How to allow users access their desktops remotely from home through SBS 2003

I have a small business customer with approximately 20 users on an SBS 2003 server. They now want to be able to connect to their individual desktops from their home computers. Can somebody point me to specific instructions on how to set that up or provide step by step instructions here? I currently access those desktops through LogMeIn, but they are on my account. It is my understanding that SBS 2003 provides the ablity for them to do what they want, but I have no experience with setting it up. I am somewhat familiar with SBS 2003. They have a static IP address through Comcast Business Class service with a 5 IP range. They also have a domain name/website hosted by a third party which is also the same name as the local domain on the SBS 2003 server.
Where do I start?
Thank you for any help you can provide.
CraigPresidentAsked:
Who is Participating?
 
Rob WilliamsCommented:
I trust the local domain is YourDomain.local as it should be and not something like YourDomain.com?
I have outlined in a blog how to set up Remote Web Workplace for users:
http://www.lan-2-wan.com/SBS-RWW-inst.htm
0
 
CraigPresidentAuthor Commented:
RobWill,

Thank you for the reply. Yes, local domain is mydomain.local. I will check out your blog and get back to you after I give it a try.
0
 
CraigPresidentAuthor Commented:
RobWill,

I had a chance to read and start to follow your blog, however I have encountered a problem.
When I run the "Internet and Email" wizard, there is no page for "Web Services Configuration".
My wizard runs as follows:
Page 1. Connection type: I have selected "Broadband"
Page 2. Direct Broadband Connection
Page 3. Network Connection: I have 2 NICS and the top section for ISP shows "Network Connection" with an IP of 10.1.10.10 DHCP and the lower section is "Local Area Connection" with an IP of 192.168.1.103.
Page 4. Shows ISP info of 10.1.10.1 for IP and Gateway and lists 2 DNS servers
Page 5. Shows Firewall and has "Do not change firewall settings" checked. I believe the firewall is turned off because of the Comcast Business Router.
Page 6. Shows email as "do not change email" checked. I believe they have email turned off as they don't use internal Exchange server.
Page 7. This is the finish page and it applies the previous settings.

So where am I supposed to see the "Web Services Configuration" page?

Thank you.
0
Live Q & A: Securing Your Wi-Fi for Summer Travel

Traveling this summer? Join us on June 18, 2018 for a live stream to learn about the importance of Wi-Fi security and 3 easy measures you can start taking immediately to protect your private data while using public Wi-Fi. Follow us today to learn more!

 
Rob WilliamsCommented:
Selecting "Direct Broadband connection" i believe will disable the other options. If "A local router device with an IP address" is selected the options should be present with the assumption that you have control of the router and can forward ports from the router to the SBS.
I assume you have a combined modem/router between the SBS and the Internet. Do you have control of the unit and can you set up port forwarding?
0
 
CraigPresidentAuthor Commented:
Yes they have an SMC Cable modem/router (Comcast Business Gateway) and I do have access to the user interface to forward ports. I will change the selection and see what happens and get back to you.
0
 
CraigPresidentAuthor Commented:
Robwill,

Sorry, I was not able to get back to this project until this weekend. I am trying to do this now and there are many more steps in the wizrd than what are explained on your blog.
After changing the connection type from "direct broadband" to "local router with IP address" then the next page asks for DNS servers (fields are already populated) and the Local IP of the router which I believe is 10.1.10.100 or do they mean the Gateway IP of 10.1.10.1?

Then the next page asks for the IP for the "network connection". Do I uses DHCP on the router manually enter something? If I select DHCP. the next page shows the IP of the SMC router and the gateway as the 10.1.10.1.

The next page is the firewall setting which I leave checked and then the next page is "additional services" like email, ftp, vpn, terminal services which are all checked.

On the next page I check the box for Remote Web Workplace and when I try to get to next page I get a warning about "dynamically assigned IP and needing my ISP to be able to support dynamic DNS. Shouldn't I be puttting my STATIC IP address in some where? If I continue with the dynamic IP, then the next page is asking for a security certificate from local or a certificate based on a webserver from the ISP? I don't have any certificate that I am aware of.
I don't know what pages are next becuase without a certificate I can't move forward.

Also, the link on your blog for port forwarding does not show any of the newer SMC business class routers provided by Comcast. Mine is a SMC8014.
I hope you are around and can help me with these steps.

Thank you,

Craig

0
 
Rob WilliamsCommented:
Hi craigceg. Actually most of the CEICW wizard configuration would already be done on a typical SBS and you just need to check the RWW option to complete it. If none of the following is configured I assume you do not use Exchange?
However glad to help if I can.

