Comment

by:911bob
Comment Utility
The w2k server is on its way out, but I have a few systems running on it.. no users user it except me.. and I would typically connect to it via T.S.  I changed the 3389 forward to go to sbs (192.168.1.250) and I can connect direct to it via TS from the outside so that is working.. but when I connect with RWW, I still cannot connect to other client computers, or to the server deskrop (the SBS desktop). both the SBS and AMD-Server are on the same subnet, but different domains. the W2K is the domain controller.. and the SBS is a domain controller for all the compters (except the AMD-Server) on the network.

I think the ports are OK as I would not get RWW (https) wihtout 442 open, 3389 is now verified as open, and a port scan of 4125 shos it connected to a service..

So I am still back at the original issue.

Thanks for you comments / suggestions so far.
0
 

Author Comment

by:911bob
Comment Utility
For everyone else's information the original issue started in the SBS 2003 listing..

http://www.experts-exchange.com/Operating_Systems/SBS_Small_Business_Server/Q_22076413.html
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
Comment Utility
What concerns me is the way you describe that "the W2K is the domain controller.. and the SBS is a domain controller for all the computers (except the AMD-Server ) on the network"

Since an SBS cannot just be added to a domain or network, and it can't be just "a" domain controller, I suspect that you have deeper configuration problems and this issue is just a symptom of those.  What is also giving me a clue about this is that the IPCONFIG /ALL that you posted in http:Q_22076413.html shows that the Administrator account's profile was originally created without a domain in existence (hence it is now appended with the domain name).  Or, that perhaps you attempted to change the domain name?

In any case, either of these scenarios is pretty serious with regards to the health of your system.  So if you can please provide further background on how this all came to be, it would be helpful in knowing where the real problem lies.

Also, if you could please do a dcdiag /v and post the results here that would be helpful.

Jeff
TechSoEasy
0
 

Author Comment

by:911bob
Comment Utility
I originally had the W2K server as the domain controller on the network.. I also had a W2k3 server that I tried to promote do DC, but the AD on the W2K system is corrupt as it will not allow the DC promo - to demote the W2k to NOT be a DC.

I rebuilt the DELL1400 with SBS2003 from scratch and the had each of the local computers join that domain. There is no trust or any connection between the AMD server and the Dell1400 other than being on the same subnet. ALL DNS is going though the DELL1400, the AMD server is hardcoded to go to itself and also the outside DNS for lookup.

The dcdiag /v is below:

Only failure is the service:  * Checking Service: IsmServ
            IsmServ Service is stopped on [DELL1400]
but I do not see it being listed under services to try to start it.

