Re: Remote Connection Issue
- From: "Bill Swan" <bill@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 21 Oct 2005 19:22:20 +0100
LOL... thanks Jenny, got there before me again... keep up the good work...
;-)
Barry, the main reason many inidividuals went to 2003 is the RWW (remote web
workplace) facility. Oh and of course the latest technology...etc etc.
As not aware of RWW previously it may be a bit daunting for you (especially
reading Jenny very thorough info), Just take it step by step and you will
love it. It will also assist with your initial problem.
""Jenny wu [MSFT]"" <v-yanniw@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:cJgo8rk1FHA.748@xxxxxxxxxxxxxxxxxxxxxxxx
> Hi Barry,
>
> Thanks for your update!
>
> If you want to connect to connect to the SBS server box and the LAN client
> computer simultaneously, you can use the RWW (Remote Web Workspace) site
> to
> reach your goal in SBS environment. Besides, you can setup VPN to the SBS
> domain, and then work as domain computer and access any domain computers
> if
> you have permissions.
>
> The SBS RWW is a dynamically created web site that provides a single,
> simple, and consolidated entry point for remote users to access SBS
> features. It empowers external SBS users by providing one place from which
> all relevant features of SBS, such as Outlook Web Access, Windows
> SharePoint Services, and the remote user desktop, can be accessed from
> outside the network firewall. To access RWW, one can access
> http://fully_qualified_domain_name/remote remotely, or
> http://servername/remote locally. Connecting through RWW allows users to
> connect to the server resources without additional configuration such as
> VPN or RAS. It also allows VAPs to connect directly to the internal
> workstations for troubleshooting purposes. If SSL is deployed along with
> RWW, you ensure the communication is secured, and all data is encrypted
> and
> protected over the web.
>
> The following sections discuss the components of RWW:
>
> RWW Files
> IIS Virtual Directory
> Registry Keys
> Active Directory Configuration
> Default Web Site
> ISAPI Filter
> TS Proxy
> Remote User E-mail
>
> You can run CEICW to publish RWW to internet and the wizard will configure
> all related settings in ISA, IIS and firewall automatically.
>
> I. Please try to run CEICW to make sure enable firewall and publish VPN,
> Terminal services, RWW to internet. You can refer to the following steps:
>
> 1. Expand Standard Management | To Do List.
> 2. Click Connect to the Internet in the right pane.
> 3. Navigate the wizard to Firewall and then select Enable firewall. In the
> next page, make sure the E-mail, VPN, Terminal services item is checked in
> services configuration page.
> 4. Click Next and then select Allow access to the following web site
> services from the internet.
> 5. Make sure RWW be selected and click Next.
> 6. Click Create a new Web services certificate (input your FQDN as the web
> server certificate) and then click Next.
> 7. Following the wizard to finish it.
>
> I suggest you refer to KB 825763 to configure the network connection:
>
> 825763 How to configure Internet access in Windows Small Business Server
> 2003
> http://support.microsoft.com/?id=825763
>
> If you have installed router or hardware firewall outside the SBS 2003
> network, please double check to make sure the TCP port 4125, 1723,
> 3389,443,444 are opened on your router or hardware firewall.
>
> Generally, we open the ports we needed to allow some specific traffic. You
> can refer to the following list:
>
> TCP port Definition
> 25 Email (SMTP)
> 80 required for HTTP
> requests for your site
> 443 required for HTTPS
> requests using SSL, which secures communications from your server and a
> Web
> browser
> 444 Companyweb
> 4125 Remote Web Workplace
> 1723 (plus GRE Protocol 47) VPN
> 3389 Terminal Services
> 21 FTP
>
> After did that, on the internet computer, type URL:http://FQDN/remote or
> URL:http://public IP/remote in IE to access the RWW site and you can
> connect to server box and client computer simultaneously.