>>"next page asks for DNS servers (fields are already populated)"
This would be the ISP's DNS servers, verify they are correct

>>" and the Local IP of the router which I believe is 10.1.10.100 or do they mean the Gateway IP of 10.1.10.1?"
This should be the IP of your local gateway, your router.

>>” Then the next page asks for the IP for the "network connection". Do I uses DHCP on the router manually enter something? If I select DHCP. the next page shows the IP of the SMC router and the gateway as the 10.1.10.1.”
I assume you have 2 network adapters, which is fine. If so this ideally is a public static IP assigned by your ISP. If not then it can be a DHCP public IP or fixed private IP in the same subnet as the router. I would assume this is already configured.
If the server or router receives a Dynamic IP you are also going to need a DDNS service so that you can access the server from the Internet. I have a more detailed blog on that. It referes to 2008/2011 but the process is the same:    http://blog.lan-tech.ca/2011/10/30/using-ddns-services-with-sbs-20082011/


As for port forwarding, assuming your server does not have a public IP, please see the following link starting on page 15
http://www.smc.com/files/AA/MN_SMC8014-BIZ.pdf
0
 
CraigPresidentAuthor Commented:
Robwill,

Correct, we do not use Exchange. Yes we have two NICs. One is for local area network and DHCP through server (192.168.1.103) as gateway fixed IP. The other card is to the router at 10.1.10.100 IP and 10.1.10.1 gateway.
The main static IP is provided by Comcast and I assume it is a public IP. This IP does not appear in the router or the server, it is just listed on the paper provided by Comcast. Nothing is previously configured for the static IP as far as I know. I can ping the static IP that was provided by Comcast.
I have the manual for the SMC8014 and have been on the port forwarding page. Do I forward ports 3389, 443 and 4125 to the server 192.168.1.103 IP?
What about the certificate question?
0
 
Rob WilliamsCommented:
>>"The other card is to the router at 10.1.10.100 IP and 10.1.10.1 gateway."
That is fine

>>"Do I forward ports 3389, 443 and 4125 to the server 192.168.1.103 IP?"
No to the WAN IP of the server 10.1.10.x and you forward ports 443 and 4125 for RWW. 3389 is not needed and less secure.

If on the web server certificate page you select "create a new web certificate" and for a name use YourSBSname.YourPublicDomainName.abc or use the public static IP, the server will generate a certificate. When users connect they will get a certificate error message but they can ignore that and continue. Alternatively you can install that certificate on their PC's or you can buy a 3rd party certificate so that no instalation is necessary.
0
 
CraigPresidentAuthor Commented:
I am very confused. I tried setting as you point out and when I go to my static IP through the browser I get the Interface to the SMC router and not my remote web workplace or a desktop.

I am still unsure of which IP's I put in which field in the wizard.
After selecting "my server uses: A local router device with an IP address" the next page is populated wih the two predefind DNS servers provided by Comcast: 68.87.71.226 and 68.87.73.242

The third is blank for "Local IP of the Router" where I have put the 10.1.10.1 whch is the gateway IP of the SMC box. I have tried both thtat IP and the 10.1.10.100 which s the IP of the SMC box.

The next page is titled "Network Connection" and the choices are "Obtain IP address automatically from DHCP (which is turned on in the SMC router) or "use the following" which I had checked but this is where I am not sure what IP to put for IP and subnet. The gateway is grayed out as I believe it uses the IP from the previous page.

The next summary page shows:
ISP Network Connection an IP of 10.1.10.100 and subnet of 255.255.255.0 on the top section and
Local area connection as 192.168.1.103 and subnet of  255.255.255.0

The next page I enable firewall. The next page has all 4 services checkd (Email, VPN, Terminal service and FTP.

On the next page I have checked enabled "Remote Web Workplace".

The next page is the certficate which I have created as "companyserver.mydomainname.org.

The next is marked "Do Not change Internet Email settings".

Then the wizard finishes and I lose connectivity to the internet

Then I go to the port forwarding in the router and forward both ports to 10.1.10.100 and then I can no longer ping my static IP.

I still do't understand where my satic IP address comes in to the wizard if it is supposed to.
0
 
Rob WilliamsCommented:
>>"when I go to my static IP through the browser I get the Interface to the SMC router and not my remote web workplace or a desktop"
You cannot access the public IP from your local network. It is called hair-pinning, and most routers do not support that. You need to do so from off site.
While on site you can access internally with  http://SBSname/remote

Before going any further with the configuration we should confirm the physical hardware in place. I noticed in some of your other posts mention of Sonicwall and Linksys routers. What is in place between the SBS and the Internet? Just the SMC8014? And, is this acting as a modem and a router/firewall? Is there anything else present?

