Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 7663
  • Last Modified:

SBS 2008 RWW cannot connect to client computers

I migrated from sbs 2003 to sbs 2008 and for the most part things went smoothly. Two main problems; clients cannot connect to computers using the RWW and our external website no longer works.

We can access our remote site and check emails, however when logging into the client computer we get an error VBScript: remote desktop disconnected. An internal error has occured (50331676)

In the event log for terminal services gateway I get this event

Log Name:      Microsoft-Windows-TerminalServices-Gateway/Operational
Source:        Microsoft-Windows-TerminalServices-Gateway
Date:          2/19/2009 8:46:42 AM
Event ID:      201
Task Category: (2)
Level:         Error
Keywords:      Audit Failure,(16777216)
User:          NETWORK SERVICE
Computer:      NORWALK1.dvcc.local
Description:
The user "dvcc\DDuBose", on client computer "67.87.115.243", did not meet connection authorization policy requirements and was therefore not authorized to access the TS Gateway server. The following authentication method was attempted: "NTLM". The following error occurred: "23003".
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-TerminalServices-Gateway" Guid="{4d5ae6a1-c7c8-4e6d-b840-4d8080b42e1b}" />
    <EventID>201</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>2</Task>
    <Opcode>30</Opcode>
    <Keywords>0x4010000001000000</Keywords>
    <TimeCreated SystemTime="2009-02-19T13:46:42.523Z" />
    <EventRecordID>83</EventRecordID>
    <Correlation />
    <Execution ProcessID="5312" ThreadID="5412" />
    <Channel>Microsoft-Windows-TerminalServices-Gateway/Operational</Channel>
    <Computer>NORWALK1.dvcc.local</Computer>
    <Security UserID="S-1-5-20" />
  </System>
  <UserData>
    <EventInfo xmlns="aag">
      <Username>dvcc\DDuBose</Username>
      <IpAddress>67.87.115.243</IpAddress>
      <AuthType>NTLM</AuthType>
      <Resource>
      </Resource>
      <ErrorCode>23003</ErrorCode>
    </EventInfo>
  </UserData>
</Event>
This was not a problem in SBS 2003, not sure what I am missing here. Can someone shead some light on this for me?
0
Badink
Asked:
Badink
  • 6
  • 4
  • 2
  • +2
1 Solution
 
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
Did you complete the Getting Started Tasks (more obvious question ;))?

Are you using the self issued certificate? Do users get the Red Shield in IE when connecting to the RWW?

If you are, go get yourself an inexpensive third party certificate and use the wizard to import it into SBS. That will fix any SSL related errors.

For remote clients, if you are using the self-issued cert, you need to copy the certificate package out of \\SBS\Public\Downloads onto a USB stick and take it home to import it. Once imported, your URL will show a proper lock on RWW and your TS Gateway should work properly.

Philip
0
 
suppsawsCommented:
Philip, now that you are here, and this might be also interesting to this question...
Is there some more info on the ts gateway policies on SBS 2008?
Where exactly does it check for?
Is the only check the SSL cert?, domain user and domain computer, or are there other checks?

The only three conditions I see are:
NAS port type (VPN)
user groups: domain users
called station ID: user auth type (SC|PW)

now where comes the cert in play?

I am still wayting for the blueprint book, I hope it will cover that :-)

and for the user:
check out this link:
http://technet.microsoft.com/en-us/library/cc775130.aspx

0
 
BadinkAuthor Commented:
No red shield, cert is self-signed, but it is imported and I get a lock. Is there a way to turn off the NTLM authorization, just for testing purposes?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
suppsawsCommented:
how did you imort this cert?
maybe it's not the same cert, but the basics are the same:
http://sbs.seandaniel.com/2009/02/installing-godaddy-standard-ssl.html
0
 
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
Does the client connecting have XP SP3 or Vista SP1 applied? You need RDP Client 6.1 to properly connect to a remote desktop via RWW.

Philip
0
 
BadinkAuthor Commented:
Installed RDP Client 6.1, still getting the same error "connection authorization policy requirements"
0
 
suppsawsCommented:
did you check this page?
http://sbs.editme.com/sbs2008rww
0
 
BadinkAuthor Commented:
Ok thanks for the link, check tried all suggestions, still same message. I did look at the owa and remote under sites and I see that owa is basic and network authorization and remote is anonymous and forms, tried changing remote to basic and network and lost promt to logon to computers. I think I may just need to remove the server roles and rebuild.
0
 
BadinkAuthor Commented:
Never mind I fixed it! It was a network policy error and not a certificate error. Thanks anyway
0
 
suppsawsCommented:
what did you do exactly to fix it?
0
 
BadinkAuthor Commented:
I reset the permissions in the NPS, I still have  a problem. Now some computers can connect and some get a certificate error. I have a third party cert, I don't know why some can and some can't? Anyone know?
0
 
BadinkAuthor Commented:
Sorry you did request exactly how I fixed it. In the NPS  - policies - network policy - TSG Maker - Access policy

click grant access and uncheck "ignore user account dial-in"
0
 
merikmCommented:
I have a similar issue, where i have reset the nps, reset the cert that tsgateway looks at, reinstalled the certs on the remote workstations, but i get a few that connect and others cannot.  It is the same for xp, vista and window 7 with intermittent connections.  Is there something else to this service to get it to work?
0
 
PRJ1970Commented:
Did you ever resolve this? I'm having a similar issue.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 6
  • 4
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now