Re: CEICW fails at firewall config
- From: "SuperGumby [SBS MVP]" <not@xxxxxxxxxxx>
- Date: Mon, 30 Jan 2006 06:50:26 +1100
Merv probably won't mind the email but I had to comment.
There is normally _no_ information in your IPConfig which if publicised will
allow compromise of your system, note mine
Windows IP Configuration
Host Name . . . . . . . . . . . . : sbs
Primary Dns Suffix . . . . . . . : lc.lan
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : lc.lan
Ethernet adapter Server Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NetServer 10/100TX PCI LAN Adapter
Physical Address. . . . . . . . . : 00-60-B0-68-EE-2D
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.250.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.250.2
Primary WINS Server . . . . . . . : 192.168.250.2
PPP adapter RAS Server (Dial In) Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.250.16
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled
Ethernet adapter External:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast
Ethernet NIC
Physical Address. . . . . . . . . : 00-20-18-A1-39-42
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.168.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.168.1
DNS Servers . . . . . . . . . . . : 192.168.250.2
NetBIOS over Tcpip. . . . . . . . : Disabled
Items which people feel they may be concerned about:
Physical addresses of adapters. These can be removed, they are of no benefit
to us and there is some slight possibility that an attacker could benefit
from them.
'external' and 'internal' subnets. To get at your external subnet they must
compromise your router, having done so they must also compromise SBS to get
at the internal subnet. There is justification to 'munge' these, but if you
do so do it in a consistent manner. In my case replacing 192.168.168 with
a.b.c and 192.168.250 with x.y.z
The one that really makes me laugh is when people have the external adapter
on a public IP, so they remove this information, then post from behind SBS.
Every post has the public IP in it's header.
hmmm, that's wierd, when did I disable NETBIOS on RAS
"MikeR" <research@xxxxxxxxxxxxxxxxxx> wrote in message
news:e6eIJoQJGHA.532@xxxxxxxxxxxxxxxxxxxxxxx
> ISA2004 is installed and has been running for several months just fine
> (prior to that was of course 2000).
> Yes, the complete SP1 package was installed when it was first available.
> No CRM.
> Correct, 2 NIC's, netopia router for the T1.
> I don't want to post the ipconfig to the newsgroup but I will send it to
> you at the email below (remove the no spam).
>
> I will look at the link.
>
>
>
> "Merv Porter [SBS-MVP]" <mwport@xxxxxxxxxxxxxxxxxxx> wrote in message
> news:O$JtlEQJGHA.1848@xxxxxxxxxxxxxxxxxxxxxxx
>> Mike,
>>
>> Something doesn't smell right here....
>>
>> Do you or do you not have ISA 2000 or ISA 2004 installed on the SBS
>> server?
>> If ISA 2004, did you install the complete SBS 2003 SP1 package?
>> Do you have CRM installed?
>> Do you have 2 NICs in the SBS (maybe plus a router)?
>> Can you please capture and post an ipconfig /all for the server?
>>
>> This thread may haold more clues...
>>
>> CEICW fails on firewall configuration every time. Please help.
>> http://groups.google.com/group/microsoft.public.windows.server.sbs/browse_frm/thread/ff820dab5f85196d/1e7c4ec242fb96eb?lnk=st&q=Error+0x800700b7+returned+from+call+to+Creating+tcp+port+mapping+protocol(&rnum=1&hl=en#1e7c4ec242fb96eb
>>
>> --
>> Merv Porter [SBS MVP]
>> ===================================
>> "MikeR" <research@xxxxxxxxxxxxxxxxxx> wrote in message
>> news:OPyqlZPJGHA.648@xxxxxxxxxxxxxxxxxxxxxxx
>>>I had seen that one before. I am not connecting using any of the methods
>>>listed.
>>> Any other ideas? I am still searching too but I haven't found yet.
>>>
>>> Thanks though!
>>>
>>>
>>>
>>> "Merv Porter [SBS-MVP]" <mwport@xxxxxxxxxxxxxxxxxxx> wrote in message
>>> news:uPtjL4NJGHA.3000@xxxxxxxxxxxxxxxxxxxxxxx
>>>> Mike,
>>>>
>>>> See if this KB article leads to answer for the RWW issue...
