Solved

Remote Web Workplace on Windows Server 2011 SBE and IIS7

Posted on 2011-09-25
14
2,554 Views
Last Modified: 2013-12-02
I just instlaled a new custom built server with Windows server 2001 SBE OS. The RWW works off of IIS7, so when I try to log into RWW from a remote machine, I get the II7 logo internet page and then a bunch of different downloads. I tohught I only needed an ActiveX of some sort to work on RWW though IIS7, but I was abviously wrong. What exaclty do I need to download /install to be able to work with this version of RWW?
0
Comment
Question by:Alex_McGyver
  • 7
  • 4
  • 3
14 Comments
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 36597459
If you are getting the IIS7 logo, that means that you have not yet run the wizards to set your domain name and certificate. The wizards set all of this up and then stamp the IIS configuration files to recognize requests coming in for that domain name. Without that, you get the default IIS7 page. As with any version of SBS, run the wizards.

-Cliff
0
 
LVL 8

Expert Comment

by:vinsvin
ID: 36597462
Install Remote Web Workplace
Log on to your server as an administrator
Run remoteww.msi from the Remote Operations Manager CD
Click Next at the welcome screen
Click Next after accepting the license agreement
Click Install
Click Finish after installation succeeds
Create an Application Pool to Support Remote Web Workplace
Start > Run > Inetmgr
Expand <server> and select Application Pools
Click Add Application Pool… in the right pane
Click OK after specifying the following settings:
Name: Remote AppPool
.NET Framework Version: .NET Framework v2.0.50727
Managed pipeline mode: Classic
Start application pool immediately: Checked
Click Advanced Settings… in the right pane
Change Idle Time-out (minutes) to 480 and click OK

Secure Remote Web Workplace
Expand Sites > Default Web Site in the left pane
Select Remote and click Basic Settings… in the right pane
Click the Select… button
Select Remote AppPool in the Application pool dropdown and click OK
Click OK
Double click Authentication in the middle pane
Select Anonymous Authentication and click Enable in the right pane
Highlight Default Web Site in the left pane and click Bindings… in the right pane
Click Add…
Select https… in the Type dropdown
Select <server>.<domain> in the SSL certification dropdown
Click OK
Click Close
Test Remote Web Workplace
Open https://<server>/remote in a web browser
Accept any certificate warnings that may be issued by your browser
Log on to Remote Web Workplace using your network logon
Verify that you can connect to a server or desktop on your network
0
 
LVL 8

Expert Comment

by:vinsvin
ID: 36597465
Setting the idle timeout for the application pool is critical when using Remote Web Workplace with IIS7 on Windows Server 2008.  This value determines the maximum duration of a remote session.  If left at the default of 20 minutes, your connection will be dropped after 20 minutes and you will receive an error VBScript: an internal error has occurred.
0
 

Author Comment

by:Alex_McGyver
ID: 36602531
cgaliher,

the wizard starts automatically during the installation of Windows serer SBS so yes, I did follow it and the domain has been setup right then and there. I have not configured a certificate yet, but I don't think that has anything to do with the IIS7 page (let me know if I'm wrong of course).

vinsvin,

thank you for the detailed infor; unfortunately Windows Server 2001 SBS Standard only comes with the Windows Server 2011 installation disk and a repair kit disk. I do not have any "Remote Operations Manager CD".

Any ideas?
0
 

Author Comment

by:Alex_McGyver
ID: 36602571
Update:

I added Remote Desktop Services within the "roles". I expected it to be automatically installed on any SBS edition server (just like 2003 SBS was), but apparently it had to be done manually.

Once the installation is done and the new certificate is on, I will post another update.

Thank you
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 36658031
The Internet address wizard does NOT start during I etal ation. It is one of the post-installation tasks. And of course certificates are intimately tied to IIS, and RWA specifically. Finally, due to licensing, the RDS role is not visible, as that requires RDS CALs. Installing RDS via server manager will BREAK RWA, and has been covered in SBS books, the official SBS team blog, and the SBS install technet articles, including migration docs.