C:\Documents and Settings\Administrator.BSSI-SBS>dcdiag /v

Domain Controller Diagnosis

Performing initial setup:
   * Verifying that the local machine DELL1400, is a DC.
   * Connecting to directory service on server DELL1400.
   * Collecting site info.
   * Identifying all servers.
   * Identifying all NC cross-refs.
   * Found 1 DC(s). Testing 1 of them.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\DELL1400
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         * Active Directory RPC Services Check
         ......................... DELL1400 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\DELL1400
      Starting test: Replications
         * Replications Check
         * Replication Latency Check
         * Replication Site Latency Check
         ......................... DELL1400 passed test Replications
      Test omitted by user request: Topology
      Test omitted by user request: CutoffServers
      Starting test: NCSecDesc
         * Security Permissions check for all NC's on DC DELL1400.
         * Security Permissions Check for
           DC=ForestDnsZones,DC=BSSI-SBS,DC=local
            (NDNC,Version 2)
         * Security Permissions Check for
           DC=DomainDnsZones,DC=BSSI-SBS,DC=local
            (NDNC,Version 2)
         * Security Permissions Check for
           CN=Schema,CN=Configuration,DC=BSSI-SBS,DC=local
            (Schema,Version 2)
         * Security Permissions Check for
           CN=Configuration,DC=BSSI-SBS,DC=local
            (Configuration,Version 2)
         * Security Permissions Check for
           DC=BSSI-SBS,DC=local
            (Domain,Version 2)
         ......................... DELL1400 passed test NCSecDesc
      Starting test: NetLogons
         * Network Logons Privileges Check
         Verified share \\DELL1400\netlogon
         Verified share \\DELL1400\sysvol
         ......................... DELL1400 passed test NetLogons
      Starting test: Advertising
         The DC DELL1400 is advertising itself as a DC and having a DS.
         The DC DELL1400 is advertising as an LDAP server
         The DC DELL1400 is advertising as having a writeable directory
         The DC DELL1400 is advertising as a Key Distribution Center
         The DC DELL1400 is advertising as a time server
         The DS DELL1400 is advertising as a GC.
         ......................... DELL1400 passed test Advertising
      Starting test: KnowsOfRoleHolders
         Role Schema Owner = CN=NTDS Settings,CN=DELL1400,CN=Servers,CN=Default-
First-Site-Name,CN=Sites,CN=Configuration,DC=BSSI-SBS,DC=local
         Role Domain Owner = CN=NTDS Settings,CN=DELL1400,CN=Servers,CN=Default-
First-Site-Name,CN=Sites,CN=Configuration,DC=BSSI-SBS,DC=local
         Role PDC Owner = CN=NTDS Settings,CN=DELL1400,CN=Servers,CN=Default-Fir
st-Site-Name,CN=Sites,CN=Configuration,DC=BSSI-SBS,DC=local
         Role Rid Owner = CN=NTDS Settings,CN=DELL1400,CN=Servers,CN=Default-Fir
st-Site-Name,CN=Sites,CN=Configuration,DC=BSSI-SBS,DC=local
         Role Infrastructure Update Owner = CN=NTDS Settings,CN=DELL1400,CN=Serv
ers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=BSSI-SBS,DC=local
         ......................... DELL1400 passed test KnowsOfRoleHolders
      Starting test: RidManager
         * Available RID Pool for the Domain is 1609 to 1073741823
         * DELL1400.BSSI-SBS.local is the RID Master
         * DsBind with RID Master was successful
         * rIDAllocationPool is 1109 to 1608
         * rIDPreviousAllocationPool is 1109 to 1608
         * rIDNextRID: 1177
         ......................... DELL1400 passed test RidManager
      Starting test: MachineAccount
         Checking machine account for DC DELL1400 on DC DELL1400.
         * SPN found :LDAP/DELL1400.BSSI-SBS.local/BSSI-SBS.local
         * SPN found :LDAP/DELL1400.BSSI-SBS.local
         * SPN found :LDAP/DELL1400
         * SPN found :LDAP/DELL1400.BSSI-SBS.local/BSSI-SBS
         * SPN found :LDAP/23ea5efd-1508-4867-ac0c-d84408676b5f._msdcs.BSSI-SBS.
local
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/23ea5efd-1508-4867-ac
0c-d84408676b5f/BSSI-SBS.local
         * SPN found :HOST/DELL1400.BSSI-SBS.local/BSSI-SBS.local
         * SPN found :HOST/DELL1400.BSSI-SBS.local
         * SPN found :HOST/DELL1400
         * SPN found :HOST/DELL1400.BSSI-SBS.local/BSSI-SBS
         * SPN found :GC/DELL1400.BSSI-SBS.local/BSSI-SBS.local
         ......................... DELL1400 passed test MachineAccount
      Starting test: Services
         * Checking Service: Dnscache
         * Checking Service: NtFrs
         * Checking Service: IsmServ
            IsmServ Service is stopped on [DELL1400]
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: RpcSs
         * Checking Service: w32time
         * Checking Service: NETLOGON
         ......................... DELL1400 failed test Services
      Test omitted by user request: OutboundSecureChannels
      Starting test: ObjectsReplicated
         DELL1400 is in domain DC=BSSI-SBS,DC=local
         Checking for CN=DELL1400,OU=Domain Controllers,DC=BSSI-SBS,DC=local in
domain DC=BSSI-SBS,DC=local on 1 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=DELL1400,CN=Servers,CN=Default-First-S
ite-Name,CN=Sites,CN=Configuration,DC=BSSI-SBS,DC=local in domain CN=Configurati
on,DC=BSSI-SBS,DC=local on 1 servers
            Object is up-to-date on all servers.
         ......................... DELL1400 passed test ObjectsReplicated
      Starting test: frssysvol
         * The File Replication Service SYSVOL ready test
         File Replication Service's SYSVOL is ready
         ......................... DELL1400 passed test frssysvol
      Starting test: frsevent
         * The File Replication Service Event log test
         ......................... DELL1400 passed test frsevent
      Starting test: kccevent
         * The KCC Event log test
         Found no KCC errors in Directory Service Event log in the last 15 minut
es.
         ......................... DELL1400 passed test kccevent
      Starting test: systemlog
         * The System Event log test
         Found no errors in System Event log in the last 60 minutes.
         ......................... DELL1400 passed test systemlog
      Test omitted by user request: VerifyReplicas
      Starting test: VerifyReferences
         The system object reference (serverReference)
         CN=DELL1400,OU=Domain Controllers,DC=BSSI-SBS,DC=local and backlink on
         CN=DELL1400,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configura
tion,DC=BSSI-SBS,DC=local
          are correct.
         The system object reference (frsComputerReferenceBL)
         CN=DELL1400,CN=Domain System Volume (SYSVOL share),CN=File Replication
Service,CN=System,DC=BSSI-SBS,DC=local
         and backlink on CN=DELL1400,OU=Domain Controllers,DC=BSSI-SBS,DC=local
         are correct.
         The system object reference (serverReferenceBL)
         CN=DELL1400,CN=Domain System Volume (SYSVOL share),CN=File Replication
Service,CN=System,DC=BSSI-SBS,DC=local
         and backlink on
         CN=NTDS Settings,CN=DELL1400,CN=Servers,CN=Default-First-Site-Name,CN=S
ites,CN=Configuration,DC=BSSI-SBS,DC=local
         are correct.
         ......................... DELL1400 passed test VerifyReferences
      Test omitted by user request: VerifyEnterpriseReferences
      Test omitted by user request: CheckSecurityError

