remote access with sbs 2003
windows 2003 sbs running isa server 2004.
I cant login using vpn/rdp or remote web workplace.
We have a linksys broadband router with the public ip address connecting to the isp/internet and I port forwarded from the linksys to the private ip of the sbs 192.1681.2 these ports
443 to 443
4125 to 4125
1723 to 1723
3389 to 3389
444 to 444
they all point to the private ip of the sbs 192.168.1.2
all traffic is allowed on all networks thru the isa server - everything open.
outside users still cant connect using vpn or rww.
on the configure remote access wizard for sbs I put the sbs ip address as the server name.
Thanks!
I cant login using vpn/rdp or remote web workplace.
We have a linksys broadband router with the public ip address connecting to the isp/internet and I port forwarded from the linksys to the private ip of the sbs 192.1681.2 these ports
443 to 443
4125 to 4125
1723 to 1723
3389 to 3389
444 to 444
they all point to the private ip of the sbs 192.168.1.2
all traffic is allowed on all networks thru the isa server - everything open.
outside users still cant connect using vpn or rww.
on the configure remote access wizard for sbs I put the sbs ip address as the server name.
Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
the CEICW asked me if it could make the changes to the linksys router - i clicked yes. i put in the ispp's dns servers and local ip of the router (192.168.1.1) and checked the box i use a single network connection.
for additional services I only chose VPN checkbox and
and allow access for rww and sharepoint.
create a webserver certificate i chose the webserver name of the public ip address of the linksys. we dont have a public domain name in the office yet.
i selected do not change internet email configuration.
during the firewall configuration it says that it had a problem configuring the router and go to appendix c for further information. i chose to continue the rest of the setup of the wizzard which went fine.
(C) Copyright 1985-2003 Microsoft Corp.
C:\Documents and Settings\Administrator>ipc
Windows IP Configuration
Host Name . . . . . . . . . . . . : abkodirectsbs
Primary Dns Suffix . . . . . . . : abkodirect.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : abkodirect.local
PPP adapter RAS Server (Dial In) Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.32
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled
Ethernet adapter Server Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connectio
Physical Address. . . . . . . . . : 00-30-48-79-44-C4
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.2
Primary WINS Server . . . . . . . : 192.168.1.2
C:\Documents and Settings\Administrator>
for additional services I only chose VPN checkbox and
and allow access for rww and sharepoint.
create a webserver certificate i chose the webserver name of the public ip address of the linksys. we dont have a public domain name in the office yet.
i selected do not change internet email configuration.
during the firewall configuration it says that it had a problem configuring the router and go to appendix c for further information. i chose to continue the rest of the setup of the wizzard which went fine.
(C) Copyright 1985-2003 Microsoft Corp.
C:\Documents and Settings\Administrator>ipc
Windows IP Configuration
Host Name . . . . . . . . . . . . : abkodirectsbs
Primary Dns Suffix . . . . . . . : abkodirect.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : abkodirect.local
PPP adapter RAS Server (Dial In) Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.32
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled
Ethernet adapter Server Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connectio
Physical Address. . . . . . . . . : 00-30-48-79-44-C4
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.2
Primary WINS Server . . . . . . . : 192.168.1.2
C:\Documents and Settings\Administrator>
The choices you made in the CEICW sound fine, but if there was an error you need to determine what the error was and fix it. You'll find the log file at C:\Program Files\Microsoft Windows Small Business Server\Support\icwlog.txt
You can post the lines containing the word ERROR here. It's not necessary though to post the entire log.
Also, I had asked about the specific errors you are getting when trying to connect... please provide that information.
Jeff
TechSoeAsy
You can post the lines containing the word ERROR here. It's not necessary though to post the entire log.
Also, I had asked about the specific errors you are getting when trying to connect... please provide that information.
Jeff
TechSoeAsy
ASKER
I redid the CEICW and chose NOT to let the wizard to configure the linksys and now VPN is connecting but not RDP thru the VPN. I'll post in a bit the results.
Thanks.
Thanks.
ASKER
using RDP after a sucessful vpn login I get a generic windows error that just says:
"the client could not connect to the remote computer. remote connections might not be enabled (they are) or the computer might be too busy to accept new connections (its not).
network problems might be preventing your connection....please try again later etc..."
on the sbs server the enable remote connections is enabled and the user is part of the remote users group.
any ideas??
"the client could not connect to the remote computer. remote connections might not be enabled (they are) or the computer might be too busy to accept new connections (its not).
network problems might be preventing your connection....please try again later etc..."
on the sbs server the enable remote connections is enabled and the user is part of the remote users group.
any ideas??
What are you using the VPN for? Because you don't need to connect via VPN to use RDP.
Plus, if you want to get to the workstation's desktops, you should be using Remote Web Workplace which doesn't require a VPN connection either. See http://sbsurl.com/rww for info on that.
