Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Wiindows Server 2012 Anywhere Access Setup

Posted on 2015-02-02
15
Medium Priority
?
1,550 Views
Last Modified: 2015-02-02
My main issue is that in the setup router phase, the following is reported back :

 1. UPnP is not enabled on the router
      It IS enabled in the router, which is a Draytek 2830
 2. There may be more than one router on your network.
      There isn't. only one router is present.
 3. Anywhere Access to your server is blocked.
      I am assuming if i can get the uPnP working, then this will get reconfigured correctly? There are so many configuratiosn in the 2830 regarding management on port 443, and various VPN and SSL config screens, I don't know where to start. I try forwarding port 443 to the server, but it warns me that 443 is already in use by the management screen. I try and change 443 in the management screen to another number, it warns me that SSL VPN needs it to be 443.

 Can somebody please help me get past this!

 Thanks
0
Comment
Question by:j jennings
  • 8
  • 7
15 Comments
 
LVL 60

Accepted Solution

by:
Cliff Galiher earned 2000 total points
ID: 40585051
UPnP in the setup wizard *rarely* works right.
My recommendations are to disable management on the public/WAN interface. That'll free up port 443 *and* leaving it enables is begging for a brute force hack.
You also cannot use a router based SSL VPN and AA at the same time on a simple router like the Draytek. So disable that as well. Then manually configure port forwarding. AA will work. You'll get the warnings about UPnP and, depending on other equipment on your network (like some UPnP capable media devices and printers) will trigger the "maybe multiple routers" warnings. They can be ignored as long as AA starts working.
0
 

Author Comment

by:j jennings
ID: 40585142
Thanks Cliff

OK, I will try these. The WAN management is not enabled, but it still has the port numbers specified in the setup page. So i have changed 443 in the HTTPS management to port 442, and then therefore had to change the SSL VPN page to use port 442 also. There is no way of  turning off the SSL VPN setting that I can see. I am hoping this will do it. I am now able to add the port forward for port 443 to the server. The various VPN sections have all now been disabled.

However, i still cant connect to the AA site.

I am assuming I need to also forward port 80? So i have the same issue with port 80 as I did with 443. In the management section, the HTTP port is setup as port 80. I am thinking I will change this to 81 to enable me to forward 80 to the server. Do you see issues with this? I guess i can always still access the router setup page using x.x.x.x:81

Anything else I might need to do?

Thanks
0
 
LVL 60

Expert Comment

by:Cliff Galiher
ID: 40585174
You don't actually need to forward port 80 for AA. It just makes it more convenient if users forget to use https, it auto-redirects. So if you are unable to access AA via HTTPS, you still have another configuration problem with the Draytek.
0
Get quick recovery of individual SharePoint items

Free tool – Veeam Explorer for Microsoft SharePoint, enables fast, easy restores of SharePoint sites, documents, libraries and lists — all with no agents to manage and no additional licenses to buy.

 

Author Comment

by:j jennings
ID: 40585180
OK

So I've tried all the above and can confirm that AA is now working! So thank you very much.

However, I am not able to get the remote desktop to various workstations working through the AA interface.
It complains about the security certificate not being trusted and will not allow me to bypass this.

I followed a guide some time ago which I used to generate a certificate from the server itself. I've installed this and it enabled me to get past this in the setup of AA some time ago.

I can however remote desktop (ive forwarded 3389) directly from my PC to the server, and it although it again complains the certificate cannot be trusted, it allows me to ignore this and to connect anyway.

We need our users to ne able to connect to their PCs for remote working from home, via the AA site. We're only a small company with 5 people and we don't want the expense of purchasing a real certificate. We used to do this OK with our old 2003 server which this replaces. I am assuming this is going to be possible or do we need to get a *real* certificate? It doesn't matter to us that it comes up as untrusted, because we know what we're connected to.

Thanks for any further advice.
0
 
LVL 60

Expert Comment

by:Cliff Galiher
ID: 40585187
Essentials does not do the self-signed certificates like older SBS servers did. If you did nit use a Microsoft domain when you ran the internet configuration wizard and instead chose to use a custom domain, you'll need to complete the process with a valid rusted 3rd party cert. At $10/year, that is no longer considered a significant enough financial hurdle for continued support of self-signed certificates.
0
 

Author Comment

by:j jennings
ID: 40585191
OK

I did choose custom domain. Are you saying I can re-run the website configuration and choose a Microsoft domain?
How will this work? Will it link our AA to a Microsoft based URL? Is this fee paying also? Not looking to scrimp on $10, just wanting to consider options as I don't really know how this works.

Thanks for your continued advice. Much appreciated.
0
 
LVL 60

Expert Comment

by:Cliff Galiher
ID: 40585203
It does register a new record with Micosoft's domain servers and Essentials runs a dynamic DNS service to keep that record pointed at your public IP. It also requests and generates a publicly trusted certificate. No fee.
0
 

Author Comment

by:j jennings
ID: 40585209
Thanks Cliff

I will try and set that up now then. Will be back to you if I encounter any issues, or close the post accepting your answers.

Thank you very much
0
 

Author Comment

by:j jennings
ID: 40585212
Oh, it appears if I do this it may break the email access? Or at least that's what it is suggesting.

"If you do not need advanced features, such as email, you can setup a personalised domain name ..."

Our email is hosted by MS presently, we subscribe to Office 365 Small Business.
Will making this change break anything?
0
 
LVL 60

Expert Comment

by:Cliff Galiher
ID: 40585218
The O365 integration wizard does also build on th choices made in that wizard. So yes, you can break O365 integration. Given your environment, it sounds like you'll new to buy a certificate.
0
 

Author Comment

by:j jennings
ID: 40585230
Ok Thanks.

Any recommendations on a certificate provider?
0
 
LVL 60

Expert Comment

by:Cliff Galiher
ID: 40585234
I try to avoid recommending vendors. Too many conflicts of interest.
0
 

Author Comment

by:j jennings
ID: 40585239
:) well i've never looked into it so i don't know the first place to start
0
 
LVL 60

Expert Comment

by:Cliff Galiher
ID: 40585243
Google, Bing, altavista....terms like SSL certificate....
0
 

Author Comment

by:j jennings
ID: 40585250
right you are ...

thanks for your help
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
I’m willing to make a bet that your organization stores sensitive data in your Windows File Servers; files and folders that you really don’t want making it into the wrong hands.
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
Suggested Courses

577 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question