Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Remote Web Workplace on Windows Server 2011 SBE and IIS7

Posted on 2011-09-25
14
2,592 Views
Last Modified: 2013-12-02
I just instlaled a new custom built server with Windows server 2001 SBE OS. The RWW works off of IIS7, so when I try to log into RWW from a remote machine, I get the II7 logo internet page and then a bunch of different downloads. I tohught I only needed an ActiveX of some sort to work on RWW though IIS7, but I was abviously wrong. What exaclty do I need to download /install to be able to work with this version of RWW?
0
Comment
Question by:Alex_McGyver
  • 7
  • 4
  • 3
14 Comments
 
LVL 57

Expert Comment

by:Cliff Galiher
ID: 36597459
If you are getting the IIS7 logo, that means that you have not yet run the wizards to set your domain name and certificate. The wizards set all of this up and then stamp the IIS configuration files to recognize requests coming in for that domain name. Without that, you get the default IIS7 page. As with any version of SBS, run the wizards.

-Cliff
0
 
LVL 8

Expert Comment

by:vinsvin
ID: 36597462
Install Remote Web Workplace
Log on to your server as an administrator
Run remoteww.msi from the Remote Operations Manager CD
Click Next at the welcome screen
Click Next after accepting the license agreement
Click Install
Click Finish after installation succeeds
Create an Application Pool to Support Remote Web Workplace
Start > Run > Inetmgr
Expand <server> and select Application Pools
Click Add Application Pool… in the right pane
Click OK after specifying the following settings:
Name: Remote AppPool
.NET Framework Version: .NET Framework v2.0.50727
Managed pipeline mode: Classic
Start application pool immediately: Checked
Click Advanced Settings… in the right pane
Change Idle Time-out (minutes) to 480 and click OK

Secure Remote Web Workplace
Expand Sites > Default Web Site in the left pane
Select Remote and click Basic Settings… in the right pane
Click the Select… button
Select Remote AppPool in the Application pool dropdown and click OK
Click OK
Double click Authentication in the middle pane
Select Anonymous Authentication and click Enable in the right pane
Highlight Default Web Site in the left pane and click Bindings… in the right pane
Click Add…
Select https… in the Type dropdown
Select <server>.<domain> in the SSL certification dropdown
Click OK
Click Close
Test Remote Web Workplace
Open https://<server>/remote in a web browser
Accept any certificate warnings that may be issued by your browser
Log on to Remote Web Workplace using your network logon
Verify that you can connect to a server or desktop on your network
0
 
LVL 8

Expert Comment

by:vinsvin
ID: 36597465
Setting the idle timeout for the application pool is critical when using Remote Web Workplace with IIS7 on Windows Server 2008.  This value determines the maximum duration of a remote session.  If left at the default of 20 minutes, your connection will be dropped after 20 minutes and you will receive an error VBScript: an internal error has occurred.
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 

Author Comment

by:Alex_McGyver
ID: 36602531
cgaliher,

the wizard starts automatically during the installation of Windows serer SBS so yes, I did follow it and the domain has been setup right then and there. I have not configured a certificate yet, but I don't think that has anything to do with the IIS7 page (let me know if I'm wrong of course).

vinsvin,

thank you for the detailed infor; unfortunately Windows Server 2001 SBS Standard only comes with the Windows Server 2011 installation disk and a repair kit disk. I do not have any "Remote Operations Manager CD".

Any ideas?
0
 

Author Comment

by:Alex_McGyver
ID: 36602571
Update:

I added Remote Desktop Services within the "roles". I expected it to be automatically installed on any SBS edition server (just like 2003 SBS was), but apparently it had to be done manually.

Once the installation is done and the new certificate is on, I will post another update.

Thank you
0
 
LVL 57

Expert Comment

by:Cliff Galiher
ID: 36658031
The Internet address wizard does NOT start during I etal ation. It is one of the post-installation tasks. And of course certificates are intimately tied to IIS, and RWA specifically. Finally, due to licensing, the RDS role is not visible, as that requires RDS CALs. Installing RDS via server manager will BREAK RWA, and has been covered in SBS books, the official SBS team blog, and the SBS install technet articles, including migration docs.

In short, you are actively making things worse. It is time for you to call a local SBS specialist to help you clean up and finish your server. You are in over your head.

-Cliff
0
 

Author Comment

by:Alex_McGyver
ID: 36694467
cgaliher,

with all due respect I do not understand the trouble. It has always been a pretty simple task to get everything setup in Windows Server SBS, from 2003 to 2008. I set up quite a few and they all have been working close to flawlessly since. They all feature Exchange, OWA and RWW.

Why is it all of a sudden a big deal to setup RWW on 2011 SBE??
0
 
LVL 57

Expert Comment

by:Cliff Galiher
ID: 36702322
It isn't. But you clearly went off the rails somewhere, and have been throwing attempts and random "fixes" against the wall ever since (see installing RDS, which is not necessary and BAD) and thus what WAS simple has now escalated into a real disaster recovery scenario. I don't know where things first went wrong, I wasn't there. But I know things are VERY wrong now, to the point that fixing it via EE is likely not an option. You can call MS, or an SBSC, or whoever you are comfortable dealing with. But regardless of who, I believe that at this late stage, you need a true SBS "expert" intimately familiar with the product to go in and right the ship. A couple of hours worth of work that'd be, hence outside the scope of a two or three paragraph EE response.

-Cliff
0
 

Author Comment

by:Alex_McGyver
ID: 36705140
vinsvin,

I followed your instructions to the letter (by the way great job vinsvin).

The good news is that I no longer get trasferred over to the3 IIS7 webpage; the bad news is that I get this error message: "403 - Forbidden: Access is denied.