I would note that because you are using the default IP Subnet from your Linksys router you may have problems connecting via VPN if the remote location also uses the 192.168.1.0 subnet. Therefore it's best to use the recommended subnet for SBS of 192.168.16.0. To change this, you first need to change the router's IP to 192.168.16.2, then run the Change Server IP Address Wizard on the SBS to change that to 192.168.16.2, followed by running the CEICW again just to set everything properly.
Jeff
TechSoEasy
Plus, if you want to get to the workstation's desktops, you should be using Remote Web Workplace which doesn't require a VPN connection either. See http://sbsurl.com/rww for info on that.
I would note that because you are using the default IP Subnet from your Linksys router you may have problems connecting via VPN if the remote location also uses the 192.168.1.0 subnet. Therefore it's best to use the recommended subnet for SBS of 192.168.16.0. To change this, you first need to change the router's IP to 192.168.16.2, then run the Change Server IP Address Wizard on the SBS to change that to 192.168.16.2, followed by running the CEICW again just to set everything properly.
Jeff
TechSoEasy
ASKER
I was using vpn because that how I setup the last network I was working with (not an sbs server network). But I now see how different sbs is.
I tried using the RWW https://servername/remote but it doesnt work.
thanks I'll make those changes and let you know.
I tried using the RWW https://servername/remote but it doesnt work.
thanks I'll make those changes and let you know.
Internally, you wouldn't use https://servername/remote, you'd just use http://servername/remote. But again, saying "it doesn't work" doesn't give me much to go on in order to offer you any further suggestion as to how to fix it.
Jeff
TechSoEasy
Jeff
TechSoEasy
ASKER
yes internally http://servername/remote works fine, its from remotely that it doesnt work - the typical webpage saying it cant be found. My goal is to have rdp access so I can manage the server remotely and RWW so the employees can remote in to their desktops.
The strange thing is that I can connect vpn, but not rdp even though the isa firewall is allow everythign in and out and the ports are forwarded fromn the linksys router to the internal server.
Also, even if I did change the subnet to 192.168.16.0, I wouldnt be able to forward the ports in tyhe linksys because the default settings in the linksys of 192.168.1.X cannot be changed.
When I previously ran the CEICW and Remote Access wizard and the only "error" was that the sbs server couldnt configure the linksys so it prompted me to run the wizard again and choose NOT to have it configure the linksys, which I did and it was sucessful.
maybe it has somethign to do with the creating of the web certificate? I entered the public ip address of the linksys for that.
Thanks again.
The strange thing is that I can connect vpn, but not rdp even though the isa firewall is allow everythign in and out and the ports are forwarded fromn the linksys router to the internal server.
Also, even if I did change the subnet to 192.168.16.0, I wouldnt be able to forward the ports in tyhe linksys because the default settings in the linksys of 192.168.1.X cannot be changed.
When I previously ran the CEICW and Remote Access wizard and the only "error" was that the sbs server couldnt configure the linksys so it prompted me to run the wizard again and choose NOT to have it configure the linksys, which I did and it was sucessful.
maybe it has somethign to do with the creating of the web certificate? I entered the public ip address of the linksys for that.
Thanks again.
ASKER
I just did another test and when I connected using vpn then using remote desktop I used the public ip address of the linksys router instead of the sbs server name or ip address and it was able to log me into the server. If I use the sbs servername or private ip address it doesnt work, even though Im connected to the network withthe vpn.
Is this because internal DNS cant resolve the servername?
Thanks....
Is this because internal DNS cant resolve the servername?
Thanks....
What do you mean the default settings of the linksys router cannot be changed? Do you not have access to the router's control panel?
"when I connected using vpn then using remote desktop I used the public ip address of the linksys router instead of the sbs server name or ip address and it was able to log me into the server."
This is because the VPN Connection you created is not using the SBS as the default gateway. You must have created a manual VPN connection rather than using the Small Business Server Connection Manager downloaded from the RWW main menu.
And as for the certificate? What do you mean you entered the IP address for the linksys for that? You should either be using your Externally routable FQDN or the EXTERNAL IP Address if you don't have an externally routable FQDN configured with your ISP.
Since you never provided the info from the icwlog.txt it's going to be difficult for me to help you determine what else may be wrong.
Jeff
TechSoEasy
"when I connected using vpn then using remote desktop I used the public ip address of the linksys router instead of the sbs server name or ip address and it was able to log me into the server."
This is because the VPN Connection you created is not using the SBS as the default gateway. You must have created a manual VPN connection rather than using the Small Business Server Connection Manager downloaded from the RWW main menu.
And as for the certificate? What do you mean you entered the IP address for the linksys for that? You should either be using your Externally routable FQDN or the EXTERNAL IP Address if you don't have an externally routable FQDN configured with your ISP.
Since you never provided the info from the icwlog.txt it's going to be difficult for me to help you determine what else may be wrong.
Jeff
TechSoEasy
ASKER