>>>>
>>>> ISA Server prevents connection to a remote desktop when you connect
>>>> through Remote Web Workplace on a Windows Small Business Server
>>>> 2003-based computer
>>>> http://support.microsoft.com/default.aspx?scid=kb;en-us;828053
>>>>
>>>> -----------------------------------
>>>> Error message 1
>>>> The client could not connect to the remote computer. Remote connections
>>>> might not be enabled or the computer might be too busy to accept new
>>>> connections. It is also possible that network problems are preventing
>>>> your connection. Please try connecting again later. If the problem
>>>> continues to occur, contact your administrator.
>>>>
>>>> Scenario one
>>>> + You connect to a Remote Web Workplace on a Windows Small Business
>>>> Server 2003-based computer from a computer that is running Internet
>>>> Security and Acceleration (ISA) Server as a firewall.
>>>> + You click the Connect to Server Desktops link on the Remote Web
>>>> Workplace to access server desktops in your network.
>>>> This problem occurs in scenario one because ISA Server blocks outbound
>>>> traffic over port 4125. When you try to connect to server desktops
>>>> through the Connect to Server Desktops link on the Remote Web
>>>> Workplace, the connection uses TCP port 4125.
>>>>
>>>> Resolution for scenario one: Create an IP packet filter on your ISA
>>>> Server
>>>> If you want to connect to the Remote Web Workplace from a computer that
>>>> is running ISA Server, you cannot install Firewall Client on the ISA
>>>> Server. Therefore, you must configure an IP packet filter for port 4125
>>>> on the ISA Server. To configure an IP packet filter on your ISA Server,
>>>> follow these steps:1. Click Start, point to Programs, point to
>>>> Microsoft ISA Server, and then click ISA Management.
>>>> 2. In the ISA Management console tree, expand Servers and Arrays,
>>>> expand Your_Server_Name, and then expand Access Policy.
>>>> 3. Right-click IP Packet Filters, point to New, and then click Filter.
>>>> 4. In the IP Packet filter name box, type the name that you want to
>>>> give the packet filter, and then click Next.
>>>> 5. On the Filter Mode page, click Allow packet transmission, and then
>>>> click Next.
>>>> 6. On the Filter Type page, click Custom, and then click Next.
>>>> 7. On the Filter Settings page, in the IP Protocol list, click TCP.
>>>> 8. In the Direction list, click Outbound.
>>>> 9. In the Local port list, click All ports.
>>>> 10. In the Remote port list, click Fixed port.
>>>> 11. In the Port number box, type 4125, and then click Next.
>>>> 12. On the Local Computer page, click Default IP addresses for each
>>>> external interface on the ISA Server computer, and then click Next.
>>>> 13. On the Remote Computers page, click All remote computers, and then
>>>> click Next.
>>>> 14. Click Finish.
>>>> -----------------------------------
>>>>
>>>> --
>>>> Merv Porter [SBS MVP]
>>>> ===================================
>>>> "MikeR" <research@xxxxxxxxxxxxxxxxxx> wrote in message
>>>> news:%232YtZWJJGHA.1368@xxxxxxxxxxxxxxxxxxxxxxx
>>>>> Here is the text from the file...I couldn't upload it...is there a
>>>>> limit on the newsgroup server? There is a lot of chatter about upnp
>>>>> but I know hte router is not upnp. Also looks like 2k3 knows it
>>>>> judging by line 19.
>>>>>
>>>>>
>>>>> 1/28/2006 9:16 PM
>>>>> C:\Program Files\Microsoft Windows Small Business
>>>>> Server\Networking\ICW\wizinet.dll, version 5.2.2893.0
>>>>> calling CNetCommit::ValidatePropertyBag ().
>>>>> Call to Querying for the property bag () returned ok.
>>>>> Call to Reading hardware selection () returned ok.
>>>>> Hardware selection: 0
>>>>> Call to Validating hardware selection () returned ok.
>>>>> Call to Initializing the Stingray util in ValidateNICProperties ()
>>>>> returned ok.
>>>>> Call to Reading LAN NIC Guid () returned ok.
