Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1984
  • Last Modified:

Netgear Modem/Router Preventing SBS RDP

The firewall on the system was replaced. It used to be a Linksys and now it's a Netgear router/modem combo. Netgear Versalink Model B90-755025-15

Now I can't remote to the RDS server using Remote Desktop from outside the office and OWA is not working.

The RDS server is 192.168.1.79 and under Port Forwarding I have RDP, https, vnc, http all forwarding to 192.168.1.79
0
mrmyth
Asked:
mrmyth
  • 8
  • 8
  • 2
2 Solutions
 
Rob WilliamsCommented:
Currently there is only one device between the Internet and the SBS, the Netgear?
Did the public IP change?
0
 
mrmythAuthor Commented:
yes only one device, the server is plugged directly into the modem/router and the static ip is the same
0
 
Rob WilliamsCommented:
Though RDP should work, OWA, RWA, and Sharepoint will not work if remote management is enabled on the router on port 443.  Might that be the case?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
PerarduaadastraCommented:
Are you using SBS 2003 or SBS 2008/2011?

If the former, are you using the MS-recommended dual-NIC setup? The fact that you have the server directly connected to the Netgear device suggests that this is the case.

Do you still have access to the old Linksys device? If so, the easiest way to discover the settings that worked would be to connect to it and print off its configuration pages.

If not, then is the server listening on the standard port 3389? Many admins change the RDP listening port as a matter of course to make attacks that little bit more inconvenient for the hackers. If you're not sure whether this has been changed, you can discover which port is being used by opening regedit and navigating to:

HKLM\System\CurrentControlSet\Control\Terminal Server\Winstations\RDP-Tcp

In the right pane, scroll down to PortNumber and look in the Data column; the number in brackets is the RDP listening port in decimal. You can change it to any valid value, but obviously avoid port numbers that are commonly used by well-known services and applications. Be aware that you will have to reboot the server to implement this change.

Even if it is the default value, has that port been opened in the Netgear? Whatever the port number is, the Netgear has to be told to let traffic on it through, and to direct it to the SBS server. You can also configure your LOB server with a different port number and set up the Netgear to forward RDP traffic to it, so that you can access either server remotely.

If you get the Netgear login page when you try to access any of the services RobWill mentioned, his surmise is correct, and you will need to configure the Netgear to listen for its HTTPS management traffic on a different port.

Hope this helps.
0
 
mrmythAuthor Commented:
Thanks for the explanation. I checked the reg key and the port is 3389 for RDP. I do have that Port forwarding on the Netgear to the proper server IP address for the server. I can't look at the old Linksys because it totally died.

I don't believe we're using the SBS with the two nic cards. I think it's just sitting on the network like any client computer would be on the network with just the one ethernet cable going to the machine.
0
 
Rob WilliamsCommented:
You can test the port forwarding by accessing from the server  http://www.canyouseeme.org  though I suspect that will show failed.
0
 
PerarduaadastraCommented:
When you replaced the router, did you re-run the Configure E-Mail and Internet Connection Wizard? If not, do so, and then if necessary add the required port forwarding for RDP manually.
0
 
mrmythAuthor Commented:
canyouseeme.org says it can see my service on port 3389

and

i didnt rerun the configure email and internet connection wizard when the router was replaced
0
 
Rob WilliamsCommented:
Which version of SBS?  I agree that especially with SBS re-running the CEICW is imperative after a router replacement even if nothing is change when running it.
0
 
mrmythAuthor Commented:
2003
0
 
Rob WilliamsCommented:
Sorry last post should have read; "I agree that especially with SBS 2003 re-running the CEICW........"
0
 
mrmythAuthor Commented:
when I ran the wizard I got an error that said "The wizard xannot set the DHCP scope options. Ensure that the DHCP server service is running amd that a scope is defined. Alternatively, disable the DHCP service manuall, ablnd thenconfigure your client computer IP address properties. Foe more information about manually configurong client computers, see help and support."

the dhcp is currently being run by the router as it was before.
0
 
Rob WilliamsCommented:
Though it is possible to use the router as the DHCP server it is not advised and if DNS does not update properly RDP and remote services will not work.  I recommend disabling DHCP on the router , enable on the SBS, run the CEICW, and reboot the PC's.
You should also check all host entries in the DNS management console to verify they are still correct, if not delete them, and on the SBS run   ipconfig  /flushdns
0
 
mrmythAuthor Commented:
rdp now is working! i didnt change the DHCP settings because I'm working remotely.

owa isnt working yet i may have the web adress wrong what  should it be?
0
 
Rob WilliamsCommented:
It can be most anything/Exchange,  the default is https://SBSname.YourDomain.abc/Exchange.

As mentioned it will not work if remote https management of the router is enabled on port 443.
0
 
mrmythAuthor Commented:
It is all working now.

email is at https://DOMAIN.com/exchange

and the rdp is working fine. it seems to have started working when I ran the CEICW wizard or maybe it was when I ran the remote access wizard, (that seems to be for VPN), I guess. The CEICW wizard didn't seem to run because it asked me to put the DHCP on the server, but it still may have done something.
0
 
mrmythAuthor Commented:
thanks!
0
 
Rob WilliamsCommented:
If the CEICW completed, even with DHCP errors, it would have made the necessary changes.  It is still best to change and make the DHCP server the SBS.  It is critical for server access that the SBS be assigned as the ONLY DNS server, the WINS server, and the domain suffix be added to all clients.  Though the router's DHCP can usually be configured to to this, it seldom is.  Also if the SBS is the DHCP server it assures DNS is properly updated and clients with new DHCP leases are properly registered.

Good to hear it is working.
Thanks mrmyth.
Cheers!
--Rob
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 8
  • 8
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now