RE: ISA 2004, remote desktop issue to internal clients

Tech-Archive recommends: Fix windows errors by optimizing your registry

Hello James,

Thank you for posting.

From your post, my understanding on this issue is: You have found that VPN
clients can not remotely connect to a Windows XP Pro SP2 computer. You want
to know how to fix this. If I'm off base, please feel free to let me know.

In order to check your ISA Server configuration and diagnose the problem
further, I appreciate your help in collecting the following information:

1. This problem only occurred when VPN clients connected to only one
Windows XP Pro SP2 computer (10.0.0.64), right?
2. You can try disabling the Windows firewall on the XP SP2 computer and
test the issue again.

Network Topology Diagram
-------------------------
Please draw a network topology diagram including ISA server, client,
related servers and clarify the IP clearly.

ISA Info 2004
-----------------
1. Download the file from the following URL:
http://isatools.org/isainfo/isainfo.zip (ISA 2004)
or http://www.isatools.org and find ISAInfo for ISA 2004
2. Extract it and you will get a file named ISAInfo.js.
3. On ISA Server, double click to run ISAInfo.js and it will create two
files on desktop .xml and .log. Send two files .xlm and .log to me.

ISA MPS Report
---------------
Please download MPSRPT_Network tool from either of the two links to collect
your ISA Server configuration so that we can check and analysis further.
http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0bd9
15706/MPSRPT_Network.exe
http://www.microsoft.com/downloads/details.aspx?FamilyID=cebf3c7c-7ca5-408f-
88b7-f9c79b7306c0&DisplayLang=en

Please save the MPSRPT_Network.exe on your ISA Server and run the tool.
After it completes, on your ISA Server a CAB file will be generated in the
%systemroot%\MPSReports\Network\Reports\Cab directory called
%COMPUTERNAME%_MPSReports.CAB.. Please send the cab file to me:
v-haozou@xxxxxxxxxxxxxx

NOTE: if you observed slowness when collecting msinfo32 or network
information please wait. It won't affect your ISA Server performance.

Please let me know the information above so that I can provide further
assistance on this problem. I am looking forward to your reply.

Sincerely,
Kenxl Zou
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security

=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
Thread-Topic: ISA 2004, remote desktop issue to internal clients
thread-index: AcZPXALYlX5Kb+mRSGmYpEUJJKePKQ==
X-WBNR-Posting-Host: 69.15.137.194
From: =?Utf-8?B?SmFtZXMgV3JpZ2h0?= <CMCGroup@xxxxxxxxxxxxxx>
Subject: ISA 2004, remote desktop issue to internal clients
Date: Fri, 24 Mar 2006 08:00:03 -0800
Lines: 28
Message-ID: <B620B705-6FAF-4757-90CE-C62ADAEC5602@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
Newsgroups: microsoft.public.isa
Path: TK2MSFTNGXA01.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.isa:64122
NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
X-Tomcat-NG: microsoft.public.isa

I have a SBS 2003 server, XP Pro SP2 client (internal network), and ISA
2004
(acting as VPN and firewall) with a T1 for the WAN interface.

My issue:
Domain Users and Domains Admins CAN while VPNed in:
Open a remote desktop session (RDP 3389) with the SBS 2003 box just fine.
10.0.0.251

BUT-
Domain Users and Domain Admins cannot open a RD session with a XP Pro SP2
box on the internal network. Domain Users and Domain Admins can get to
this
computer just fine when connected to the LAN (just not with VPN).
10.0.0.64

Things I've already done:
Remote Desktop is enabled on my XP Pro client
Both the above user groups are added for permissions
Tried to connect to both host and IP address
Tried adding the client IP to the host file

I check the logs on the ISA 2004 server, and I see the VPN client session
initiates a connection for RDP 3389 with the IP address of the XP Pro box.
But, it will just time out and close the connection. I don't see any
traffic
logs that point to a rule denying the service.

Why won't RD work?

-James Wright


.

Relevant Pages

  • Re: Isaserver 2004 and FTP
    ... Is the ISA server also the ftp server and you are accessing it from a remote ... remote client? ...
    (microsoft.public.isaserver)
  • RE: ISA2004 client firewall slow webpage loading
    ... have you configured this new client as web proxy client? ... configure ISA server as your Proxy ... stop the Microsoft Firewall service. ...
    (microsoft.public.windows.server.sbs)
  • Re: Cisco Client Cannot Connect Outbound
    ... ISA Server 2004 supports a more secure way of communication ... between the Firewall client and ISA Server. ... the protocol definition for the third party VPN access. ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: Outbound VPN
    ... Your SBS client cannot establish PPTP VPN through ISA 2004. ... Chapter 6: ISA Server 2004 VPN Deployment Kit: Configuring the ISA Server ... 2004 Firewall for Outbound PPTP and L2TP/IPSec Access ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN Clients und VPN Zugriffe auf Notebooks
    ... In dem KB Artikel ist ein Dokument ... installing the firewall client on the VPN client machine. ... client will forward requests directly to the ISA Server firewall's internal ...
    (microsoft.public.de.german.isaserver)