Re: Trouble with remote access Brand NEW SBS2003 Install

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

On 8/2/05 9:24 AM, in article dco2uo$4ap$1$8300dec7@xxxxxxxxxxxxxxxx, "Joe"
<joe@xxxxxxxxxxxxxx> wrote:

> John Berry wrote:
>> On 8/1/05 1:41 PM, in article dcltla$n87$1$8302bc10@xxxxxxxxxxxxxxxx, "Joe"
>
>>
>>
>> Ok here is where I am at now:
>>
>> I have closed the unused ports except for the important ones, 25,
>> 110,391,47,1723,4125,81(firewall admin)
>>
>> I have found one problem, I had to change the IP schema of the remote-client
>> LAN from 192.168.1.xxx to 192.168.0.xxx This now allows me to search for the
>> server name (right click MNP and find computers on network) I can then
>> create a shortcut to the server and browse it after I connect with the
>> connection client program (from SBS2003).
>>
>> The problem is I cannot browse or even see the server-side network, just a
>> 20 sec hang then my local workgroup shows up.
>>
>> So I hope this helps pinpoint the problem. Any help is appreciated.
>>
>> John B
>>
>
> Is the client machine a member of the SBS domain, and have you logged
> on to the domain rather than the machine itself? In my experiments,
> this was the only deciding factor in whether full network browsing
> worked. Without a domain logon, various things worked or didn't work
> on different occasions. Once, I could not even get TCP/IP connection
> to the server even though all the numbers were right, and disconnecting
> and reconnecting the VPN got it back. For the most part, a non-domain
> machine has access to the SBS services, but nothing else.
>
> In general, SBS will protect its network from attack. This includes a
> VPN connection: SBS will not by default route IP connections from the
> VPN to its LAN or back, and will not make browsing easy for any machine
> or user not actually part of the domain. Network browsing is quite a
> complex layer on top of TCP/IP, and it is fairly easy to refuse access
> to it.
>
> What do you actually need network browsing for? The whole point of a
> server is to store data centrally, not on individual workstations.
> With an SBS-based network, the workstations (if XP Pro) are accessible
> to remote users via remote desktop, which not only gives access to files
> but also programs. Applications should not be run on the server, and to
> give a remote user access to Office or other applications means having
> them log in to the workstation via the SBS RWW system. There is no need
> for browsing from the VPN, you can do that from the workstation once
> logged on. You don't need XP Pro on the remote clients, anything with
> a Terminal Server client will do, including rdesktop on Linux. You
> especially don't need to copy files across the Internet, so even Access
> is usable over RWW.

The reason for the browsing is for the techno-challenged users. They only
want access to private and public folders for docs and spreadsheets (plus
email but that is already covered through remote Exchange web access).

I am just trying to make it seamless for them as I do not want to drive to
each of their homes (all 10 of them) and setup VPN and shortcuts.

Remote desktop takes more bandwidth (?) and it seems they can download and
upload modified files easier using VPN without any special training and
configuration.

It would seem the next step is to take in the PC to the server LAN and join
it to the domain first and login, then logout and try it remotely??

John B


.

Relevant Pages

  • Re: [Full-disclosure] Remote Desktop Command Fixation Attacks
    ... This set of steps is redundant in many places, and it's also enormously expensive, since you're using no less than three different expensive bits of networking hardware (AP, PIX, VPN Concentrator), in addition to a bunch of x86 server hardware, windows server licenses, and at least one ISA license. ... Your computers necessarily don't have full access to your network infrastructure when they aren't logged on, so GPOs, software updates, etc can't be applied at the times you want them to be applied. ... Turning on, enabling, and implementing every possible security setting and device you think of is not defence in depth, and will probably only have two effects - your users won't use your wireless network, and you'll burn so much cash you won't have any left to spend on *useful* security measures. ...
    (Full-Disclosure)
  • Re: Remote Access and ISA Server in SBS 2003?
    ... I am glad to hear the Remote Access Wizard is working fine now. ... there is no difference in VPN between SBS 4.5 and SBS ... Error Message: VPN Connection Error 800: Unable to Establish Connection ... the external NIC of the SBS Server. ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN with SBS 2003 (not R2) and DSL.
    ... Reading property value for VPN returned OK ... Reading VPN Server Name returned OK ... identical network cards. ... it seems doubtful that SBS will work properly with two NICs ...
    (microsoft.public.windows.server.sbs)
  • RE: SBS 2003 sudden services problem over router based vpn
    ... I understand that your remote cannot receive POP3 emails through VPN ... SBS Server through routers. ...
    (microsoft.public.windows.server.sbs)
  • RE: VPN Connection Problems
    ... Note that we are able to successfully VPN into the office. ... to browse the network, RDP to the server or even ping the server. ... > This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)