>>>>> LAN NIC Guid: {E31F615D-A81A-4CD6-B43E-C29B6B7C2385}
>>>>> Call to Validating LAN NIC Guid () returned ok.
>>>>> Call to Getting the IP address for the LAN NIC () returned ok.
>>>>> LAN NIC IP: masked internal ip
>>>>> Call to Validating NIC properties () returned ok.
>>>>> Broadband selection: 1
>>>>> Call to Validating broadband selection () returned ok.
>>>>> calling CNetCommit::ValidateRouterConnectionProperties ().
>>>>> Call to Reading UPNP selection () returned ok.
>>>>> NOT a UPnP router
>>>>> Call to Reading Router IP () returned ok.
>>>>> Router IP: I masked the ip
>>>>> Call to Validating Router IP () returned ok.
>>>>> Call to Reading preferred DNS server IP () returned ok.
>>>>> Preferred DNS server IP: 64.81.79.2
>>>>> Call to Validating preferred DNS server IP () returned ok.
>>>>> Call to Reading alternate DNS server IP () returned ok.
>>>>> Alternate DNS server IP: 216.231.41.2
>>>>> Call to Validating alternate DNS server IP () returned ok.
>>>>> Call to Validating preferred and alternate DNS servers () returned ok.
>>>>> Call to Reading router on second NIC () returned ok.
>>>>> Router is connected through the second NIC
>>>>> Call to Initializing the Stingray util in ValidateNICProperties ()
>>>>> returned ok.
>>>>> Call to Reading LAN NIC Guid () returned ok.
>>>>> LAN NIC Guid: {E31F615D-A81A-4CD6-B43E-C29B6B7C2385}
>>>>> Call to Validating LAN NIC Guid () returned ok.
>>>>> Call to Getting the IP address for the LAN NIC () returned ok.
>>>>> LAN NIC IP: masked internal ip
>>>>> Call to Reading 2nd NIC Guid () returned ok.
>>>>> External NIC Guid: {3FE69066-D982-4DC2-B2FC-3C72C2D54E59}
>>>>> Call to Validating external NIC Guid () returned ok.
>>>>> Call to Validating the external IP against LAT () returned ok.
>>>>> Call to CNetCommit::ValidateRouterConnectionProperties () returned ok.
>>>>>
>>>>> 1/28/2006 9:16 PM
>>>>> C:\Program Files\Microsoft Windows Small Business
>>>>> Server\Networking\ICW\wizproxy.dll, version 5.2.2893.0
>>>>> CStingrayCommit::ValidatePropertyBag
>>>>> Call to Querying for IPropertyPagePropertyBag () returned ok.
>>>>> Call to Initializing the StringrayUtil () returned ok.
>>>>> Call to Reading the firewall selection () returned ok.
>>>>> Firewall selection: 1
>>>>> CStingrayCommit::ValidateUpnpProperties
>>>>> Call to Reading the UPNP selection () returned ok.
>>>>> Skipping upnp validation
>>>>> Call to CStingrayCommit::ValidateUpnpProperties () returned ok.
>>>>> Call to Validating Upnp properties () returned ok.
>>>>> CStingrayCommit::ValidatePortMappings
>>>>> Call to Reading the port mappings () returned ok.
>>>>> Call to Loading port mappings XML () returned ok.
>>>>> Call to Validating the predefined port mappings XML () returned ok.
>>>>> Call to Reading the custom port mappings () returned ok.
>>>>> Loading port mapping XML
>>>>> Call to Validating the custom port mappings XML () returned ok.
>>>>> Call to CStingrayCommit::ValidatePortMappings () returned ok.
>>>>> Call to Validating port mappings () returned ok.
>>>>> CStingrayCommit::ValidateWebPublishingRules
>>>>> Call to Reading web publishing selection () returned ok.
>>>>> Call to Validating Web publishing selections () returned ok.
>>>>> Web publishing selections:
>>>>> OWA publishing: 1
>>>>> RUP publishing: 1
>>>>> Monitoring publishing: 0
>>>>> OMA publishing: 1
>>>>> RPC publishing: 1
>>>>> Sharepoint publishing: 0
>>>>> ROOT publishing: 1
>>>>> Call to CStingrayCommit::ValidateWebPublishingRules () returned ok.
