Re: Remote web workplace won't work

From: Les Connor [SBS Community Member - SBS MVP] (les.connor_at_DEL.cfive.ca)
Date: 02/20/05 

Date: Sat, 19 Feb 2005 21:29:06 -0600

Joe,

Opening the ports isn't the right approach. Specifically, you need only PPTP
passthrough, which by definition is port 1723 and GRE, which aka protocol
47.

There have been lots of issues, primarily with linksys routers, not doing
the PPTP passthrough.

The bottom line is this:

Try a VPN connection from a lan client to the SBS, if it succeeds, then your
VPN configuration on the SBS is fine, and the problem is elsewhere.

If youi are substituting one linksys for another linksys, then perhaps try a
different brand that is less prone to VPN passthrough issues. Or, as a test,
remove the router (in a two nic SBS configuration). 

-- 
Les Connor [SBS Community Member - SBS MVP]
-----------------------------------------------------------
SBS Rocks !
"Joe" <Joe@discussions.microsoft.com> wrote in message 
news:A151A1FF-A44F-4C60-A6C9-981E8B8935B6@microsoft.com...
>I have now tried yet another router. and on it I again opened ports 20 thru
> 5000 just to be sure. (this is a shop test bed server. If I get hacked I 
> will
> just reload it).
> Same problem. Works inside the lan but not thru the router.
>
> "Marina Roos [SBS-MVP]" wrote:
>
>> Hi Joe,
>>
>> If it is working inside your network, you will have to check the router
>> again. Make sure it is forwarding port 4125 to your external nic IP. What 
>> is
>> the exact errormessage?
>>
>> -- 
>> Regards,
>>
>> Marina
>> Microsoft SBS-MVP
>> One of the Magical M&M's
>>
>> "Joe" <Joe@discussions.microsoft.com> schreef in bericht
>> news:2B601971-935C-43F1-90A1-3B94835C277C@microsoft.com...
>> > Yes, the public IPs are in all the sets. I turned on ports 20 to 5000 
>> > as a
>> > test to try to eliminate the gatway setup as a problem.
>> >
>> > My problem appears to be  the way ISA handles an incoming packet from 
>> > the
>> > "gateway router".
>> >
>> > If you are on the inside network or the "WAN" side of SBS, NOT comming 
>> > in
>> > through the router from the internet everything works great. If I am on 
>> > a
>> > local network computer in the same network segment as the SBS's 
>> > external
>> NIC
>> > and I type https://IP of SBS/remote I get the certificate screen and 
>> > when
>> I
>> > click yes I get the RWW log on screen.
>> >
>> > When comming in trrough the Router from the ethernet the router routes
>> > trrough to SBS and I get the same certificate screen but when I click
>> "yes"
>> > it denys me entry to the logon screen.
>> >
>> > When I use VPN from the ethernet it work great. I can log in and run a
>> > terminal server adminsession.
>> >
>> > "Marina Roos [SBS-MVP]" wrote:
>> >
>> > > Hi Joe,
>> > >
>> > > Did you fill in your public IP in the webcertificate during CEICW? 
>> > > Can
>> you
>> > > check in ISA, Destination sets, if that public IP is in all those 
>> > > sets?
>> > > And what is that about forwarding a range from 20 - 5000???? You only
>> need
>> > > 25 for SMTP, 443, 444 for Companyweb, 1723 for VPN, 4125 for RWW and
>> 3389
>> > > for TS. Do not forward ports you don't need.
>> > >
>> > > -- 
>> > > Regards,
>> > >
>> > > Marina
>> > > Microsoft SBS-MVP
>> > > One of the Magical M&M's
>> > >
>> > > "Joe" <Joe@discussions.microsoft.com> schreef in bericht
>> > > news:C3129170-BDF9-498E-84C5-3DB4AE0040C7@microsoft.com...
>> > > > I said ISA server might be the problem but wouldn't it stop me from
>> doing
>> > > a
>> > > > remote connect via VPN ? Isn't web proxy perhaps the problem? By 
>> > > > the
>> way I
>> > > > forgot to tell you this is the premium package in both cases.
>> > > >
>> > > > "Marina Roos [SBS-MVP]" wrote:
>> > > >
>> > > > > Hi Joe,
>> > > > >
>> > > > > From inside the network you would use servername/remote, from
>> outside
>> > > > > https://ip/remote. Did you forward port 443 and 4125 from the 
>> > > > > router
>> to
>> > > the
>> > > > > external nic IP? Do you have Standard or Premium? What is the 
>> > > > > exact
>> > > error
>> > > > > message?
>> > > > >
>> > > > > -- 
>> > > > > Regards,
>> > > > >
>> > > > > Marina
>> > > > > Microsoft SBS-MVP
>> > > > > One of the Magical M&M's
>> > > > >
>> > > > > "Joe" <Joe@discussions.microsoft.com> schreef in bericht
>> > > > > news:698E5FD9-D536-4D9E-856B-F014F6A4AA67@microsoft.com...
>> > > > > > I'm back with 1/2 of the same question!
>> > > > > >
>> > > > > > So far I'm not using a FQDN. I am just using the fixed IP 
>> > > > > > address
>> IE.
>> > > > > > https://.xxx.xxx.xxx.xxx/remote to connect. I use this when the
>> > > customer
>> > > > > has
>> > > > > > his web and mail server at the ISP and does not want/need 
>> > > > > > another
>> > > FDQN.
>> > > > > > Meanwhile on the SBS site I use the .local as per microsofts
>> > > suggestion.
>> > > > > >
>> > > > > > When I said it was working in my last reply I was inside the
>> network
>> > > where
>> > > > > I
>> > > > > > used the inside server ip address in
