Solved

remote access with sbs 2003

Posted on 2007-04-10
12
785 Views
Last Modified: 2012-05-05
windows 2003 sbs running isa server 2004.

I cant login using vpn/rdp or remote web workplace.

We have a linksys broadband router with the public ip address connecting to the isp/internet and I port forwarded from the linksys to the private ip of the sbs 192.1681.2 these ports
443 to 443
4125 to 4125
1723 to 1723
3389 to 3389
444 to 444

they all point to the private ip of the sbs 192.168.1.2

all traffic is allowed on all networks thru the isa server - everything open.

outside users still cant connect using vpn or rww.

on the configure remote access wizard for sbs I put the sbs ip address as the server name.

Thanks!
0
Comment
Question by:tolinrome
  • 7
  • 5
12 Comments
 
LVL 7

Author Comment

by:tolinrome
Comment Utility
also im using just one network card.
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 500 total points
Comment Utility
Did you run the Configure Email and Internet Connection Wizard (CEICW -- which is linked as Connect to the Internet in the Server Management Console > To-Do List)?

If so, then what specific error are you getting when trying to access the network remotely?

Also, please post a COMPLETE ipconfig /all from the server.

Jeff
TechSoEasy
0
 
LVL 7

Author Comment

by:tolinrome
Comment Utility
the CEICW asked me if it could make the changes to the linksys router - i clicked yes. i put in the ispp's dns servers and local ip of the router (192.168.1.1) and checked the box i use a single network connection.
for additional services I only chose VPN checkbox and
and allow access for rww and sharepoint.

create a webserver certificate i chose the webserver name of the public ip address of the linksys. we dont have a public domain name in the office yet.

i selected do not change internet email configuration.

during the firewall configuration it says that it had a problem configuring the router and go to appendix c for further information. i chose to continue the rest of the setup of the wizzard which went fine.


(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator>ipconfig -all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : abkodirectsbs
   Primary Dns Suffix  . . . . . . . : abkodirect.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : abkodirect.local

PPP adapter RAS Server (Dial In) Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
   Physical Address. . . . . . . . . : 00-53-45-00-00-00
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.1.32
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Server Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connectio
   Physical Address. . . . . . . . . : 00-30-48-79-44-C4
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.1.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 192.168.1.2
   Primary WINS Server . . . . . . . : 192.168.1.2

C:\Documents and Settings\Administrator>



0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
Comment Utility
The choices you made in the CEICW sound fine, but if there was an error you need to determine what the error was and fix it.  You'll find the log file at C:\Program Files\Microsoft Windows Small Business Server\Support\icwlog.txt

You can post the lines containing the word ERROR here.  It's not necessary though to post the entire log.

Also, I had asked about the specific errors you are getting when trying to connect... please provide that information.

Jeff
TechSoeAsy

0
 
LVL 7

Author Comment

by:tolinrome
Comment Utility
I redid the CEICW and chose NOT to let the wizard to configure the linksys and now VPN is connecting but not RDP thru the VPN. I'll post in a bit the results.
Thanks.
0
 
LVL 7

Author Comment

by:tolinrome
Comment Utility
using RDP after a sucessful vpn login I get a generic windows error that just says:

"the client could not connect to the remote computer. remote connections might not be enabled (they are) or the computer might be too busy to accept new connections (its not).

network problems might be preventing your connection....please try again later etc..."

on the sbs server the enable remote connections is enabled and the user is part of the remote users group.

any ideas??
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
Comment Utility
What are you using the VPN for?  Because you don't need to connect via VPN to use RDP.  

Plus, if you want to get to the workstation's desktops, you should be using Remote Web Workplace which doesn't require a VPN connection either.  See http://sbsurl.com/rww for info on that.

I would note that because you are using the default IP Subnet from your Linksys router you may have problems connecting via VPN if the remote location also uses the 192.168.1.0 subnet.  Therefore it's best to use the recommended subnet for SBS of 192.168.16.0.  To change this, you first need to change the router's IP to 192.168.16.2, then run the Change Server IP Address Wizard on the SBS to change that to 192.168.16.2, followed by running the CEICW again just to set everything properly.

Jeff
TechSoEasy
0
 
LVL 7

Author Comment

by:tolinrome
Comment Utility
I was using vpn because that how I setup the last network I was working with (not an sbs server network). But I now see how different sbs is.

I tried using the RWW https://servername/remote but it doesnt work.

thanks I'll make those changes and let you know.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
Comment Utility
Internally, you wouldn't use https://servername/remote, you'd just use http://servername/remote.  But again, saying "it doesn't work" doesn't give me much to go on in order to offer you any further suggestion as to how to fix it.

Jeff
TechSoEasy
0
 
LVL 7

Author Comment

by:tolinrome
Comment Utility
yes internally http://servername/remote works fine, its from remotely that it doesnt work - the typical webpage saying it cant be found. My goal is to have rdp access so I can manage the server remotely and RWW so the employees can remote in to their desktops.

The strange thing is that I can connect vpn, but not rdp even though the isa firewall is allow everythign in and out and the ports are forwarded fromn the linksys router to the internal server.

Also, even if I did change the subnet to 192.168.16.0, I wouldnt be able to forward the ports in tyhe linksys because the default settings in the linksys of 192.168.1.X cannot be changed.

When I previously ran the CEICW and Remote Access wizard and the only "error" was that the sbs server couldnt configure the linksys so it prompted me to run the wizard again and choose NOT to have it configure the linksys, which I did and it was sucessful.

maybe it has somethign to do with the creating of the web certificate? I entered the public ip address of the linksys for that.

Thanks again.



0
 
LVL 7

Author Comment

by:tolinrome
Comment Utility
I just did another test and when I connected using vpn then using remote desktop I used the public ip address of the linksys router instead of the sbs server name or ip address and it was able to log me into the server. If I use the sbs servername or private ip address it doesnt work, even though Im connected to the network withthe vpn.

Is this because internal DNS cant resolve the servername?

Thanks....
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
Comment Utility
What do you mean the default settings of the linksys router cannot be changed?  Do you not have access to the router's control panel?

"when I connected using vpn then using remote desktop I used the public ip address of the linksys router instead of the sbs server name or ip address and it was able to log me into the server."

This is because the VPN Connection you created is not using the SBS as the default gateway.   You must have created a manual VPN connection rather than using the Small Business Server Connection Manager downloaded from the RWW main menu.

And as for the certificate?  What do you mean you entered the IP address for the linksys for that?  You should either be using your Externally routable FQDN or the EXTERNAL IP Address if you don't have an externally routable FQDN configured with your ISP.

Since you never provided the info from the icwlog.txt it's going to be difficult for me to help you determine what else may be wrong.

Jeff
TechSoEasy

0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Suggested Solutions

Because virtualization becomes more and more common, and, with Microsoft Hyper-V included in Windows Server at no additional costs, and, most server hardware nowadays is more than capable of running a physical Small Business Server (SBS) 2008 or 201…
I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now