0
 
CraigPresidentAuthor Commented:
There is no Sonicwall.
The only thing between the SBS and the Internet is the SMC8014.
The Linksys wireless router has a static reservation from the SBS DHCP and is connected through a Linksys SR24 switch.

I am able to connect now using the http://SBSname/remote address.
I am going to leave the location and try it from offsite.

I will wait a few minutes for your response before leaving.

Thank you again for your help, I really appreciate it.

0
 
CraigPresidentAuthor Commented:
The SMC8014 acts as a modem and firewall. On the firewall page of the roouter, the box is checked for "Disable Firewall for True Static IP Subnet Only".
I believe the SBS firewall is also active.
0
 
Rob WilliamsCommented:
The CEICW (Configure e-mail and Internet connection wizard) is the single most important configuration tool of SBS. The wizard configures; NIC addressing, routing, DNS, AD, remote services like RWW, OWA, and much more. It should have been run and properly configured when the server was originally set up. Running it now, all of the proper entries should already be present such that you just have to select any options you want to enable. If you are not familiar with networking and/or not comfortable with this you should have an SBS technician look after it for you. It is very important if you are managing an SBS you have a thorough understanding of the wizard. You seem to be confusing router options with server options.  It cannot be explained in 4 or 5 lines so at this point it might be best if you review the following Microsoft summary before we continue:
http://support.microsoft.com/kb/825763

Based on your previous posts I am assuming you have:
Internet => [static public IP (does not start with 10) = SMC8014 = LAN IP of 10.1.10.1] => [WAN IP 10.1.10.100 = SBS = LAN IP 192.168.1.103 ] => switch => client PC’s
0
 
CraigPresidentAuthor Commented:
I have some basic knowledge of networking and am comfortable with making these changes. The server was originally setup years ago with a DSL modem connection and router and no remote access for the users. They recently switched to Comcast Business class cable service. Comcast came and replaced the DSL modem and separate router setup with the SMC8014 and the users still had Internet access. After the initial Comcast install they ordered the static IP block but Comcast did not come out and set it up to use those static IP's. The idea was that with the static IP the users would be able to access their desktops from home and at some point in the future maybe host their website internally.
The public static IP I was given does not appear anywhere in the SMC8014 or the SBS box.
Here are some pictures of how it stands right now:
 SBS Ipconfig settings SMC Firewall SMC Lan   SMC Ports
0
 
Rob WilliamsCommented:
You seem to have it set up correctly as I can connect to your server using RWW without any problem using http://IPaddress/remote where the IP address is the "WAN Internet IP addrress" in your SMC8014-Network.jpg snapshot
As mentioned you will get a certificate warning which you have to choose to ignore by choosing Continue to this website (not recommended).
0
 
Rob WilliamsCommented:
Sorry above http://IPaddress/remote should read https://IPaddress/remote
0
 
CraigPresidentAuthor Commented:
That is interesting because the public static IP they gave me on the paper is not the same as the IP shown in the network.jpg. That appears to have been my problem all along.

I have logged in using the IP and am presented with a choice of servers or clients to connect to. However, some of the clients and the server return the error "connectivity to the remote computer could not be established. Please make sure it is turned on and connected to the network". I know the server is turned on because I am connected through logmein right now. Is there a setting that needs to be enabled on the clients and server to complete the connection?

Also, is there a way to remove the pictures I posted earlier?
0
 
Rob WilliamsCommented:
It may be that they assigned you a static IP, but if you or they didn't configure the router to use it, it would probably get a dynamic IP. Dynamic is fine, but if using one you have to set up a DDNS service in the event it changes:
http://blog.lan-tech.ca/2011/10/30/using-ddns-services-with-sbs-20082011/

>>"some of the clients and the server return the error "connectivity to the remote computer could not be established. "
If the devices were joined to the domain properly using the  http://SBSname/connectcomputer access is automatic. If not, on the device to which you are trying to connect make sure remote desktop access is enabled, and that the user is added to the remote desktop user's group of that machine. 3rd party firewalls can play havoc with access as well.

>>"Also, is there a way to remove the pictures I posted earlier? "
Yes. Just click the request attention link and request that. There is no immediate panic or huge securty risk, but having it posted long term ups the odds of people "knocking on your door" all the time. (trying to gain access).