In short, you are actively making things worse. It is time for you to call a local SBS specialist to help you clean up and finish your server. You are in over your head.

-Cliff
0
 

Author Comment

by:Alex_McGyver
ID: 36694467
cgaliher,

with all due respect I do not understand the trouble. It has always been a pretty simple task to get everything setup in Windows Server SBS, from 2003 to 2008. I set up quite a few and they all have been working close to flawlessly since. They all feature Exchange, OWA and RWW.

Why is it all of a sudden a big deal to setup RWW on 2011 SBE??
0
Free book by J.Peter Bruzzese, Microsoft MVP

Are you using Office 365? Trying to set up email signatures but you’re struggling with transport rules and connectors? Let renowned Microsoft MVP J.Peter Bruzzese show you how in this exclusive e-book on Office 365 email signatures. Better yet, it’s free!

 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 36702322
It isn't. But you clearly went off the rails somewhere, and have been throwing attempts and random "fixes" against the wall ever since (see installing RDS, which is not necessary and BAD) and thus what WAS simple has now escalated into a real disaster recovery scenario. I don't know where things first went wrong, I wasn't there. But I know things are VERY wrong now, to the point that fixing it via EE is likely not an option. You can call MS, or an SBSC, or whoever you are comfortable dealing with. But regardless of who, I believe that at this late stage, you need a true SBS "expert" intimately familiar with the product to go in and right the ship. A couple of hours worth of work that'd be, hence outside the scope of a two or three paragraph EE response.

-Cliff
0
 

Author Comment

by:Alex_McGyver
ID: 36705140
vinsvin,

I followed your instructions to the letter (by the way great job vinsvin).

The good news is that I no longer get trasferred over to the3 IIS7 webpage; the bad news is that I get this error message: "403 - Forbidden: Access is denied.

You do not have permission to view this directory or page using the credentials that you supplied."

What do you think?
0
 

Author Comment

by:Alex_McGyver
ID: 36707559
cgaliher:

again, I respectfully disagree with you. You sound a little too drastic in your comments. The server is freshly installed and everyhting has been working smoothly the whole way. Nothing has gone wrong. Everything is up and running just fine; the only trouble I'm having is publishing teh RWW which in my opinion has something to do with a certificate (hence the ""403 - Forbidden: Access is denied" error).

I never had to call MS or an "expert" as you call them; I've always solved these kind of problems by myself and very rarely have I relied on anyone other than very few tips from EE.. It may take me a few days and a lot of research, but I will find a solution like I always do.

Thank you anyway for your help.


0
 
LVL 8

Expert Comment

by:vinsvin
ID: 36814058
Hi Alex,

That's a good news, The 4xx errors will be mostly client errors. Below is the 4xx error descreption.

400 - Bad request. The Http.sys file blocks IIS 7.0 from processing the request because of a problem in the request. Typically, this HTTP status code means that the request contains characters or sequences that are not valid or that the request contradicts the security settings in the Http.sys file.
401.1 - Logon failed. The logon attempt is unsuccessful probably because of a user name or a password that is not valid. For more information about how to resolve this problem, go to the following article number to view the article in the Microsoft Knowledge Base:
942044  Error message when you try to run a Web application that is hosted on IIS 7.0: "HTTP Error 401.1 - Not Found"
401.2 - Logon failed due to server configuration. This HTTP status code indicates a problem in the authentication configuration settings on the server. For more information about how to resolve this problem, go to the following article number to view the article in the Microsoft Knowledge Base:
942043  Error message when you try to visit a Web page that is hosted on IIS 7.0: "HTTP Error 401.2 - Unauthorized"
401.3 - Unauthorized due to ACL on resource. This HTTP status code indicates a problem in the NTFS file system permissions. This problem may occur even if the permissions are correct for the file that you are trying to access. For example, this problem occurs if the IUSR account does not have access to the C:\Winnt\System32\Inetsrv directory. For more information about how to resolve this problem, go to the following article number to view the article in the Microsoft Knowledge Base:
942042  Error message when you try to browse a Web page that is hosted on a server that is running IIS 7.0: "HTTP Error 401.3 - Unauthorized"
401.4 - Authorization failed by filter. An ISAPI filter does not let the request be processed because of an authorization problem. For more information about how to resolve this problem, click the following article number to view the article in the Microsoft Knowledge Base:
942079  Error message when you visit a Web site that is hosted on IIS 7.0: "HTTP Error 401.4 - Authorization failed by filter"
401.5 - Authorization failed by ISAPI/CGI application. An ISAPI application or a Common Gateway Interface (CGI) application does not let the request be processed because of an authorization problem. For more information about how to resolve this problem, go to the following article number to view the article in the Microsoft Knowledge Base:
942078  Error message when you visit a Web site that is hosted on a computer that is running IIS 7.0: "HTTP Error 401.5 - Authorization failed by ISAPI/CGI application"