>>>>> Call to Validating web publishing rules () returned ok.
>>>>> Call to CStingrayCommit::ValidatePropertyBag () returned ok.
>>>>>
>>>>> 1/28/2006 9:16 PM
>>>>> C:\Program Files\Microsoft Windows Small Business
>>>>> Server\Networking\ICW\wizcert.dll, version 5.2.2893.0
>>>>> Calling CCertCommit::ValidatePropertyBag
>>>>> Require SSL for OWA: 1
>>>>> Require SSL for Remote Portal: 1
>>>>> Require SSL for Monitoring: 0
>>>>> Require SSL for OMA: 0
>>>>> Require SSL for CompanyWeb: 0
>>>>> Require 128 Bit Encryption: 1
>>>>> Cert selection: -1
>>>>> CCertCommit::ValidatePropertyBag returned OK
>>>>>
>>>>> 1/28/2006 9:16 PM
>>>>> C:\Program Files\Microsoft Windows Small Business
>>>>> Server\Networking\ICW\wizemail.dll, version 5.2.2893.0
>>>>> calling CEmailCommit::ValidatePropertyBag ().
>>>>> calling pdispPPPBag->QueryInterface (IPropertyPagePropertyBag,
>>>>> 0x6e50c).
>>>>> Call to pdispPPPBag->QueryInterface () returned ok.
>>>>> calling ReadInt4 (0x25c838, DB5E5E45-3598-4F1D-8FF7-0ED35B9EB6A4).
>>>>> Call to ReadInt4 () returned ok.
>>>>> The out param of ReadInt4() is -1.
>>>>> calling CValidatePropertyUtil.ValidatePropertyInteger ().
>>>>> Call to CValidatePropertyUtil.ValidatePropertyInteger () returned ok.
>>>>> Call to CEMailCommit::ValidatePropertyBag () returned ok.
>>>>> calling CNetCommit::Commit (2476088).
>>>>> calling CNetCommit::ValidatePropertyBag ().
>>>>> Call to Querying for the property bag () returned ok.
>>>>> Property bag is not dirty, skipping validation
>>>>> calling CNetCommit::Common ().
>>>>> calling CNetCommit::GetLanNicInfo ().
>>>>> LAN NIC Guid: {E31F615D-A81A-4CD6-B43E-C29B6B7C2385}
>>>>> Call to Converting LAN NIC Guid () returned ok.
>>>>> Call to Getting IP address for the LAN NIC () returned ok.
>>>>> Call to Reading in the LAN NIC info () returned ok.
>>>>> Call to Fixing the TCP/IP NIC Binding order () returned ok.
>>>>> Dhcp server is installed and not disabled
>>>>> Call to Set DHCP Server to start up automatically () returned ok.
>>>>> DNS server is installed and not disabled
>>>>> Call to Changing startup type for DNS () returned ok.
>>>>> Call to Clearing DNS server entries on the LAN NIC () returned ok.
>>>>> Call to Setting DNS server IP for the LAN NIC () returned ok.
>>>>> Call to Resetting DNS recursion timeout () returned ok.
>>>>> Call to Resetting client dns query timouts in config.dat () returned
>>>>> ok.
>>>>> Call to DsGetDcName for local domain name () returned ok.
>>>>> calling CNetCommit::DoRouter ().
>>>>> Call to Converting external NIC guid () returned ok.
>>>>> Call to Clearing the default gateway on the LAN NIC () returned ok.
>>>>> Call to Clearing the default gateway on the external NIC () returned
>>>>> ok.
>>>>> Call to Setting default gateway on the external NIC () returned ok.
>>>>> Call to Setting DNS forwarders () returned ok.
>>>>> Call to Clearing DNS servers on the external NIC () returned ok.
>>>>> Call to Making sure external NIC points to the local DNS server ()
>>>>> returned ok.
>>>>> Call to GetLocalDomainName () returned ok.
>>>>> Call to Deleting the DNS record for the external NIC () returned ok.
>>>>> Call to Preparing DNS for DNS listener reset () returned ok.
>>>>> Call to Resetting DNS listeners () returned ok.
>>>>> Call to Disabling dns registration on the external NIC () returned ok.