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : BSSI-SBS
      Starting test: CrossRefValidation
         ......................... BSSI-SBS passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... BSSI-SBS passed test CheckSDRefDom

   Running enterprise tests on : BSSI-SBS.local
      Starting test: Intersite
         Skipping site Default-First-Site-Name, this site is outside the scope
         provided by the command line arguments provided.
         ......................... BSSI-SBS.local passed test Intersite
      Starting test: FsmoCheck
         GC Name: \\DELL1400.BSSI-SBS.local
         Locator Flags: 0xe00003fd
         PDC Name: \\DELL1400.BSSI-SBS.local
         Locator Flags: 0xe00003fd
         Time Server Name: \\DELL1400.BSSI-SBS.local
         Locator Flags: 0xe00003fd
         Preferred Time Server Name: \\DELL1400.BSSI-SBS.local
         Locator Flags: 0xe00003fd
         KDC Name: \\DELL1400.BSSI-SBS.local
         Locator Flags: 0xe00003fd
         ......................... BSSI-SBS.local passed test FsmoCheck
      Test omitted by user request: DNS
      Test omitted by user request: DNS
0
 

Author Comment

by:911bob
Comment Utility
One thing I probably did wrong is the way i joined the computers to the Domain., I used the Client computers Join a domain under the Network ID, not the http://servername/connectcomputer.. as described is this listing.

http://www.experts-exchange.com/Operating_Systems/Windows_Server_2003/Q_21438638.html

The reason I did not is the the http://servername/connectcomputer gave me a page not found.

