[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

How do I enable "IP Routing"  on SBS 2003 premium?

Posted on 2007-10-14
11
Medium Priority
?
416 Views
Last Modified: 2008-11-17
I've read a number of replies on your site which detail the IP config screen.  On those screen examples they show IP routing as enable.  That one item seems to be the only difference between my set-up and what I've read.  On my new server setup, I've tried to use the wizards but they didn't enable that setting.  My objective is to be able to make a VPN connection to the server. (is their any problem on trying to test that connection from a domain client?)
0
Comment
Question by:chreeves
  • 5
  • 4
  • 2
11 Comments
 
LVL 70

Expert Comment

by:KCTS
ID: 20077012
0
 

Author Comment

by:chreeves
ID: 20079902
I tried the step-by-step without success.
The Wizard on my SBS2003 didn't ask me for the DHCP server IP address. (Figure C,from instructions)
My workstation is running Vista so the "remote Destop Connection" wizard is different but the vista version was still unable to make a connection.  Your continued assistance is appreciated.
0
 
LVL 70

Expert Comment

by:KCTS
ID: 20079977
All you have to do to enable routing is to install RRAS and select LAN routing.
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 

Author Comment

by:chreeves
ID: 20080687
I've run RRAS, but it doesn't provide the option of selecting LAN routing.  How can i do this without the wizard?

FYI here is the ipcofig/all screen

windowsIP Configuration
  HostName:   server1
  Primary Dns Suffix:  Dundee.local
  Node Type:  Unknown
  IP Routing Enabled:  No
  WINS Proxy Enabled:  Yes
  DNS Suffix Search List:  Dundee.local

Ethernet adapter Server Local Area Connection:
  Connection-spcific DNS Suffix:
  Description:  Broadcom...
  Physical Address:  00-19..
  DHCP Enabled:  No
  IP Address:  192.168.16.2
Subnet Mask:  255.255.255.0
Default Gateway:  (blank)
DNS Servers:  192.168.16.2
Primary WINS Server:  192.168.16.2

Ethernet adapter Neetwork Connection:
  Connection ....
  Description:  Intel...
  Physical Address:  00-0E...
  DHCP Enabled:  No
  IP address:  192.168.200.2
  Subnet Mask:  255.255.255.0
  Default Gateway:  192.168.200.1
  DNS Servers:  192.168.16.2
  NetBios over TCPIP:  Disabled.

Your assistance is greatly appreciated.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 20081104
You wouldn't normally see the "DHCP server IP address. (Figure C,from instructions)" screen if your SBS is acting as the DHCP server, which is the recommended configuration.

But this question is a clear example of how NOT to ask a question.  Sorry to single you out, but you've posted a question that is asking what you believe to be the cause of your problem without ever stating what the problem is to begin with, and while you do point out your objective, it's burried at the bottom of the question:
"My objective is to be able to make a VPN connection to the server"

Furthermore, you really should have stated that you are trying to connect a VISTA Client via VPN to your SBS Network.

Ideally... the question title might have been:

ERROR XXX when attempting VPN Connection from VISTA to SBS 2003

Now, it would also be helpful to know if you're getting Error 721 or Error 800 (my guess is that you're getting one of those).

Additionally, I see from your abbreviated IPCONFIG that you have at least one Broadcom NIC.  Be sure that you update the driver on that NIC to the very latest version (Should be dated later than June 2007 I believe), because Vista networking protocols are very sensitive to these things.

My guess is that it's the driver.  But you can also test the VPN connection from a LAN client as you were asking about.  That'll at least let you know if the SBS is working properly.

I Hope you don't mind the question pointers which will hopefully help you out on the next question you post.

Jeff
TechSoEasy



0
 

Author Comment

by:chreeves
ID: 20082026
I've updated the NIC driver for the Broadcom.

When I try to navigate to https://209.89.10.167/remote on a domain vista client to test the VPN connectability. I get this error message

Error Code: 504 Proxy Timeout. The connection timed out. Fmia this event, see ISA Server Help. (10060)
IP Address: 209.89.10.167
Date: 10/15/2007 10:37:48 PM
Server: server1.Dundee.local
Source: proxy
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 20082258
Well, https://209.89.10.167/remote isn't the way to test VPN connectability.
That would be how you connet to your Remote Web Workplace (RWW) which is designed to be used for those folks that have Desktop Workstations in the office to connect to those workstations from home or elsewhere.  VPN Connections should be used for domain joined laptops that are used both IN and OUT of the office.

