Re: Problem with RWW, can list computers/servers, cannot get logge
- From: "Carl" <Carl@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 3 Aug 2005 18:03:27 -0700
Dear Frank,
Thanks for the ongoing discussion. I located that article and checked it
earlier. That was not an issue for us in this instance.
Today I decided to go to another location (Ames office, servers in Des
Moines) and try the access from a different ISP. Surprise, surprise, it all
worked. The Ames office access is via DSL / Qwest and the dial up access is
via att.net. I am now betting the problem is something att.net filters. I am
not sure which port it would be that they might be blocking, but I am
guessing is must be 4125 since the only problem is when I try to access the
desktop via RWW. Am I even in the right ballpark on my assumption?
Thanks for the ongoing discussion.
Sincerely,
Carl
"Frank McCallister SBS MVP" wrote:
> See if this helps
> http://support.microsoft.com/default.aspx?scid=kb;EN-US;886209
>
> --
> Frank McCallister SBS MVP
> COMPUMAC
> "Carl" <Carl@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:E5A998B2-E4DA-4541-92F3-ABC7EB3E4A71@xxxxxxxxxxxxxxxx
> > Thanks for the response.
> >
> > When I login from outside using dialup, I am using https://FQDN/remote.
> > I believe I have the certificate address handled correctly, but am not
> > 100%
> > on that one. I thought I must have it "right" since I could use all of the
> > other RWW functionality including admining the companyweb. (?)
> >
> > When I browse to that FQDN and the certificate is presented for approval,
> > the FQDN that I input in the browser over dial up matches the FQDN name on
> > the cert. The cert goes to xxxx.yyyy.com, not xxxx.yyyy.local, which I
> > believe is correct. (?)
> >
> > In ISA 2004, the "SBS Web Listener" (which is used by the OWA, RWW and
> > OMA
> > web publishing rules) is using the same xxxx.yyyy.com certificate to
> > authenticate.
> >
> > When I look at the certificates on the ISA computer in the folder:
> > Certificates (Local Computer) / Personal / Certificates, there are three
> > certs. One is the FQDN. For purposes of discussion the FQDN is
> > xxxx.yyyy.com.
> > Based on that premise, the three certs are named as follows:
> >
> > Name Intended purpose
> > ---------------- --------------------
> > yyyy All
> > publishing.yyyy.local Server auth
> > xxxx.yyyy.com Server auth
> >
> > Thanks for the input.
> >
> > Sincerely,
> > Carl
> >
> > "Frank McCallister SBS MVP" wrote:
> >
> >> Hi Carl
> >>
> >> When you login from outside using dialup are you logging in using
> >> Https://Ip/remote or Https://FQDN/remote ? When you ran CEICW AFTER
> >> installing ISA 2004 did you install the certificate for the same address?
> >>
> >> --
> >> Frank McCallister SBS MVP
> >> COMPUMAC
> >> "Carl" <Carl@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> >> news:E5F2D441-817D-4385-9D07-9631816FCA7E@xxxxxxxxxxxxxxxx
> >> > Server01: SBS Premium/ISA 2004 with product fully installed and all
> >> > service
> >> > packs and updates current
> >> > Server02: Server 2003 with all SP and updates current
> >> > Workstation 01: WinXP Pro SP2 and updates current
> >> > Internet access: via Cable modem to Linksys WRT54G
> >> >
> >> > WRT54G: WanIP set by isp, LanIP set to 192.168.30.1; PPTP and IPSec on
> >> > passthru; forwarding 1723,443,444,3389 and 4125 to 192.168.30.10
> >> >
> >> > Server01 has two adapters: WanAdapter 192.168.30.10 with only tcpip
> >> > enabled,
> >> > dns to LanAdapter's IP; LanAdapter 192.168.20.100 with
> >> > tcpip/client/file
> >> > and
> >> > printer sharing enabled; verified Advanced Setting re: binding Lan 1st,
> >> > Wan
> >> > 2nd (shows remote connections 3rd??)
> >> >
> >> > When I say "outside the network" I mean accessing the network via a
> >> > separate
> >> > fourth computer (WinXP Pro SP2) using dialup via a different ISP than
> >> > the
> >> > one
> >> > to which the network in connected.
> >> >
> >> > I can use all of RWW on the intranet, but not (all of RWW) from the
> >> > outside
> >> > network. I can connect to all 3 computers, one to the other via RWW,
> >> > from
> >> > inside the network.
> >> >
> >> > From outside the network I successfully connect via www address and get
> >> > RWW
> >> > login, login succeeds and everything works, including showing the list
> >> > of
> >> > computers and/or servers (depending who I login as and what
> >> > permissions,
> >> > servers for admin's only) BUT, once I select a computer to connect to I
> >> > get
> >> > one of two errors at the remote desktop, both start with "VBScript:
> >> > Remote
> >> > Desktop Disconnected".
