Re: Trouble with remote access Brand NEW SBS2003 Install

Tech-Archive recommends: Fix windows errors by optimizing your registry

On 8/1/05 1:41 PM, in article dcltla$n87$1$8302bc10@xxxxxxxxxxxxxxxx, "Joe"
<joe@xxxxxxxxxxxxxx> wrote:

> John Berry wrote:
>> I am trying to access my new SBS2003 (Installed and updated yesterday)
>> server and I can authenticate, and show
>> a valid connection, but I cannot browse any remote networks nor can I search
>> for any computers or the SBS2003 server for that matter.
>>
>> Layout:
>>
>> Remote Server is a win2003 Standard server behind a Linux Firewall. Almost
>> EVERY port is forwarded to it right now.
>>
>> Remote client (me) Winxp Pro (with latest updates) behind a Linux Firewall
>> with only the standard ports forwarded to the local server (pop, SMTP, http,
>> https, & a couple of others).
>>
>> I am trying to connect to the remote win2003 server using the "Shortcut to
>> Connect to Small Business Server" application I downloaded from the server
>> itself while I was logged in as the correct user to http://xyz.com/remote.
>>
>> I have just enabled POP3 and Imap for those users who still want that type
>> of access, are there any services on the SBS2003 server I need to turn on??
>> Do I need to open any ports on the firewall that is in front of the WINXP
>> remote client??
>>
>
> We don't know enough yet. You don't need anything open on the local
> firewall. You do need port 1723/TCP and protocol 47 open on the remote
> firewall and forwarded to the SBS. That's enough for the networking
> issues. If there are still connection problems, set logging on the
> appropriate iptables rules to see what's going on. Having iptables at
> both ends of the link is a big help in debugging this kind of problem.
> Nmap is also very useful. With iptables and nmap and with ssh links to
> both Linux machines, you should be able to see exactly what packets are
> going where and which ports are open, all from your XP machine.
>
> Have you set up incoming connections on the SBS correctly? Go through
> the Configure Email wizard again and check that everything looks right.
> The user connecting in needs to be a member of the remote users group.
> Ensure extra-good passwords on users who can connect in, as nothing
> else stands between SBS and the bad guys. PPTP VPN is a bit
> indiscriminate.
>
> I'll get in first: close down all incoming ports to SBS that you don't
> definitely know that you need open. Restrict the IP addresses which can
> connect if you possibly can. Use the secure versions of services where
> you can. Open https to SBS rather than http. *Never* open port 80 to
> the outside world if there is any conceivable alternative.
>
> Connectivity over VPN is variable: a domain member computer has full
> network browsing, other machines are more or less limited to the
> services on the server, depending on how much additional routing you
> do. You should certainly be able to ping SBS across VPN, as nothing
> will work if you can't. If you can't ping SBS by IP address then
> there's something fundamental wrong. A remote computer will indicate
> that the VPN is up even if protocol 47 is not getting through: 47
> carries all the data, TCP port 1723 only handles the VPN housekeeping.
>
> Make sure the pool of addresses used by RRAS is part of the SBS LAN
> subnet. Make sure the remote machines do not have any IP interfaces with
> addresses in that subnet, other than their end of the VPN link. Any
> networks local to the remote clients must use different subnets.
>
> If you are using non-domain machines to connect, I'd recommend putting
> the SBS IP address in their hosts files, as browsing will be poor
> and connection to the server by name needs all the help it can get.
> Let us know how you get on.
>

Ok here is where I am at now:

I have closed the unused ports except for the important ones, 25,
110,391,47,1723,4125,81(firewall admin)

I have found one problem, I had to change the IP schema of the remote-client
LAN from 192.168.1.xxx to 192.168.0.xxx This now allows me to search for the
server name (right click MNP and find computers on network) I can then
create a shortcut to the server and browse it after I connect with the
connection client program (from SBS2003).

The problem is I cannot browse or even see the server-side network, just a
20 sec hang then my local workgroup shows up.

So I hope this helps pinpoint the problem. Any help is appreciated.

John B

.

Relevant Pages

  • Re: Unable to Connect to Server/Client Desktop using RWW
    ... Please post the results of an ipconfig /all for the sbs server. ... I did another test after turning off the firewall on the remote. ... If port 4125 was not forwarded on the sbs machine, ...
    (microsoft.public.backoffice.smallbiz)
  • Re: Remote Desktop Problem
    ... connectivity issues in SBS Server: ... This newsgroup only focuses on SBS technical issues. ... |> this computer on the Remote tab of properties of My Computer on SBS ...
    (microsoft.public.windows.server.sbs)
  • RE: Cannot Connect via remote desktop
    ... please ensure the domain name vpn.XXX.co.uk resolve to the ... As you want to connect the SBS via VPN, I suggest you also perform the ... select Disable Routing and Remote ... You have to rerun the CEICW to make sure your SBS 2003 server have right ...
    (microsoft.public.windows.server.sbs)
  • RE: Adding a Remote Office Domain Controller
    ... For licensing question, the SBS 2003 supports the branch office scenario. ... We need configure licensing on the Windows DC server in the remote site. ...
    (microsoft.public.windows.server.sbs)
  • Re: Event 529 Logins from external source
    ... If you have SBS 2003, you should have a firewall between it and the ... No other ports should be open. ... The 7 steps will secure the server again attacking. ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)