>
> Information about setup VPN:
>
> 308208 HOW TO: Install and Configure a Virtual Private Network Server in
> http://support.microsoft.com/?id=308208
>
> HOW TO: Configure a Connection to a Virtual Private Network (VPN) in
> Windows XP
> http://support.microsoft.com/?id=314076
>
> 320697 HOW TO: Turn On and Configure Inbound VPN Access in Small Business
> http://support.microsoft.com/?id=320697
>
> Hope above information helps! If you have any concern on the issue please
> let me know. I am happy to be assistance of you!
>
> Have a nice weekend!
>
> Best Regards,
>
> Jenny Wu
> Microsoft CSS Online Newsgroup Support
> Get Secure! - www.microsoft.com/security
> ======================================================
> This newsgroup only focuses on SBS technical issues. If you have issues
> regarding other Microsoft products, you'd better post in the corresponding
> newsgroups so that they can be resolved in an efficient and timely manner.
> You can locate the newsgroup here:
> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>
> When opening a new thread via the web interface, we recommend you check
> the
> "Notify me of replies" box to receive e-mail notifications when there are
> any updates in your thread. When responding to posts via your newsreader,
> please "Reply to Group" so that others may learn and benefit from your
> issue.
>
> Microsoft engineers can only focus on one issue per thread. Although we
> provide other information for your reference, we recommend you post
> different incidents in different threads to keep the thread clean. In
> doing
> so, it will ensure your issues are resolved in a timely manner.
>
> For urgent issues, you may want to contact Microsoft CSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
> Any input or comments in this thread are highly appreciated.
> ======================================================
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
> --------------------
>>From: "Barry McConomy" <smile@xxxxxxxxxx>
>>Newsgroups: microsoft.public.windows.server.sbs
>>Subject: Re: Remote Connection Issue
>>Date: Fri, 21 Oct 2005 08:25:48 -0400
>>Organization: Posted via Supernews, http://www.supernews.com
>>Message-ID: <11lhn4lg8h4vbe4@xxxxxxxxxxxxxxxxxx>
>>References: <11lg2qg16cdu6c8@xxxxxxxxxxxxxxxxxx>
> <ev$GFdc1FHA.2212@xxxxxxxxxxxxxxxxxxxx>
> <11lggl56c6naj51@xxxxxxxxxxxxxxxxxx>
> <rI6Ywzh1FHA.1468@xxxxxxxxxxxxxxxxxxxxx>
>>X-Priority: 3
>>X-MSMail-Priority: Normal
>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
>>X-RFC2646: Format=Flowed; Original
>>X-Complaints-To: abuse@xxxxxxxxxxxxx
>>Lines: 279
>>Path:
> TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.sul.t-online.de!t-onli
> ne.de!newshub.sdsu.edu!newsfeed.news2me.com!newsfeed2.easynews.com!newsfeed1
> easynews.com!easynews.com!easynews!sn-xit-03!sn-xit-08!sn-post-01!supernews
> com!corp.supernews.com!not-for-mail
>>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:163354
>>X-Tomcat-NG: microsoft.public.windows.server.sbs
>>
>>Hi Jenny
>>
>>The reason I am using 2 port numbers the default 3389 and 3390 is that I
>>want the connect from remote clients simultaneously to the SBS server
>>through port number 3389 and a workstation on the LAN through port number
>>3390.
>>
>>I am of the understanding this is the only way to connect to different
>>Server/Workstations on the same LAN at the same time.
>>
>>Please advise if there is another way that does not need different port
>>numbers.
>>
>>Regards
>>Barry
>>
>>
>>""Jenny wu [MSFT]"" <v-yanniw@xxxxxxxxxxxxxxxxxxxx> wrote in message
>>news:rI6Ywzh1FHA.1468@xxxxxxxxxxxxxxxxxxxxxxxx
>>> Hi Barry,
>>>
>>> Thanks for posting here!