>> https://.xxx.xxx.xxx.xxx/remote.
>> > > > > Worked
>> > > > > > great. Now I'm home and its the same thing all over. The
>> certificate
>> > > comes
>> > > > > up
>> > > > > > but I'm denied access to the web page. Remote vpn connection 
>> > > > > > works
>> > > great.
>> > > > > Am
>> > > > > > I missing an open port on my router maybe? Or is it the server
>> itself?
>> > > > > >
>> > > > > > Thanks for you help so far, It has been most appreciated.
>> > > > > >
>> > > > > > Joe
>> > > > > >
>> > > > > > "Marina Roos [SBS-MVP]" wrote:
>> > > > > >
>> > > > > > > Hi Joe,
>> > > > > > >
>> > > > > > > Almost. Did your ISP create a DNS record for your FQDN
>> > > > > > > servername.domain.local? If not, just fill in your public IP.
>> > > > > > >
>> > > > > > > -- 
>> > > > > > > Regards,
>> > > > > > >
>> > > > > > > Marina
>> > > > > > > Microsoft SBS-MVP
>> > > > > > > One of the Magical M&M's
>> > > > > > >
>> > > > > > > "Joe" <Joe@discussions.microsoft.com> schreef in bericht
>> > > > > > > news:DBC7FF2D-FE07-4ADD-8B89-C3DABCFB9941@microsoft.com...
>> > > > > > > > I found the problem!!!!!!!!!!!!!!!!!!!!  It has to be setup 
>> > > > > > > > as
>> > > > > > > > "servername.domainname.local". All I had was
>> "domainname.local".
>> > > > > Thanks
>> > > > > > > for
>> > > > > > > > pointing me in the correct direction. I've benn running 
>> > > > > > > > around
>> the
>> > > > > problem
>> > > > > > > > for several days but had not fully engagued my brain yet!!!
>> > > > > > > >
>> > > > > > > > "Marina Roos [SBS-MVP]" wrote:
>> > > > > > > >
>> > > > > > > > > Hi Joe,
>> > > > > > > > >
>> > > > > > > > > Don't use the Certificate Services. Run CEICW, enable the
>> > > Firewall,
>> > > > > and
>> > > > > > > fill
>> > > > > > > > > in your public IP or your public FQDN for the web
>> certificate.
>> > > > > > > > >
>> > > > > > > > > -- 
>> > > > > > > > > Regards,
>> > > > > > > > >
>> > > > > > > > > Marina
>> > > > > > > > > Microsoft SBS-MVP
>> > > > > > > > > One of the Magical M&M's
>> > > > > > > > >
>> > > > > > > > > "Joe" <Joe@discussions.microsoft.com> schreef in bericht
>> > > > > > > > > news:A7D40179-57BC-485C-865B-3811D2EE17B2@microsoft.com...
>> > > > > > > > > > Reply #2. I found the directions in help as to how to
>> rerun
>> > > the
>> > > > > > > "connect
>> > > > > > > > > to
>> > > > > > > > > > the internet wizard" and followed them to create a new
>> > > > > certificate. It
>> > > > > > > > > still
>> > > > > > > > > > won't work. I looked in services and when I click on
>> > > "Microsoft
>> > > > > > > > > Certificate
>> > > > > > > > > > Services, it says The specifified service does not 
>> > > > > > > > > > exist
>> as an
>> > > > > > > installed
>> > > > > > > > > > service. m0x424 (win32: 1060).
>> > > > > > > > > >
>> > > > > > > > > > ????
>> > > > > > > > > >
>> > > > > > > > > >
>> > > > > > > > > > "Susan Bradley, CPA aka Ebitz - SBS Rocks" wrote:
>> > > > > > > > > >
>> > > > > > > > > > > You've mismatched the domain name with the cert name.
>> > > > > > > > > > >
>> > > > > > > > > > > ISA is "very" particular and the cert "has" to match 
>> > > > > > > > > > > the
>> > > link
>> > > > > you
>> > > > > > > are
>> > > > > > > > > > > coming in on.
>> > > > > > > > > > >
>> > > > > > > > > > >
>> > > > > > > > > > > Joe wrote:
>> > > > > > > > > > > > I have two new installs of SBS2003 but I can't get
>> remote
>> > > web
>> > > > > > > > > workplace to
>> > > > > > > > > > > > work on either of them. When I log in I get the
>> > > certificate
>> > > > > > > screen -
>> > > > > > > > > do you
>> > > > > > > > > > > > want to proceed? but when I say yes (after 
>> > > > > > > > > > > > installing
>> the
>> > > > > > > certificate)
>> > > > > > > > > I get:
>> > > > > > > > > > > >  "The page cannot be displayed . There is a problem
>> with
>> > > the
>> > > > > page
>> > > > > > > you
>> > > > > > > > > are
>> > > > > > > > > > > > trying to reach and it cannot be displayed. .......
>> 403
>> > > > > > > Forbidden -
>> > > > > > > > > The
>> > > > > > > > > > > > server denies the specified Uniform Resource 
>> > > > > > > > > > > > Locator
>> > > (URL).
>> > > > > > > Contact
>> > > > > > > > > the
>> > > > > > > > > > > > server administrator. (12202)
>> > > > > > > > > > > > Internet Security and Acceleration Server"
>> > > > > > > > > > > >
>> > > > > > > > > > > > Incidently, I can log on to either using remote
>> desktop
>> > > > > (terminal
>> > > > > > > > > services)
>> > > > > > > > > > > > just fine.
>> > > > > > > > > > > > I've missed something, any Ideas.
>> > > > > > > > > > > >
>> > > > > > > > > > > > Your help would be appreciated !!!!
>> > > > > > > > > > >
>> > > > > > > > > > > -- 
>> > > > > > > > > > > An open letter to the Security Community::
>> > > > > > > > > > > http://msmvps.com/bradley/archive/2004/12/12/23540.aspx
>> > > > > > > > > > >
>> > > > > > > > >
>> > > > > > > > >
>> > > > > > > > >
>> > > > > > >
>> > > > > > >
>> > > > > > >
>> > > > >
>> > > > >
>> > > > >
>> > >
>> > >
>> > >
>>
>>
>>