Also what is throwing me off is that it working internally.. If I prowse to dell1400.. get into RWW, and the ask it to connect to another computer or to the server it is OK.. so it would seem that it is setup OK and it is a firewall issue.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
Comment Utility
Thanks so much for providing the background... it really helps to get perspective on where you are at.  Also, thanks for posting the DCDIAG.  It does look good, and that one error is normal with an SBS.

Have you run the Configure Email and Internet Connection Wizard (CEICW -- which is linked as Connect to the Internet in the Server Management Console > Internet and Email) since modifying your PIX?  You should do that and make sure that Remote Web Workplace is enabled properly in the Web Services screen.

A visual how-to is here:  http://sbsurl.com/ceicw and a full networking overview for SBS is at http://sbsurl.com/msicw

Also... too bad that you didn't fix the "page not found" error and join them the right way... because there's a ton of stuff that gets done automatically when you use connectcomputer... that you wouldn't have to deal with on into the future for these machines.  So it is worth joining them correctly.  

If you are getting a "page not found" then there are a couple of things that you can do troubleshoot.  First, make sure that there are indeed files in C:\Inetpub\ConnectComputer on your SBS.  If they are, then make sure that the virtual directory exists in the Default Web Site in IIS Manager and that anonymous access is enabled on that directory.  If you need further help troubleshooting this, please advise.


Then, you can follow these steps, (I've added a vew more steps since that post that you linked above):

At the client machine:
1.  Log in with THAT machine's LOCAL administrator account.
2.  Unjoin the domain into a WORKGROUP
3.  Change the name of the computer (this is not an option, you must use a name that is unique and hasn't been used before on your SBS)
4.  Delete or rename the following directory C:\Program Files\Microsoft Windows Small Business Server\Clients if it exists
5.  Make sure that the network settings are configured to get an IP address automatically (DHCP enabled)
6.  Reboot

Then on the server, from the Server Management Console:
1.  Remove the client computers if it still shows in the Client Computer screen on the Server Management Console
2.  Add the client with it's NEW name using the Add Computer wizard

Then, go back to the client machine, log back in with the local Administrator account and join the domain by opening Internet Explorer and navigating to http://<servername>/connectcomputer

Jeff
TechSoEasy
0
 

Author Comment

by:911bob
Comment Utility
Thanks for the input.. it wil probably be a day or two till I get to that... When I made the SBS Excahnge my mail server it limits me a bit what / when I can do things... so if you do not see an update for a day or so.. don't thnk I have given up.. got to master that SBS..
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
Comment Utility
Running the CEICW does not interrupt mail flow on the Exchange server at all if you select "do not change configuration" on the Email portion of the wizard.  Even if you did select that, it wouldn't interrupt mail flow for more than 5 or 10 seconds.  Basically a non-event.

Jeff
TechSoEasy
0
 

Author Comment

by:911bob
Comment Utility
re-ran the CEICW wizzard.. and the ConnectComputer only has one file called server.txt. its contents are:

<?xml version="1.0"?>
<root>
      <server ip="" domain="BSSI-SBS.local" netbios="BSSI-SBS" name="DELL1400"/>
</root>
0
 

Author Comment

by:911bob
Comment Utility
I found the issue. on installation it failed to install teh client setup pieces (IE and Outlook) at the time It gave a warining that you could not run Outlook 2003 on SBS so I did not think it should be installed...

Anyway, got it installed, and now the ConnectComputer has fiels and I can browse to it from another computer..

So now I will remove a workstation..etc..etc.. and rejoing via the web connectcomputer..

Thanks



0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
Comment Utility
So, you installed Outlook via the SBS Integrated Setup Component Selection, I hope.

Jeff
TechSoEasy
0
 

Author Comment

by:911bob
Comment Utility
yes. just the client part for installation on the local machine..

but.. I removed one computer and then added it per the instructions above.

but now on reboot-- it waits at Applying Computer Settings for 15 minutes...
Everything I find says it is DNS..
The Dell 1400 is the Only server on the network (I turned off the other one for now). The other 2 machines reboot OK
I did change from DHCP to Static on the PC with the Dell1400 IP as the DNS thinking it may help.. but no go..

and to top it all off, I still cannot connect to the computer via the RWW. so I think we went back a few steps.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
Comment Utility
Please post a complete IPCONFIG /ALL from both the server and the workstation and I'll be happy to take a look.  You ahaven't gone back a few steps...  and you don't want a static IP.