>>>
>>> For your description, I understand that you want to allow a LAN client
>>> computer accessed remotely, and you have configured server publishing
> rule
>>> to publish it, but failed. If I am off base, please don't hesitate to
>>> let
>>> me know.
>>>
>>> How internet computer access to the internal client computer? Can I
> assume
>>> you are using terminal services?
>>>
>>> By default Terminal Server and Windows 2000 Terminal Services uses TCP
>>> port
>>> 3389 for client connections. Microsoft does not recommend that this
>>> value
>>> be changed. However, if it is necessary to change this port, you need
>>> follow these instructions.
>>>
>>> WARNING: If you use Registry Editor incorrectly, you may cause serious
>>> problems that may require you to reinstall your operating system.
>>> Microsoft
>>> cannot guarantee that you can solve problems that result from using
>>> Registry Editor incorrectly. Use Registry Editor at your own risk.
>>>
>>> I. To change the default port for all new connections created on the
>>> Terminal Server (the specific LAN client computer):
>>>
>>> 1. Run Regedt32 and go to this key:
>>> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal
>>> Server\WinStations\RDP-Tcp
>>>
>>> 2. Find the "PortNumber" subkey and notice the value of 00000D3D, hex
>>> for
>>> (3389). Modify the port number in Hex and save the new value.
>>>
>>> II. Publish the terminal services on 3390 port to internet (you have
>>> done):
>>>
>>> 1) Created an IP Packet Filter.
>>> 2) Created a Protocol Definition.
>>> 3) Created a Server Publishing Rule to the IP address of the LAN
>>> Workstation.
>>>
>>> III. To Alter the Port on the Client Side and open 3390 port in client
>>> firewall.
>>>
>>> To alter the port on:
>>> 1. Open Client Connection Manager.
>>>
>>> 2. On the File menu, click New Connection, and then create the new
>>> connection. After running the wizard, you should have a new connection
>>> listed there.
>>>
>>> 3. Making sure that the new connection is highlighted, on the File menu,
>>> click Export. Save it as name.cns.
>>>
>>> 4. Edit the .cns file using Notepad changing "Server Port=3389" to
> "Server
>>> Port=xxxx" where xxxx is the new port that you specified on Terminal
>>> Server.
>>>
>>> 5. Now import the file back into Client Connection Manager. You may be
>>> prompted to overwrite the current one, if it has the same name. Go ahead
>>> and overwrite it. You now have a client that has the correct port
> settings
>>> to match your change Terminal Server settings.
>>>
>>> NOTE: The Terminal Server ActiveX client listens on TCP port 3389 and
> this
>>> cannot be changed. The Remote Desktop Protocol (RDP) client that is
>>> available in Microsoft Windows XP and Windows .NET (version 5.1 and
> later)
>>> has this ability.
>>>
>>> NOTE: You must restart the Terminal Server before the new listening port
>>> becomes active, or recreate the RDP listener via Terminal Services
>>> configuration.
>>>
>>> Open the port in firewall (you have done):
>>>
>>> 1) Allowed Remote Access
>>> 2) Allowed port 3390 through the Windows Firewall
>>>
>>> Try to test again to see if the issue be fixed.
>>>
>>> If the issue persists, please kindly help me collect some information to
>>> isolate the issue:
>>> 1. What are the accurate services you use to access the internal
> computer?
>>> 2. What is the accurate error message when you try to access the
>>> internal
>>> computer? Could you kindly help me catch a screen shot of the error
>>> message?
>>> To make a screen shot:
>>>
>>> A. Press Alt + Pr Scrn to capture a screen shot.
>>> B. From Start, go to Run, enter pbrush in the Open box, and then click
> OK.
>>> C. Use Ctrl + V to paste the screen shot to the canvas.
>>> D. From the File menu, go to Save and save as a JPG file.