> >> >
> >> > Error One: The client could not establis a connection to the remote
> >> > computer. The most likely causes for this error are:
> >> > And then is lists remote connections enabled, max. number of
> >> > connections, network error, RWW port blocked by firewall
> >> > Error Two: The client could not connect to the remote computer. Remote
> >> > connection might not be enabled or the computer might be too bust to
> >> > accept
> >> > new connections. It is also possible that network problems are
> >> > preventing
> >> > your connection. Please try connecting again later. If the problem
> >> > continues
> >> > to occur, contact your system administrator.
> >> >
> >> > I can VPN and Remote Desktop all three computers from outside the
> >> > network.
> >> >
> >> > Other things I have checked/done:
> >> > 1. Disabled the firewall in the Linksys, let all traffic through
> >> > 2. Upped connection limits in ISA from 40 to 160 as per MS Q555368
> >> > 3. Even turned off connection limits in ISA General...
> >> > 4. Verified User permission to the Remote Desktop on all three
> >> > computers.
> >> > 5. A complete scratch reinstall of SBS and got back to the same issue.
> >> > 6. Monitored and reviewed the ISA logs interactively and reviewed the
> >> > log
> >> > files for errors. The only denial I see, is 2 sets of IGMP packets that
> >> > come
> >> > from the Lan side of the Linksys/router (192.168.30.1) and are going to
> >> > 224.0.0.1/224.0.0.2. A bit of the log follows: (sorry for the
> >> > wrapping....)
> >> > Just a little discussion more below the log.
> >> >
> >> > computer date time IP protocol source destination orig client
> >> > IP source network destin network action status rule application
> >> > protocol bidirectional bytes sent bytes sent intermediate bytes
> >> > received bytes received intermediate connection time connection time
> >> > intermediate source proxy destination proxy source name destination
> >> > name username agent session ID connection ID interface IP header
> >> > protocol
> >> > payload
> >> >
> >> >
> >> > RXISBS 2005-08-02 19:00:30 IGMP 192.168.30.1 224.0.0.1 192.168.30.1
> >> > External Local
> >> > Host Denied 0xc004000d Default rule Unidentified IP
> >> > Traffic N 0 0 0 0 - - - - - - - - 0 0 - - -
> >> >
> >> > RXISBS 2005-08-02 19:00:37 IGMP 192.168.30.1 224.0.0.2 192.168.30.1
> >> > External Local
> >> > Host Denied 0xc004000d Default rule Unidentified IP
> >> > Traffic N 0 0 0 0 - - - - - - - - 0 0 - - -
> >> >
> >> > RXISBS 2005-08-02 19:02:17 TCP 192.168.20.23:1030 192.168.20.100:445
> >> > 192.168.20.23 Internal Local
> >> > Host Intermediate 0x0 Allow access from trusted computers to the
> >> > Firewall
> >> > Client installation share on ISA Server Microsoft CIFS
> >> > (TCP) Y 46561 744 33552 983 5400188 900079 - - - - - - 15 73 - - -
> >> >
> >> > RXISBS 2005-08-02 19:02:35 IGMP 192.168.30.1 224.0.0.1 192.168.30.1
> >> > External Local
> >> > Host Denied 0xc004000d Default rule Unidentified IP
> >> > Traffic N 0 0 0 0 - - - - - - - - 0 0 - - -
> >> >
> >> > RXISBS 2005-08-02 19:02:35 IGMP 192.168.30.1 224.0.0.2 192.168.30.1
> >> > External Local
> >> > Host Denied 0xc004000d Default rule Unidentified IP
> >> > Traffic N 0 0 0 0 - - - - - - - - 0 0 - - -
> >> >
> >> > I have read tons of posts and searched the web on this issue and would
> >> > welcome any suggestions for trouble shooting. It sure appears the 4125
> >> > and
> >> > 3389 ports are open as they generate log activity in ISA.
> >> >
> >> > Thanks for taking the time to read my post.
> >> >
> >> > Carl
> >>
> >>
> >>
>
>
>
.
- Follow-Ups:
- Re: Problem with RWW, can list computers/servers, cannot get logge
- From: Frank McCallister SBS MVP
- Re: Problem with RWW, can list computers/servers, cannot get logge
- References:
- Problem with RWW, can list computers/servers, cannot get logged in
- From: Carl
- Re: Problem with RWW, can list computers/servers, cannot get logged in
- From: Frank McCallister SBS MVP
- Re: Problem with RWW, can list computers/servers, cannot get logge
- From: Carl
- Re: Problem with RWW, can list computers/servers, cannot get logge
- From: Frank McCallister SBS MVP
- Problem with RWW, can list computers/servers, cannot get logged in
- Prev by Date: how to enforce default home page for all users
- Next by Date: Re: Question For Any FrontPage Users Publishing Webs from SBS 2003
- Previous by thread: Re: Problem with RWW, can list computers/servers, cannot get logge
- Next by thread: Re: Problem with RWW, can list computers/servers, cannot get logge
- Index(es):
Relevant Pages
|