By the way you mentioned "After selecting "my server uses: A local router device with an IP address" the next page is populated wih the two predefind DNS servers provided by Comcast: 68.87.71.226 and 68.87.73.242". These DNS servers differ from those shown in the network.jpg. You should verify which is correct.
0
 
CraigPresidentAuthor Commented:
I believe the clients were setup using "connectcomputer" but will check out and make sure remote desktop is enabled. All the users do show in the remote desktop user's group.

The different DNS servers are in the LAN.jpg above and were set by Comcast. I agree that they are different. It doesn't seem to have affected anything as addresses seem to be resolving correctly.

How would I configure the SMC8014 to utilize the purchased static IP to avoid the DDNS service which is what I was trying to ask in my original post?

Thank you for the info on removing the pictures.
0
 
Rob WilliamsCommented:
>>"How would I configure the SMC8014 to utilize the purchased static IP "
I am afraid I am not familiar with your unit. Normally the WAN/Internet interface had 3 options Dynamic, Static, and PPPoE. You select the appropriate option and you can then configure the static IP. I looked through the on-line manual and there was no mention of it. However I did come across the following link which may help. You may have to contact the ISP if you cannot locate the option.
0
 
CraigPresidentAuthor Commented:
I just noticed another weird situation involving the static IP. I am going through the client on my logmein account and some of the client computers are showing the IP address that I was given on the paper and mostof the clients are showing the WAN IP shown above in the pciture. Seems really strange. I'm not sure why some would show the new unused IP as their IP address.

There was no link in your last post, but I will contact Comcast and ask them about the static IP.
Thank you again for all your help. At least some of the users can now connect remotely so I am on the right track.
0
 
Rob WilliamsCommented:
Sorry:  http://atlantatechpro.com/howtos/howtosnetworking/smc8014/79-smc8014singlestaticip

No chance you have:

                                              |=> some PC's
internet => SMC => switch =>|
                                              |=> SBS => switch => some PC's

instead of

internet => SMC => SBS => switch => all PC's
0
 
CraigPresidentAuthor Commented:
Thank you for the link.

No chance on the setup.

The Internet => SMC => SBS on the one NIC, single cat5 from SMC to NIC-1 on SBS.

SBS => switch => all PC's, single cat5 on NIC-2 to switch
0
 
Rob WilliamsCommented:
So you are saying if you connect from off site with logmein directly to a PC you get one public IP and another PC a different public IP? Very odd unless you have 2 routers set up.
However I am surprised you can even connect to a PC with LogMeIn since you have to "go through the server". Must say I have never tried though.
Sounds a little odd as if you have to side-by-side networks which may contribute to the RWW issue.
Can you access the problematic PC's by trying to connect from the SBS to them using remote desktop?
0
 
CraigPresidentAuthor Commented:
Yes, I have the logmein free client on each of the PC's and several of them have the public IP on my paper, but most of them have the IP listed in the picture above. These two different IPS are shown on the inividual compuers in my logmein account. I haven't actually checked them through something like www.whatismyip.com, but I will. There is definately no other router except the wireless and nothing is currently connected to it. I agree it is very odd.

I was able to login to the server with logmein and "allow remote connections" was not turned on. I turned it on and was able to connect through RWW. So I am going to do the same check with other clients that are not currently accesible through RWW.

I will try to RDC from SBS to any clients that I can't access after allowing remote connections in "my computer" on the XP clients.

Thank you for sticking with me on this. You have been a tremendous help.
0
 
Rob WilliamsCommented:
Glad to help. If you enable remote desktop and RWW works, no neeed to test from SBS, that was just a troubleshooting step.
0
 
CraigPresidentAuthor Commented:
Whatever I did on the server made the RWW not work. Now I get an error saying "you are not authorized to view this page" after click through the certificate warning.

I am trying to undo what I did as far as enabling 'allow remote connections" on my computer and see if that will allow it to work again.
0
 
Rob WilliamsCommented:
Are you sure in your browser you haven't change the address somehow? That error indicates the page is not available (i.e. non-existent). It still works from here.
https://IPaddress/remote  As an example if you used something like https://IPaddress/remote2 you would get that error.
0
 
CraigPresidentAuthor Commented:
Yes, my bad. I'm getting tired. I forgot to type the /remote...
0
 
Rob WilliamsCommented:
:-)  Been there, done that.
0
 
CraigPresidentAuthor Commented:
Rob, thank you again for all your help!
0
 
Rob WilliamsCommented:
You're very welcome. Thanks craigceg.
Cheers!
--Rob
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.