You do not have permission to view this directory or page using the credentials that you supplied."

What do you think?
0
 

Author Comment

by:Alex_McGyver
ID: 36707559
cgaliher:

again, I respectfully disagree with you. You sound a little too drastic in your comments. The server is freshly installed and everyhting has been working smoothly the whole way. Nothing has gone wrong. Everything is up and running just fine; the only trouble I'm having is publishing teh RWW which in my opinion has something to do with a certificate (hence the ""403 - Forbidden: Access is denied" error).

I never had to call MS or an "expert" as you call them; I've always solved these kind of problems by myself and very rarely have I relied on anyone other than very few tips from EE.. It may take me a few days and a lot of research, but I will find a solution like I always do.

Thank you anyway for your help.


0
 
LVL 8

Expert Comment

by:vinsvin
ID: 36814058
Hi Alex,

That's a good news, The 4xx errors will be mostly client errors. Below is the 4xx error descreption.

400 - Bad request. The Http.sys file blocks IIS 7.0 from processing the request because of a problem in the request. Typically, this HTTP status code means that the request contains characters or sequences that are not valid or that the request contradicts the security settings in the Http.sys file.
401.1 - Logon failed. The logon attempt is unsuccessful probably because of a user name or a password that is not valid. For more information about how to resolve this problem, go to the following article number to view the article in the Microsoft Knowledge Base:
942044  Error message when you try to run a Web application that is hosted on IIS 7.0: "HTTP Error 401.1 - Not Found"
401.2 - Logon failed due to server configuration. This HTTP status code indicates a problem in the authentication configuration settings on the server. For more information about how to resolve this problem, go to the following article number to view the article in the Microsoft Knowledge Base:
942043  Error message when you try to visit a Web page that is hosted on IIS 7.0: "HTTP Error 401.2 - Unauthorized"
401.3 - Unauthorized due to ACL on resource. This HTTP status code indicates a problem in the NTFS file system permissions. This problem may occur even if the permissions are correct for the file that you are trying to access. For example, this problem occurs if the IUSR account does not have access to the C:\Winnt\System32\Inetsrv directory. For more information about how to resolve this problem, go to the following article number to view the article in the Microsoft Knowledge Base:
942042  Error message when you try to browse a Web page that is hosted on a server that is running IIS 7.0: "HTTP Error 401.3 - Unauthorized"
401.4 - Authorization failed by filter. An ISAPI filter does not let the request be processed because of an authorization problem. For more information about how to resolve this problem, click the following article number to view the article in the Microsoft Knowledge Base:
942079  Error message when you visit a Web site that is hosted on IIS 7.0: "HTTP Error 401.4 - Authorization failed by filter"
401.5 - Authorization failed by ISAPI/CGI application. An ISAPI application or a Common Gateway Interface (CGI) application does not let the request be processed because of an authorization problem. For more information about how to resolve this problem, go to the following article number to view the article in the Microsoft Knowledge Base:
942078  Error message when you visit a Web site that is hosted on a computer that is running IIS 7.0: "HTTP Error 401.5 - Authorization failed by ISAPI/CGI application"

403.1 - Execute access forbidden. The appropriate level of the Execute permission is not granted. For more information about how to resolve this problem, go to the following article number to view the article in the Microsoft Knowledge Base:
942065  Error message when you visit a Web site that is hosted on IIS 7.0: "HTTP Error 403.1 - Forbidden"
403.2 - Read access forbidden. The appropriate level of the Read permission is not granted. Verify that you have set up IIS 7.0 to grant the Read permission to the directory. Additionally, if you use a default document, verify that the default document exists. For more information about how to resolve this problem, go to the following article number to view the article in the Microsoft Knowledge Base:
942036  Error message when you visit a Web site that is hosted on IIS 7.0: "HTTP Error 403.2 - Forbidden"
403.3 - Write access forbidden. The appropriate level of the Write permission is not granted. Verify that the IIS 7.0 permissions and the NTFS file system permissions are set up to grant the Write permission to the directory. For more information about how to resolve this problem, go to the following article number to view the article in the Microsoft Knowledge Base:
942035  Error message when you visit a Web site that is hosted on IIS 7.0: "HTTP Error 403.3 – Forbidden"
0
 
LVL 8

Accepted Solution

by:
vinsvin earned 125 total points
ID: 36814066
403.8 - Site access denied. The server is configured to deny requests based on the Domain Name System (DNS) name of the client computer.

To resolve this issue, follow these steps:
In a text editor, open the ApplicationHost.config file.

The ApplicationHost.config file is in the following folder:
%SystemRoot%\system32\inetsrv\config
Locate the ipSecurity XML element.
Under the ipSecurity XML element, set the value of the allowed property of the domainName XML element for the client computer to true:
<add domainName="Client_Computer" allowed="true" />
0
 

Assisted Solution

by:Alex_McGyver
Alex_McGyver earned 0 total points
ID: 36817014
cgaliher,

as I stated in my last message, I found the solution myself, and like I had anticipated it wasn't nearly as dramatic as you made it sound: The issue was within the "IIS7-Default web site-Remote". The AppPool had switched from the original value "SBS Web Workplace AppPool" to "Remote AppPool. It took me a total of 2 hours to figure it out, so I didn't waste too much time on it and I earned myself one more bit of knowledge (plus allow me quite a bit of personal and professional satisfaction since no one else came even close to the solution).

visvin,

thank you for your detailed messages; I will accept your solution in cooperation with mine since you provided useful information instead of suggesting to thorw in the towel.
0
 

Author Closing Comment

by:Alex_McGyver
ID: 36908452
I wound up finding the solution myself, but Vinsvin helped me funnel my attention in the right direction. Good job to both of us.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question