>>>>> Call to Disabling services on the external NIC () returned ok.
>>>>> Call to Disabling NetBIOS for the external NIC () returned ok.
>>>>> URL to the router is http://I masked the ip
>>>>> Call to Adding routers IP address to the intranet zone () returned ok.
>>>>> Call to CNetCommit::DoRouter () returned ok.
>>>>> Call to Configuring for router connection () returned ok.
>>>>> calling ConfigureIE ().
>>>>> calling SetInternetOptions ((null), servername:8080, <local>).
>>>>> calling InternetSetOptionA (NULL,
>>>>> INTERNET_OPTION_PER_CONNECTION_OPTION).
>>>>> Call to InternetSetOptionA () returned ok.
>>>>> Call to SetInternetOptions () returned ok.
>>>>> calling InternetSetOption_AutodialConnection ().
>>>>> Call to InternetSetOption_AutodialConnection () returned ok.
>>>>> calling InternetSetOption_AutodialMode (1).
>>>>> Call to InternetSetOption_AutodialMode () returned ok.
>>>>> calling InternetSetOption_DisableAutodial (1).
>>>>> Call to InternetSetOption_DisableAutodial () returned ok.
>>>>> Call to ConfigureIE () returned ok.
>>>>> Call to Configuring IE for router connection () returned ok.
>>>>> Call to Notifying client setup for Default gateway as the SBS server
>>>>> () returned ok.
>>>>> Call to Initializing the Stingray util () returned ok.
>>>>> Call to Turning Stingray autodial off () returned ok.
>>>>> ISA2k Autodial rule does not exist, ignoring the error
>>>>> Call to CNetCommit::RemoveISA2kAutodialRule () returned ok.
>>>>> Call to Removing ISA autodial rule ROUTINGRULE_AUTODIAL () returned
>>>>> ok.
>>>>> ISA2k Autodial rule does not exist, ignoring the error
>>>>> Call to CNetCommit::RemoveISA2kAutodialRule () returned ok.
>>>>> Call to Removing ISA autodial rule ROUTINGRULE_INTERNALAUTODIAL ()
>>>>> returned ok.
>>>>> Call to CNetCommit::RemoveISA2kRelatedAutodialRules () returned ok.
>>>>> Call to Removing ISA2k related autodial rules () returned ok.
>>>>> calling RegisterMSBOExchangeBP (0).
>>>>> Error 0x1 returned from call to RegisterMSBOExchangeBP().
>>>>> Call to Unregistering the smtp sink () returned ok.
>>>>> Call to Initializing the Stingray util in CreateLANAccessRule ()
>>>>> returned ok.
>>>>> Call to Creating the protected networks access rule () returned ok.
>>>>> Call to Saving ISA2k4 changes () returned ok.
>>>>> Call to GetLocalDomainName () returned ok.
>>>>> Call to Reading in the local domain name () returned ok.
>>>>> Local Domain Name is: companyname.local
>>>>> Call to Enabling secure dynamic DNS updates () returned ok.
>>>>> Call to Disabling RoundRobin for DNS server () returned ok.
>>>>> Call to GetLocalDomainName () returned ok.
>>>>> Call to Configuring DHCP options () returned ok.
>>>>> Call to Disabling the RASUTO service () returned ok.
>>>>> Call to Configuring w32time parameters for fulltime () returned ok.
>>>>> Call to Configuring the time service () returned ok.
>>>>> Call to Notifying RWW for ISA () returned ok.
>>>>> Call to CNetCommit::Common () returned ok.
>>>>> Call to CNetCommit::Commit () returned ok.
>>>>> CStingrayCommit::CommitEx
>>>>> CStingrayCommit::ValidatePropertyBag
>>>>> Call to Querying for IPropertyPagePropertyBag () returned ok.
>>>>> Call to Initializing the StringrayUtil () returned ok.
>>>>> Call to Reading the firewall selection () returned ok.
>>>>> Firewall selection: 1
>>>>> CStingrayCommit::ValidateUpnpProperties
>>>>> Call to Reading the UPNP selection () returned ok.
>>>>> Skipping upnp validation
>>>>> Call to CStingrayCommit::ValidateUpnpProperties () returned ok.
