• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 792
  • Last Modified:

RWW in 2008 SBS won't let me past the credientials...sometimes.

I'm having a really goofy problem with RWW on a Windows Server 2008 SBS box.  When a user tries to log in remotely to their computer, they will get prompted for their username and password in the typical pop-up box from Microsoft Internet Explorer.  However, the credientials do not get accepted and the box reappears.  If I reset IIS using the iisreset command, this problem goes away and the users can log in without an issue.  However, the problem will eventually reapper.  It seems to happen once or twice a day.  It is important to note that RDP works without a problem throughout all of this.

What I've tried so far:
Installed SP2 for Server 2008 and subsequent updates.
Someone else suggested, " In Exchange under Outlook Anywhere i changed Client Authentication Method to NTML authentication.  I think the problem is that you can not mix two authentication methods. Exchange and TS gateway is sharing the RPC directory under IIS and beacuse of that the same authentication method has to be used."  So I tried this and it did not fix the issue.

Any suggestions?
0
mjbegin
Asked:
mjbegin
  • 6
  • 5
1 Solution
 
RickEpnetCommented:
Have you run the Windows Small Business Server 2008 Best Practices Analyzer?

http://www.microsoft.com/downloads/details.aspx?familyid=86a1aa32-9814-484e-bd43-3e42aec7f731&displaylang=en
0
 
ConchCrawlCommented:
You should not manually configure anything to get SBS Apps to work if you run the wizards correctly and install a third party SAN SSL cert on the SBS Server.
Even though in SBS 2008 a Self-Signed Certificate is supported for use with domain-joined Microsoft Office Outlook 2007 clients and Outlook Web Access, I do not recommend long term use of the self-signed certificate for any purpose other than encrypting communications between Exchange 2007 servers within your organization. I recommend that to support many, if not all, of the Client Access server features such as Exchange ActiveSync, Outlook Web Access, and Outlook Anywhere, you obtain a certificate from either a Windows PKI or a trusted third-party CA and make sure that this certificate is imported using the SBS Console SSL Certificate wizard.
Along with running the BPA as suggested above I would also run "fix my network" wizard and post thos results here.
0
 
mjbeginAuthor Commented:
I will do everything you suggested over the course of the day tomorrow and post the results as soon as I can.
0
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
mjbeginAuthor Commented:
I have attached the BPA Scan Log and the results of the Fix My Network Wizard.  There are some RDC issues in the BPA Scan Log.  Do you think these relate to my problem?

Also, will the SAN SSL Cert allow me to do things that I couldn't with a Self-Signed Cert?  I was under the impression that they both allowed me the same functionality.  I'm trying to minimize cost to the client, and they aren't transmitting anything drastically sensitive.  I need to be able to justify the cost of a SAN SSL Cert to them.

Thanks for all the help so far!
SBSBPA.First-Scan.20100413090822.xml
Fix-My-Network.jpg
0
 
ConchCrawlCommented:

For the fix my network you can ignore the router but allow it to fix the network issue.
I'm still looking at the bpa stuff but it appears you are running SBS in VM? You also appear to have RRAS enabled?
Yes the san cert will allow you to take advantage of many things that the self-signed cannot or at the very least is much more of a pain to administer.
Here is the process I go through with SBS 2008, I have found this setup and configuration to be the least painful, hope this helps. Make sure if you get a cert from someone like godaddy to follow the instructions on installing the intermediate certificate and download the cert for IIS 7.

Even though in SBS 2008 a Self-Signed Certificate is supported for use with domain-joined Microsoft Office Outlook 2007 clients and Outlook Web Access, I do not recommend long term use of the self-signed certificate for any purpose other than encrypting communications between Exchange 2007 servers within your organization. I recommend that to support many, if not all, of the Client Access server features such as Exchange ActiveSync, Outlook Web Access, and Outlook Anywhere, you obtain a certificate from either a Windows PKI or a trusted third-party CA and make sure that this certificate is imported using the SBS Console SSL Certificate wizard.

When you run the Internet Address Wizard you need to just tell it you already have a domain and you will manage it yourself. This should let the wizard complete and configure exchange with the proper smtp addresses. I also never let the wizard configure my router. I'm usually a wizard guy but this is one area I feel more comfortable in setting up the router myself and it usually fails if the router isn't upnp.

When it asks for your external address i would use the default of "remote.externaldomain.com"
Then create a multi-domain certificate from godaddy or someone like that. The configuration of the Subjective Alternative Names (SAN) would be something like this:

remote.externaldomain.com - If you didn't choose this as your primary name.
sbsservername.internaldomain.local - this would be your internal sbs server name.
sites.internaldomain.local - this will work for your internal companyweb
autodiscover.externaldomain.com - This will help Outlook Anywhere and Activesync.

There are others you could use but these are the basics.

You will need to modify your existing external DNS with these records that are externaldomain.com I prefer to use a wildcard * to redirect everything that is not specified. The wizards will configure the rest for internaldomain.local.

This normally takes care of internal issues and external issues.
0
 
ConchCrawlCommented:
You have all kinds of issues with the SBS server based on the bpa logs, have you actually seen all the errors it is reporting?
It appears you are running a pre-release version of SBS 2008 in a VM environment and the server has not been activated?
There appears to have been a lot of manual configuration and so it looks like a lot of things are broken or at the very least not a default install of SBS?
Could you please elaborate on these issues so I can confirm what I'm seeing?
 
0
 
mjbeginAuthor Commented:
I did allow the server to fix the network issue and it looks like it worked fine.

The server is not a VM server, nor is it a pre-release version of SBS 2008.  The server is a Dell Power Edge 2900 and the software and license was purchased from Dell also.  The server is probably a little less than a year old.  Under the Windows Activation section of System Properties, the server says "Windows is Activated."

I personally did not install the SBS box, someone else in my organization did.  My guess would be that there was some manual configuration, but I'm sure the Dell configuration utility was also used.
0
 
ConchCrawlCommented:
could you rerun the bpa and either upload a screen shot or the html. I may have misread the xml file, it's very difficult to read with all data in there and I have no way of viewing the data formatted. Thanks.
0
 
ConchCrawlCommented:
Also once you've done those things and rebooted the server. Use this link to test the connectivity to your sbs apps and post any errors back to here. Your probably going to get failures due to know 3rd party ssl cert, but it'll tell us what else is happening.
https://www.testexchangeconnectivity.com/ 
0
 
mjbeginAuthor Commented:
I will do that later today when I get back to the office.
0
 
mjbeginAuthor Commented:
I have the solution...I will award points and post the solution later on today.
0
 
mjbeginAuthor Commented:
Really sorry this took so long to complete. I have been away on business and totally forgot to close this. Many thanks for all the time you put into this solution.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Windows 7 Basic

This introductory course to Windows 7 environment will teach you about working with the Windows operating system. You will learn about basic functions including start menu; the desktop; managing files, folders, and libraries.

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now