Jeff
TechSoEasy
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
Comment Utility
Also... your other question you stated a couple days ago that you got the error cannot find scw.exe.  So how did you follow the steps I listed above?  Because scw.exe is the Add Computer Wizard in the Server Management Console.

Jeff
TechSoEasy
0
 

Author Comment

by:911bob
Comment Utility
Client:
Windows IP Configuration

        Host Name . . . . . . . . . . . . : DELL-933
        Primary Dns Suffix  . . . . . . . : BSSI-SBS.local
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : BSSI-SBS.local
                                            BSSI-SBS.local

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . : BSSI-SBS.local
        Description . . . . . . . . . . . : 3Com EtherLink XL 10/100 PCI For Complete PC Management NIC (3C905C-TX)
        Physical Address. . . . . . . . . : 00-01-03-21-AB-42
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.1.150
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.1.1
        DHCP Server . . . . . . . . . . . : 192.168.1.250
        DNS Servers . . . . . . . . . . . : 192.168.1.250
        Primary WINS Server . . . . . . . : 192.168.1.250
        Lease Obtained. . . . . . . . . . : Friday, December 08, 2006 6:21:15 PM

        Lease Expires . . . . . . . . . . : Saturday, December 16, 2006 6:21:15PM

Server:
Windows IP Configuration

   Host Name . . . . . . . . . . . . : DELL1400
   Primary Dns Suffix  . . . . . . . : BSSI-SBS.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : BSSI-SBS.local

Ethernet adapter Server Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/100 Network Connection
   Physical Address. . . . . . . . . : 00-B0-D0-FC-1E-85
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.1.250
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 192.168.1.250
   Primary WINS Server . . . . . . . : 192.168.1.250


For the scw.exe... I went to Control panel.. did a add/remove for windows 2003 SBS.. and added the Client Deployment under Component Selection (it had failed on the original installation due to a message that you cannot install Outlook 2003 on an Exchange Server.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
Comment Utility
From the SBS, can you ping DELL-933 ?

0
 

Author Comment

by:911bob
Comment Utility
yes
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
Comment Utility
Can you please then, try using RWW again from inside by going to https://dell1400/remote ?  Then try to connect to DELL-933.

You will have to allow the ActiveX script to install.

Jeff
TechSoEasy
0
 

Author Comment

by:911bob
Comment Utility
Yes it works.. but is always has worked from inside... That is why I moved the question here.. I thought it was a firewall issue.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
Comment Utility
Sorry about that, but the wording in your question wasn't entirely clear:  "If I connect using the RWW from an internal machine and check the ports in use, I do see 444 and 4125 being used... but from the outside I cannot get 4125 to be active (nor and I connect to another internal computer)."  I just wanted to be absolutely sure.

And what I'm rather sure of now, is that your PIX configuration is really a problem.  I'm certainly not a PIX expert, but I can definitely recognize that the way your configuration is set, with forwarding to two different servers, is definitely a problem.  You had stated eariler that you were able to RDP to your SBS, but I don't see how that is possible because your PIX has 3389 pointing to the AMD-Server.  Since you had also mentioned that the AMD-Server was being retired, I would suggest that you do that now, and get your PIX config cleaned up so that it's understandable and tracable.

Take a look at this question to see a better looking config file: http:Q_21608138.html  (even though he had a small error in it, it was easy to spot!).

Jeff
TechSoEasy
0
 

Author Comment

by:911bob
Comment Utility
There was nothing wrong in the config, it shouldhave worked.. found the problem at the remote end.. a blocked port there..

I awarded the point to the person who confirmed the config was OK.. but I will also award points to TechSoEasy on the original question on the SBS site
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now