Re: VPN... very nearly there!
- From: "Dave Nickason [SBS MVP]" <gwdibble@xxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 19 Dec 2005 12:44:09 -0500
If you can connect the VPN, then log into the server using RDP, I'd say that
rules out the firewall appliance. I would try to access the LAN PC by name
rather than IP in case you're having routing issues over the VPN.
The other thing is, you should be able to get a login prompt from the
desktop PC using the remote desktop client, even if a security setting keeps
you from logging in. It seems off the top of my head that a desktop you can
access over RDP from the LAN should be equally accessible over VPN. (This
might be another argument for the name rather than IP thing).
Remote desktop has to be enabled in the Windows Firewall on the client PC -
that's something to check. You could also check the Dial-in tab of the
desktop PC's properties in AD - remote access can be blocked there as well
as in the user properties. Again it seems that if this works on the LAN and
to the server itself, it should work.
So after trying it by name rather than IP: On server, the Dial-in tab of
both the user and the desktop computer. On the LAN workstation, the Windows
Firewall exceptions (should be a check box for Remote Desktop), and the
Remote tab in the system properties.
"John" <John@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:6660AE8A-4CD1-4E5B-930F-3A477A37B8B4@xxxxxxxxxxxxxxxx
> Thanks Dave,
>
> I've now managed to logon to the SBS Server through the Remote Desktop
> however I still can't 'see' the client pcs on the LAN. I've checked their
> user settings in AD and these are OK. I haven't yet checked their Remote
> Tabs
> (I assume you do mean on the actual client pcs?) as they are elsewhere at
> the
> moment and its the middle of the night! However at least one of them
> should
> be ok as I have accessed it via Remote Desktop today - but not via a VPN
> connection.
>
> I have set the remote desktop connections to - Computer: a LAN PC IP
> address. Then Username, Password and Domain being set to the same as if a
> User was logging on locally at that PC. However as I say above, only the
> logon to the Server works.
>
> Could the NAT rule on the Solwise SAR130 router be wrong? Currently the
> 'Local address from:' and 'Local address to:' are both set to the IP
> address
> of the SBS Server. The Global address from and to are both set to 0.0.0.0.
> The desination port from and to both being 1723 for MS-VPN.
>
> Also in Routing and Remote Access mmc, under the Server snap-in the IP tab
> is set to DHCP even though the Server and all Clients on the LAN have
> static
> IP addresses. Is the correct?
>
> Naerly there. Thanks in anticiaption
>
> "Dave Nickason [SBS MVP]" wrote:
>
>> Once they connect the VPN successfully, in most respects it's as if the
>> home
>> PC was part of your office LAN. If they want to access their desktop
>> PCs,
>> have them use the Remote Desktop client. On the XP machine at home,
>> they'd
>> click Start -> Accessories -> Communications -> Remote Desktop Connection
>> (you can r-click this entry and click Pin to Start Menu to get it to a
>> more
>> convenient location). Enter the name of the office PC to connect.
>>
>> You may have to configure some permissions at the office for this to
>> work.
>> On the office desktop, see Control Panel -> System. There's a Remote tab
>> where you have to allow non-admin users remote access to the PC. There
>> are
>> also a couple of settings in AD that can block this - remote access has
>> to
>> be allowed on the Dial-in tab, and you may have to clear "Deny log on to
>> terminal server" on the TS tab (that's not the exact wording but it's
>> probably not denied anyway).
>>
>>
>> "John" <John@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:3917FD4F-02EB-4CB9-81D2-3FC4FEC07797@xxxxxxxxxxxxxxxx
>> > Trying to set up VPN; feel tantalisingly near success!
>> >
>> > The remote client runs XPHome. Have managed to create a MS-VPN link
>> > through
>> > a Solwise SAR130 Router to SBS2000 (single NIC) Server with a 5
>> > workstation
>> > LAN. The Solwise has had a NAT rule added to forward MS-VPN info to
>> > correct
>> > port (1723) and Servers' static IP address. SBS has RAS running,
>> > configured
>> > with Server as 'router' and for 'remote access'. However RAS is still
>> > set
>> > to
>> > 'DHCP' rather than idebntifying a pool of addreses, even though all
>> > clients
>> > on the LAN actually have static IPs. Each user is configred for remote
>> > access
>> > and I can log in on the VPN connection with each users Name and
>> > password.
>> >
>> > A lovely message saying that I am connected appears on the remote
>> > client
>> > PC
>> > and when looking at the Server via remote desktop the RAS MMC shows
>> > activity
>> > for which ever User is logged in. However nothing else happens; I can't
>> > 'see'
>> > anything on that users space. I was expecting to see their 'desktop'
>> > or
>> > something. Am I missing something really simple!
>> >
>> > Thanks in anticipation!
>>
>>
>>
.
- Follow-Ups:
- Re: VPN... very nearly there!
- From: John
- Re: VPN... very nearly there!
- References:
- Re: VPN... very nearly there!
- From: Dave Nickason [SBS MVP]
- Re: VPN... very nearly there!
- From: John
- Re: VPN... very nearly there!
- Prev by Date: Re: Mail taking half an hour to appear in end-user's Outlook
- Next by Date: Re: Dell server / W2K failed redundancy
- Previous by thread: Re: VPN... very nearly there!
- Next by thread: Re: VPN... very nearly there!
- Index(es):
Relevant Pages
|
