j jennings
asked on
Wiindows Server 2012 Anywhere Access Setup
My main issue is that in the setup router phase, the following is reported back :
1. UPnP is not enabled on the router
It IS enabled in the router, which is a Draytek 2830
2. There may be more than one router on your network.
There isn't. only one router is present.
3. Anywhere Access to your server is blocked.
I am assuming if i can get the uPnP working, then this will get reconfigured correctly? There are so many configuratiosn in the 2830 regarding management on port 443, and various VPN and SSL config screens, I don't know where to start. I try forwarding port 443 to the server, but it warns me that 443 is already in use by the management screen. I try and change 443 in the management screen to another number, it warns me that SSL VPN needs it to be 443.
Can somebody please help me get past this!
Thanks
1. UPnP is not enabled on the router
It IS enabled in the router, which is a Draytek 2830
2. There may be more than one router on your network.
There isn't. only one router is present.
3. Anywhere Access to your server is blocked.
I am assuming if i can get the uPnP working, then this will get reconfigured correctly? There are so many configuratiosn in the 2830 regarding management on port 443, and various VPN and SSL config screens, I don't know where to start. I try forwarding port 443 to the server, but it warns me that 443 is already in use by the management screen. I try and change 443 in the management screen to another number, it warns me that SSL VPN needs it to be 443.
Can somebody please help me get past this!
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You don't actually need to forward port 80 for AA. It just makes it more convenient if users forget to use https, it auto-redirects. So if you are unable to access AA via HTTPS, you still have another configuration problem with the Draytek.
ASKER
OK
So I've tried all the above and can confirm that AA is now working! So thank you very much.
However, I am not able to get the remote desktop to various workstations working through the AA interface.
It complains about the security certificate not being trusted and will not allow me to bypass this.
I followed a guide some time ago which I used to generate a certificate from the server itself. I've installed this and it enabled me to get past this in the setup of AA some time ago.
I can however remote desktop (ive forwarded 3389) directly from my PC to the server, and it although it again complains the certificate cannot be trusted, it allows me to ignore this and to connect anyway.
We need our users to ne able to connect to their PCs for remote working from home, via the AA site. We're only a small company with 5 people and we don't want the expense of purchasing a real certificate. We used to do this OK with our old 2003 server which this replaces. I am assuming this is going to be possible or do we need to get a *real* certificate? It doesn't matter to us that it comes up as untrusted, because we know what we're connected to.
Thanks for any further advice.
So I've tried all the above and can confirm that AA is now working! So thank you very much.
However, I am not able to get the remote desktop to various workstations working through the AA interface.
It complains about the security certificate not being trusted and will not allow me to bypass this.
I followed a guide some time ago which I used to generate a certificate from the server itself. I've installed this and it enabled me to get past this in the setup of AA some time ago.
I can however remote desktop (ive forwarded 3389) directly from my PC to the server, and it although it again complains the certificate cannot be trusted, it allows me to ignore this and to connect anyway.
We need our users to ne able to connect to their PCs for remote working from home, via the AA site. We're only a small company with 5 people and we don't want the expense of purchasing a real certificate. We used to do this OK with our old 2003 server which this replaces. I am assuming this is going to be possible or do we need to get a *real* certificate? It doesn't matter to us that it comes up as untrusted, because we know what we're connected to.
Thanks for any further advice.
Essentials does not do the self-signed certificates like older SBS servers did. If you did nit use a Microsoft domain when you ran the internet configuration wizard and instead chose to use a custom domain, you'll need to complete the process with a valid rusted 3rd party cert. At $10/year, that is no longer considered a significant enough financial hurdle for continued support of self-signed certificates.
ASKER
OK
I did choose custom domain. Are you saying I can re-run the website configuration and choose a Microsoft domain?
How will this work? Will it link our AA to a Microsoft based URL? Is this fee paying also? Not looking to scrimp on $10, just wanting to consider options as I don't really know how this works.
Thanks for your continued advice. Much appreciated.
I did choose custom domain. Are you saying I can re-run the website configuration and choose a Microsoft domain?
How will this work? Will it link our AA to a Microsoft based URL? Is this fee paying also? Not looking to scrimp on $10, just wanting to consider options as I don't really know how this works.
Thanks for your continued advice. Much appreciated.
It does register a new record with Micosoft's domain servers and Essentials runs a dynamic DNS service to keep that record pointed at your public IP. It also requests and generates a publicly trusted certificate. No fee.
ASKER
Thanks Cliff
I will try and set that up now then. Will be back to you if I encounter any issues, or close the post accepting your answers.
Thank you very much
I will try and set that up now then. Will be back to you if I encounter any issues, or close the post accepting your answers.
Thank you very much
ASKER
Oh, it appears if I do this it may break the email access? Or at least that's what it is suggesting.
"If you do not need advanced features, such as email, you can setup a personalised domain name ..."
Our email is hosted by MS presently, we subscribe to Office 365 Small Business.
Will making this change break anything?
"If you do not need advanced features, such as email, you can setup a personalised domain name ..."
Our email is hosted by MS presently, we subscribe to Office 365 Small Business.
Will making this change break anything?
The O365 integration wizard does also build on th choices made in that wizard. So yes, you can break O365 integration. Given your environment, it sounds like you'll new to buy a certificate.
ASKER
Ok Thanks.
Any recommendations on a certificate provider?
Any recommendations on a certificate provider?
I try to avoid recommending vendors. Too many conflicts of interest.
ASKER
:) well i've never looked into it so i don't know the first place to start
Google, Bing, altavista....terms like SSL certificate....
ASKER
right you are ...
thanks for your help
thanks for your help
ASKER
OK, I will try these. The WAN management is not enabled, but it still has the port numbers specified in the setup page. So i have changed 443 in the HTTPS management to port 442, and then therefore had to change the SSL VPN page to use port 442 also. There is no way of turning off the SSL VPN setting that I can see. I am hoping this will do it. I am now able to add the port forward for port 443 to the server. The various VPN sections have all now been disabled.
However, i still cant connect to the AA site.
I am assuming I need to also forward port 80? So i have the same issue with port 80 as I did with 443. In the management section, the HTTP port is setup as port 80. I am thinking I will change this to 81 to enable me to forward 80 to the server. Do you see issues with this? I guess i can always still access the router setup page using x.x.x.x:81
Anything else I might need to do?
Thanks