>>>
>>> 3. Please use the ISAinfo utility to collect the ISA configuration
>>> information for further analyze:
>>>
>>> a. Download the file from the following URL:
>>> http://www.isatools.org/isainfo/ISAInfo.zip
>>> b. Extract all files to a folder on ISA server
>>> c. Double click Isainfo.js. This will generate 2 files
>>> ISAInfo2004-<computer-name>.log and ISAInfo2004-<computer-name>.xml in
> the
>>> current folder.
>>> d. Please send these files to me at feijj@xxxxxxxxxxxxx
>>>
>>> 3. Gather the ISA Web Proxy and Firewall service logs when reproducing
> the
>>> problem:
>>>
>>> Enable the full Web Proxy/firewall logging option:
>>> a. Open ISA 2004 management console.
>>> b. Expand the server node and highlight ''Monitoring''.
>>> c. In the right pane, switch to the ''Logging'' tab, make sure the
>>> ''Task
>>> Pane'' is showed there.
>>> d. In the ''Task Pane'', click ''Configure Web Proxy Logging'' under
>>> ''Logging Tasks'', and then switch the ''log storage format'' from
>>> ''MSDE
>>> database'' (default) to ''File''.
>>> e. Switch to the ''Fields'' tab, and then click ''Select All''.
>>> f. Click OK, and then click ''Apply'' to save changes and update the
>>> configuration.
>>> g. Click ''Configure Firewall Logging''. Do step d~f to enable the full
>>> logging options for firewall logging.
>>>
>>> Prepare to take the trace:
>>> a. Temporarily stop the Firewall service to clear the current existing
> W3C
>>> logs: Monitoring->Services tab, and then right click ''Microsoft
>>> Firewall''
>>> to choose ''Stop''.
>>> b. Go to the log saving directory and clean any existing .W3C logs. By
>>> default, the logs will be saved to ''C:\Program Files\Microsoft ISA
>>> Server\ISALogs''. (Some MDF may not be able to deleted, that''s normal.)
>>> c. Go back to the ISA 2004 management console, and then Start the
>>> stopped
>>> ''Microsoft Firewall'' service.
>>>
>>> Reproduce the problem:
>>> a. Go to the external client computer. Try to access the RWW web site.
>>> b. Go back to the ISA server. Stop the ''Microsoft Firewall'' service.
>>> Open
>>> Windows Explorer, navigate to the ISA log file folder. Collect the
>>> recent
>>> w3c files. Save them to a zip package as ''isalogs.zip''. Start the
>>> ''Microsoft Firewall'' Service.
>>>
>>> Please add all file to a zip file and send the zip packages to me at
>>> v-yanniw@xxxxxxxxxxxxxx If the file is too big, you can split to several
>>> parts and mail me. I appreciate your time and efforts to perform test
>>> and
>>> collect information.
>>>
>>> I am happy to be assistance of you and looking forward to your reply!
>>>
>>> Have a nice day!
>>>
>>> Best Regards,
>>>
>>> Jenny Wu
>>> Microsoft CSS Online Newsgroup Support
>>> Get Secure! - www.microsoft.com/security
>>> ======================================================
>>> This newsgroup only focuses on SBS technical issues. If you have issues
>>> regarding other Microsoft products, you'd better post in the
> corresponding
>>> newsgroups so that they can be resolved in an efficient and timely
> manner.
>>> You can locate the newsgroup here:
>>> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>>>
>>> When opening a new thread via the web interface, we recommend you check
>>> the
>>> "Notify me of replies" box to receive e-mail notifications when there
>>> are
>>> any updates in your thread. When responding to posts via your
>>> newsreader,
>>> please "Reply to Group" so that others may learn and benefit from your
>>> issue.
>>>
>>> Microsoft engineers can only focus on one issue per thread. Although we
>>> provide other information for your reference, we recommend you post
>>> different incidents in different threads to keep the thread clean. In
>>> doing
>>> so, it will ensure your issues are resolved in a timely manner.
>>>
>>> For urgent issues, you may want to contact Microsoft CSS directly.
>>> Please
>>> check http://support.microsoft.com for regional support phone numbers.
>>>
>>> Any input or comments in this thread are highly appreciated.
>>> ======================================================
>>> This posting is provided "AS IS" with no warranties, and confers no
>>> rights.
>>>
>>> --------------------
>>>>From: "Barry McConomy" <smile@xxxxxxxxxx>
>>>>Newsgroups: microsoft.public.windows.server.sbs
>>>>Subject: Re: Remote Connection Issue
>>>>Date: Thu, 20 Oct 2005 21:28:47 -0400
>>>>Organization: Posted via Supernews, http://www.supernews.com
>>>>Message-ID: <11lggl56c6naj51@xxxxxxxxxxxxxxxxxx>
>>>>References: <11lg2qg16cdu6c8@xxxxxxxxxxxxxxxxxx>
>>> <ev$GFdc1FHA.2212@xxxxxxxxxxxxxxxxxxxx>
>>>>X-Priority: 3
>>>>X-MSMail-Priority: Normal
>>>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
>>>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
>>>>X-RFC2646: Format=Flowed; Response
>>>>X-Complaints-To: abuse@xxxxxxxxxxxxx
>>>>Lines: 51
>>>>Path:
>>>
> TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.sul.t-online.de!t-onli
>>>
> ne.de!newsfeed.freenet.de!ecngs!feeder2.ecngs.de!news.glorb.com!sn-xit-04!sn
>>>
> -xit-12!sn-xit-09!sn-post-01!supernews.com!corp.supernews.com!not-for-mail
>>>>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:163207
>>>>X-Tomcat-NG: microsoft.public.windows.server.sbs
>>>>
>>>>Hi Bill
>>>>
>>>>Yes, I restarted the server.
>>>>
>>>>Barry
>>>>
>>>>"Bill Swan" <bill@xxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>>>>news:ev$GFdc1FHA.2212@xxxxxxxxxxxxxxxxxxxxxxx
>>>>> Hi Barry...looks good to me... did you restart the ISA service ?
>>>>>
>>>>>
>>>>> "Barry McConomy" <smile@xxxxxxxxxx> wrote in message
>>>>> news:11lg2qg16cdu6c8@xxxxxxxxxxxxxxxxxxxxx
>>>>>> Hi
>>>>>>
>>>>>> System Windows 2000 SBS, with ISA
>>>>>>
>>>>>> I tried to setup a remote client to connect (through port 3390) to a
>>>>>> particular Windows XP Pro workstation within the LAN and failed.
>>>>>>
>>>>>> What I did in ISA
>>>>>>
>>>>>> 1) Created an IP Packet Filter
>>>>>> 2) Created a Protocol Definition
>>>>>> 3) Created a Server Publishing Rule to the IP address of the LAN
>>>>>> Workstation
>>>>>>
>>>>>> What I did with my Router
>>>>>>
>>>>>> 1) Open port 3390 to External NIC IP Address (192.168.2.2)
>>>>>>
>>>>>> What I did on the Workstation
>>>>>>
>>>>>> 1) Allowed Remote Access
>>>>>> 2) Allowed port 3390 through the Windows Firewall
>>>>>>
>>>>>> Can any body see where I went wrong of offer some help/advice.
>>>>>>
>>>>>> PS: I can connect remotely to the SBS and that works fine.
>>>>>>
>>>>>> Regards
>>>>>> Barry
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>
>>
>>
>>
>
.
- Follow-Ups:
- Re: Remote Connection Issue
- From: Barry McConomy
- Re: Remote Connection Issue
- References:
- Re: Remote Connection Issue
- From: Barry McConomy
- Re: Remote Connection Issue
- From: Barry McConomy
- Re: Remote Connection Issue
- Prev by Date: Usage Report
- Next by Date: Re: What the heck!!!!?????
- Previous by thread: Re: Remote Connection Issue
- Next by thread: Re: Remote Connection Issue
- Index(es):
Relevant Pages
|
