Link to home
Start Free TrialLog in
Avatar of chreeves
chreevesFlag for Canada

asked on

How do I enable "IP Routing" on SBS 2003 premium?

I've read a number of replies on your site which detail the IP config screen.  On those screen examples they show IP routing as enable.  That one item seems to be the only difference between my set-up and what I've read.  On my new server setup, I've tried to use the wizards but they didn't enable that setting.  My objective is to be able to make a VPN connection to the server. (is their any problem on trying to test that connection from a domain client?)
Avatar of Brian Pierce
Brian Pierce
Flag of United Kingdom of Great Britain and Northern Ireland image

Avatar of chreeves

ASKER

I tried the step-by-step without success.
The Wizard on my SBS2003 didn't ask me for the DHCP server IP address. (Figure C,from instructions)
My workstation is running Vista so the "remote Destop Connection" wizard is different but the vista version was still unable to make a connection.  Your continued assistance is appreciated.
All you have to do to enable routing is to install RRAS and select LAN routing.
I've run RRAS, but it doesn't provide the option of selecting LAN routing.  How can i do this without the wizard?

FYI here is the ipcofig/all screen

windowsIP Configuration
  HostName:   server1
  Primary Dns Suffix:  Dundee.local
  Node Type:  Unknown
  IP Routing Enabled:  No
  WINS Proxy Enabled:  Yes
  DNS Suffix Search List:  Dundee.local

Ethernet adapter Server Local Area Connection:
  Connection-spcific DNS Suffix:
  Description:  Broadcom...
  Physical Address:  00-19..
  DHCP Enabled:  No
  IP Address:  192.168.16.2
Subnet Mask:  255.255.255.0
Default Gateway:  (blank)
DNS Servers:  192.168.16.2
Primary WINS Server:  192.168.16.2

Ethernet adapter Neetwork Connection:
  Connection ....
  Description:  Intel...
  Physical Address:  00-0E...
  DHCP Enabled:  No
  IP address:  192.168.200.2
  Subnet Mask:  255.255.255.0
  Default Gateway:  192.168.200.1
  DNS Servers:  192.168.16.2
  NetBios over TCPIP:  Disabled.

Your assistance is greatly appreciated.
You wouldn't normally see the "DHCP server IP address. (Figure C,from instructions)" screen if your SBS is acting as the DHCP server, which is the recommended configuration.

But this question is a clear example of how NOT to ask a question.  Sorry to single you out, but you've posted a question that is asking what you believe to be the cause of your problem without ever stating what the problem is to begin with, and while you do point out your objective, it's burried at the bottom of the question:
"My objective is to be able to make a VPN connection to the server"

Furthermore, you really should have stated that you are trying to connect a VISTA Client via VPN to your SBS Network.

Ideally... the question title might have been:

ERROR XXX when attempting VPN Connection from VISTA to SBS 2003

Now, it would also be helpful to know if you're getting Error 721 or Error 800 (my guess is that you're getting one of those).

Additionally, I see from your abbreviated IPCONFIG that you have at least one Broadcom NIC.  Be sure that you update the driver on that NIC to the very latest version (Should be dated later than June 2007 I believe), because Vista networking protocols are very sensitive to these things.

My guess is that it's the driver.  But you can also test the VPN connection from a LAN client as you were asking about.  That'll at least let you know if the SBS is working properly.

I Hope you don't mind the question pointers which will hopefully help you out on the next question you post.

Jeff
TechSoEasy



I've updated the NIC driver for the Broadcom.

When I try to navigate to https://209.89.10.167/remote on a domain vista client to test the VPN connectability. I get this error message

Error Code: 504 Proxy Timeout. The connection timed out. Fmia this event, see ISA Server Help. (10060)
IP Address: 209.89.10.167
Date: 10/15/2007 10:37:48 PM
Server: server1.Dundee.local
Source: proxy
Well, https://209.89.10.167/remote isn't the way to test VPN connectability.
That would be how you connet to your Remote Web Workplace (RWW) which is designed to be used for those folks that have Desktop Workstations in the office to connect to those workstations from home or elsewhere.  VPN Connections should be used for domain joined laptops that are used both IN and OUT of the office.

But let's take it a step further...

When I go to https://209.89.10.167/remote, I see that the SSL Certificate you somehow created there is for www.fullfinancial.ca.  I say, somehow, because that certificate is self-signed, but you didn't create it with the SBS's Configure Email and Internet Connection Wizard (CEICW -- linked as "Connect to the Internet on the To-Do list in the Server Management Console).  Your SSL certificate shouldn't actually be for "WWW".fullfinancial.ca because that host name is actually your web server which is at netfirms.com.

It does seem as though you've created a HOST A record though for mail.fullfinancial.ca so you can use that on your SSL Certificate if you like when you run the CIECW.  The certificate name MUST match the URL used to access your server when you are running ISA Server 2004.  If it doesn't match you'll get that error you see above.

So, rerun the CEICW.  On the Certificate Screen, enter mail.fullfinancial.ca.  

A visual how-to is at http://sbsurl.com/ceicw

Then, if you want to test RWW internally, you can either go to https://mail.fullfinancial.ca/remote, or you can go to http://server1/remote.  (Externally, of course, you can only test by going to https://mail.fullfinancial.ca/remote).

Then if you also want to enable the VPN service, you should run the Configure Remote Access Wizard (a visual how-to is at http://sbsurl.com/vpn).  In that wizard you again want to enter mail.fullfinancial.ca as the FQDN you will be using for VPN connections.

Jeff
TechSoEasy
I've corrected the domain reg. so that www.fullfinancial.ca should point to my static IP of 209.89.10.167.
My exchange server is working (it's uses the same static IP)
I can make a RWW connections using http://server1/remote but get a 504 error trying a FQDN or the static IP.
Trying to test a VPN connection on a local domain connected machine fails.
Could you please continue to straighten out my setup?  Thanks
"Could you please continue to straighten out my setup?  Thanks"

Isn't that exactly what I did in my previous comment?  What specifically didn't you understand from my remarks above?

Because your SSL Certificate is still not correct.  Did you run the CEICW as instructed?

Jeff
TechSoEasy
I changed the domain registration at net firms to www.fullfinancial.ca instead of mail.fullfinancial.ca.
Ran the CEICW and Remote remote access referencing www.fullfinancial.ca (for certificate)
I don't seem to be able to connect using the FQDN or IP for remote web or VPN after doing the above.
(My testing has been done from a local machine connected to the domain.)
Will www.fullfinancial.ca work inplace of mail.full financial.ca?  Thanks
ASKER CERTIFIED SOLUTION
Avatar of Jeffrey Kane - TechSoEasy
Jeffrey Kane - TechSoEasy
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial