How do I enable "IP Routing" on SBS 2003 premium?

I've read a number of replies on your site which detail the IP config screen.  On those screen examples they show IP routing as enable.  That one item seems to be the only difference between my set-up and what I've read.  On my new server setup, I've tried to use the wizards but they didn't enable that setting.  My objective is to be able to make a VPN connection to the server. (is their any problem on trying to test that connection from a domain client?)
Who is Participating?
Jeffrey Kane - TechSoEasyConnect With a Mentor Principal ConsultantCommented:
"I changed the domain registration at net firms to instead of"

Well, is still there as your MX record.  Which you've configured TWICE for some reason (Priority 10 and 20).

"Ran the CEICW and Remote remote access referencing (for certificate)"

Well, when I go to, and view the certificate... it still only says in the "Issuer" field.  It should actually be like this instead:

CN =
CN = companyweb
CN = Server1
CN = localhost
CN = Server1.Dundee.local

Did you make any manual modifications to your DNS zones on the SBS itself?  

I have no problem getting to either or, so if you are having problems from within the LAN, you must have either changed your DNS, or you have cached lookups that are wrong.  To clear those, run IPCONFIG /FLUSHDNS at a CMD prompt.  Also be sure to delete any temporary Internet files.


Brian PiercePhotographerCommented:
chreevesAuthor Commented:
I tried the step-by-step without success.
The Wizard on my SBS2003 didn't ask me for the DHCP server IP address. (Figure C,from instructions)
My workstation is running Vista so the "remote Destop Connection" wizard is different but the vista version was still unable to make a connection.  Your continued assistance is appreciated.
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

Brian PiercePhotographerCommented:
All you have to do to enable routing is to install RRAS and select LAN routing.
chreevesAuthor Commented:
I've run RRAS, but it doesn't provide the option of selecting LAN routing.  How can i do this without the wizard?

FYI here is the ipcofig/all screen

windowsIP Configuration
  HostName:   server1
  Primary Dns Suffix:  Dundee.local
  Node Type:  Unknown
  IP Routing Enabled:  No
  WINS Proxy Enabled:  Yes
  DNS Suffix Search List:  Dundee.local

Ethernet adapter Server Local Area Connection:
  Connection-spcific DNS Suffix:
  Description:  Broadcom...
  Physical Address:  00-19..
  DHCP Enabled:  No
  IP Address:
Subnet Mask:
Default Gateway:  (blank)
DNS Servers:
Primary WINS Server:

Ethernet adapter Neetwork Connection:
  Connection ....
  Description:  Intel...
  Physical Address:  00-0E...
  DHCP Enabled:  No
  IP address:
  Subnet Mask:
  Default Gateway:
  DNS Servers:
  NetBios over TCPIP:  Disabled.

Your assistance is greatly appreciated.
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
You wouldn't normally see the "DHCP server IP address. (Figure C,from instructions)" screen if your SBS is acting as the DHCP server, which is the recommended configuration.

But this question is a clear example of how NOT to ask a question.  Sorry to single you out, but you've posted a question that is asking what you believe to be the cause of your problem without ever stating what the problem is to begin with, and while you do point out your objective, it's burried at the bottom of the question:
"My objective is to be able to make a VPN connection to the server"

Furthermore, you really should have stated that you are trying to connect a VISTA Client via VPN to your SBS Network.

Ideally... the question title might have been:

ERROR XXX when attempting VPN Connection from VISTA to SBS 2003

Now, it would also be helpful to know if you're getting Error 721 or Error 800 (my guess is that you're getting one of those).

Additionally, I see from your abbreviated IPCONFIG that you have at least one Broadcom NIC.  Be sure that you update the driver on that NIC to the very latest version (Should be dated later than June 2007 I believe), because Vista networking protocols are very sensitive to these things.

My guess is that it's the driver.  But you can also test the VPN connection from a LAN client as you were asking about.  That'll at least let you know if the SBS is working properly.

I Hope you don't mind the question pointers which will hopefully help you out on the next question you post.


chreevesAuthor Commented:
I've updated the NIC driver for the Broadcom.

When I try to navigate to on a domain vista client to test the VPN connectability. I get this error message

Error Code: 504 Proxy Timeout. The connection timed out. Fmia this event, see ISA Server Help. (10060)
IP Address:
Date: 10/15/2007 10:37:48 PM
Server: server1.Dundee.local
Source: proxy
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Well, isn't the way to test VPN connectability.
That would be how you connet to your Remote Web Workplace (RWW) which is designed to be used for those folks that have Desktop Workstations in the office to connect to those workstations from home or elsewhere.  VPN Connections should be used for domain joined laptops that are used both IN and OUT of the office.

But let's take it a step further...

When I go to, I see that the SSL Certificate you somehow created there is for  I say, somehow, because that certificate is self-signed, but you didn't create it with the SBS's Configure Email and Internet Connection Wizard (CEICW -- linked as "Connect to the Internet on the To-Do list in the Server Management Console).  Your SSL certificate shouldn't actually be for "WWW" because that host name is actually your web server which is at

It does seem as though you've created a HOST A record though for so you can use that on your SSL Certificate if you like when you run the CIECW.  The certificate name MUST match the URL used to access your server when you are running ISA Server 2004.  If it doesn't match you'll get that error you see above.

So, rerun the CEICW.  On the Certificate Screen, enter  

A visual how-to is at

Then, if you want to test RWW internally, you can either go to, or you can go to http://server1/remote.  (Externally, of course, you can only test by going to

Then if you also want to enable the VPN service, you should run the Configure Remote Access Wizard (a visual how-to is at  In that wizard you again want to enter as the FQDN you will be using for VPN connections.

chreevesAuthor Commented:
I've corrected the domain reg. so that should point to my static IP of
My exchange server is working (it's uses the same static IP)
I can make a RWW connections using http://server1/remote but get a 504 error trying a FQDN or the static IP.
Trying to test a VPN connection on a local domain connected machine fails.
Could you please continue to straighten out my setup?  Thanks
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
"Could you please continue to straighten out my setup?  Thanks"

Isn't that exactly what I did in my previous comment?  What specifically didn't you understand from my remarks above?

Because your SSL Certificate is still not correct.  Did you run the CEICW as instructed?

chreevesAuthor Commented:
I changed the domain registration at net firms to instead of
Ran the CEICW and Remote remote access referencing (for certificate)
I don't seem to be able to connect using the FQDN or IP for remote web or VPN after doing the above.
(My testing has been done from a local machine connected to the domain.)
Will work inplace of mail.full  Thanks
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.