403.1 - Execute access forbidden. The appropriate level of the Execute permission is not granted. For more information about how to resolve this problem, go to the following article number to view the article in the Microsoft Knowledge Base:
942065  Error message when you visit a Web site that is hosted on IIS 7.0: "HTTP Error 403.1 - Forbidden"
403.2 - Read access forbidden. The appropriate level of the Read permission is not granted. Verify that you have set up IIS 7.0 to grant the Read permission to the directory. Additionally, if you use a default document, verify that the default document exists. For more information about how to resolve this problem, go to the following article number to view the article in the Microsoft Knowledge Base:
942036  Error message when you visit a Web site that is hosted on IIS 7.0: "HTTP Error 403.2 - Forbidden"
403.3 - Write access forbidden. The appropriate level of the Write permission is not granted. Verify that the IIS 7.0 permissions and the NTFS file system permissions are set up to grant the Write permission to the directory. For more information about how to resolve this problem, go to the following article number to view the article in the Microsoft Knowledge Base:
942035  Error message when you visit a Web site that is hosted on IIS 7.0: "HTTP Error 403.3 – Forbidden"
0
 
LVL 8

Accepted Solution

by:
vinsvin earned 125 total points
ID: 36814066
403.8 - Site access denied. The server is configured to deny requests based on the Domain Name System (DNS) name of the client computer.

To resolve this issue, follow these steps:
In a text editor, open the ApplicationHost.config file.

The ApplicationHost.config file is in the following folder:
%SystemRoot%\system32\inetsrv\config
Locate the ipSecurity XML element.
Under the ipSecurity XML element, set the value of the allowed property of the domainName XML element for the client computer to true:
<add domainName="Client_Computer" allowed="true" />
0
 

Assisted Solution

by:Alex_McGyver
Alex_McGyver earned 0 total points
ID: 36817014
cgaliher,

as I stated in my last message, I found the solution myself, and like I had anticipated it wasn't nearly as dramatic as you made it sound: The issue was within the "IIS7-Default web site-Remote". The AppPool had switched from the original value "SBS Web Workplace AppPool" to "Remote AppPool. It took me a total of 2 hours to figure it out, so I didn't waste too much time on it and I earned myself one more bit of knowledge (plus allow me quite a bit of personal and professional satisfaction since no one else came even close to the solution).

visvin,

thank you for your detailed messages; I will accept your solution in cooperation with mine since you provided useful information instead of suggesting to thorw in the towel.
0
 

Author Closing Comment

by:Alex_McGyver
ID: 36908452
I wound up finding the solution myself, but Vinsvin helped me funnel my attention in the right direction. Good job to both of us.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip is around source server preparation. No migration is an easy migration, there is a…
Prologue It is often required to host multiple websites on a single instance of IIS, mostly in development environments instead of on production servers. I am sure it is not much a preferred solution on production servers but this is at least a pos…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now