Relevant Pages

  • Re: Networking Question - VLANs on SBS 2003 Premium SP1
    ... Ensure you connect the SBS external NIC to one LAN port of the router. ... On the Connection Type page, click Broadband, and then click Next. ... Internet access and the local network check box, ...
    (microsoft.public.windows.server.sbs)
  • Re: 2 pc network - cant see host files from pc 2 on pc 1
    ... Assuming that you have firewall protection via your internet router try ... workgroup because it will be needed for the network to work correctly. ... see if you can access TCP ports 139 and 445 on computer one of which at ... permissions. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: ISA Help Needed
    ... If you have no more ports on the router ... Connect the external nic of the SBS to this hub/switch, ... >internet connectivity same as the other boxes. ... They'll get their network settings from ...
    (microsoft.public.windows.server.sbs)
  • Re: moving sbs network
    ... The SBS network is connected to the LAN port. ... so the public wireless router is the DHCP ...
    (microsoft.public.windows.server.sbs)
  • Re: Networking Question - VLANs on SBS 2003 Premium SP1
    ... Finally was able to get some network downtime to make the change in routers ... wireless router, but - once connected to the SBS box and I've run CEICW, the ... I ran the ISA and SBS BPA's and didn't see anything. ... I put the old router back in service so I could work on this some more. ...
    (microsoft.public.windows.server.sbs)