But let's take it a step further...

When I go to https://209.89.10.167/remote, I see that the SSL Certificate you somehow created there is for www.fullfinancial.ca.  I say, somehow, because that certificate is self-signed, but you didn't create it with the SBS's Configure Email and Internet Connection Wizard (CEICW -- linked as "Connect to the Internet on the To-Do list in the Server Management Console).  Your SSL certificate shouldn't actually be for "WWW".fullfinancial.ca because that host name is actually your web server which is at netfirms.com.

It does seem as though you've created a HOST A record though for mail.fullfinancial.ca so you can use that on your SSL Certificate if you like when you run the CIECW.  The certificate name MUST match the URL used to access your server when you are running ISA Server 2004.  If it doesn't match you'll get that error you see above.

So, rerun the CEICW.  On the Certificate Screen, enter mail.fullfinancial.ca.  

A visual how-to is at http://sbsurl.com/ceicw

Then, if you want to test RWW internally, you can either go to https://mail.fullfinancial.ca/remote, or you can go to http://server1/remote.  (Externally, of course, you can only test by going to https://mail.fullfinancial.ca/remote).

Then if you also want to enable the VPN service, you should run the Configure Remote Access Wizard (a visual how-to is at http://sbsurl.com/vpn).  In that wizard you again want to enter mail.fullfinancial.ca as the FQDN you will be using for VPN connections.

Jeff
TechSoEasy
0
 

Author Comment

by:chreeves
ID: 20097205
I've corrected the domain reg. so that www.fullfinancial.ca should point to my static IP of 209.89.10.167.
My exchange server is working (it's uses the same static IP)
I can make a RWW connections using http://server1/remote but get a 504 error trying a FQDN or the static IP.
Trying to test a VPN connection on a local domain connected machine fails.
Could you please continue to straighten out my setup?  Thanks
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 20097297
"Could you please continue to straighten out my setup?  Thanks"

Isn't that exactly what I did in my previous comment?  What specifically didn't you understand from my remarks above?

Because your SSL Certificate is still not correct.  Did you run the CEICW as instructed?

Jeff
TechSoEasy
0
 

Author Comment

by:chreeves
ID: 20097384
I changed the domain registration at net firms to www.fullfinancial.ca instead of mail.fullfinancial.ca.
Ran the CEICW and Remote remote access referencing www.fullfinancial.ca (for certificate)
I don't seem to be able to connect using the FQDN or IP for remote web or VPN after doing the above.
(My testing has been done from a local machine connected to the domain.)
Will www.fullfinancial.ca work inplace of mail.full financial.ca?  Thanks
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 750 total points
ID: 20097723
"I changed the domain registration at net firms to www.fullfinancial.ca instead of mail.fullfinancial.ca."

Well, mail.fullfinancial.ca is still there as your MX record.  Which you've configured TWICE for some reason (Priority 10 and 20).

"Ran the CEICW and Remote remote access referencing www.fullfinancial.ca (for certificate)"

Well, when I go to https://www.fullfinancial.ca/remote, and view the certificate... it still only says www.fullfinancial.ca in the "Issuer" field.  It should actually be like this instead:

CN = www.fullfinancial.ca
CN = companyweb
CN = Server1
CN = localhost
CN = Server1.Dundee.local

Did you make any manual modifications to your DNS zones on the SBS itself?  

I have no problem getting to either https://www.fullfinancial.ca/exchange or https://www.fullfinancial.ca/remote, so if you are having problems from within the LAN, you must have either changed your DNS, or you have cached lookups that are wrong.  To clear those, run IPCONFIG /FLUSHDNS at a CMD prompt.  Also be sure to delete any temporary Internet files.

Jeff
TechSoEasy

0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are a user of the discontinued Microsoft Office Accounting 2008 (MSOA) and have to move to a new computer running Windows 8, you will be unhappy to discover that it won't install.  In particular, Microsoft SQL Server 2005 Express Edition (SSE…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

865 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question