>>>>> Call to Validating Upnp properties () returned ok.
>>>>> CStingrayCommit::ValidatePortMappings
>>>>> Call to Reading the port mappings () returned ok.
>>>>> Call to Loading port mappings XML () returned ok.
>>>>> Call to Validating the predefined port mappings XML () returned ok.
>>>>> Call to Reading the custom port mappings () returned ok.
>>>>> Loading port mapping XML
>>>>> Call to Validating the custom port mappings XML () returned ok.
>>>>> Call to CStingrayCommit::ValidatePortMappings () returned ok.
>>>>> Call to Validating port mappings () returned ok.
>>>>> CStingrayCommit::ValidateWebPublishingRules
>>>>> Call to Reading web publishing selection () returned ok.
>>>>> Call to Validating Web publishing selections () returned ok.
>>>>> Web publishing selections:
>>>>> OWA publishing: 1
>>>>> RUP publishing: 1
>>>>> Monitoring publishing: 0
>>>>> OMA publishing: 1
>>>>> RPC publishing: 1
>>>>> Sharepoint publishing: 0
>>>>> ROOT publishing: 1
>>>>> Call to CStingrayCommit::ValidateWebPublishingRules () returned ok.
>>>>> Call to Validating web publishing rules () returned ok.
>>>>> Call to CStingrayCommit::ValidatePropertyBag () returned ok.
>>>>> Call to Validating the property bag () returned ok.
>>>>> Call to Reading the guid for the LAN NIC () returned ok.
>>>>> Call to Getting the IP address for the LAN NIC () returned ok.
>>>>> Call to Getting the SM for the LAN NIC () returned ok.
>>>>> LAN NIC Info:
>>>>> Guid: {E31F615D-A81A-4CD6-B43E-C29B6B7C2385}
>>>>> IP: masked internal ip
>>>>> SM: 255.255.255.0
>>>>> Call to Removing RRAS NAT () returned ok.
>>>>> CStingrayCommit::DoGeneralConfiguration
>>>>> Call to Removing SBS access rules () returned ok.
>>>>> Call to SBS MS Update Access Rule () returned ok.
>>>>> Call to Creating SBS Internet Access Rule () returned ok.
>>>>> Call to Setting default logon domain for OMA () returned ok.
>>>>> Call to Configuring anonymous access for SBS dirs () returned ok.
>>>>> Call to Disabling auto discovery () returned ok.
>>>>> Call to Configuring IIS to listen only on the LAN () returned ok.
>>>>> Call to Setting local domain name () returned ok.
>>>>> Call to Disabling H323 application filter () returned ok.
>>>>> Call to Disabling active caching () returned ok.
>>>>> Call to Setting up web proxy listeners () returned ok.
>>>>> Call to CStingrayCommit::DoGeneralConfiguration () returned ok.
>>>>> Call to Doing general configuration () returned ok.
>>>>>
>>>>> 1/28/2006 9:17 PM
>>>>> Firewall Rule: SBS DHCP Client
>>>>> Cannot find the firewall rule, ignoring the error
>>>>> Firewall Rule: SBS HTTP 80 Out CustomFilter
>>>>> Cannot find the firewall rule, ignoring the error
>>>>> Firewall Rule: SBS FTP 20 In CustomFilter
>>>>> Cannot find the firewall rule, ignoring the error
>>>>> Firewall Rule: SBS FTP 20 Out CustomFilter
>>>>> Cannot find the firewall rule, ignoring the error
>>>>> Firewall Rule: SBS POP3 110 Out CustomFilter
>>>>> Cannot find the firewall rule, ignoring the error
>>>>> Firewall Rule: SBS NTP 123 Out CustomFilter
>>>>> Cannot find the firewall rule, ignoring the error
>>>>> Firewall Rule: SBS DnsLookupPredefinedType
>>>>> Cannot find the firewall rule, ignoring the error
>>>>> Firewall Rule: SBS IcmpPingQueryPredefinedType
>>>>> Cannot find the firewall rule, ignoring the error
>>>>> Firewall Rule: SBS IdentdPredefinedType
>>>>> Cannot find the firewall rule, ignoring the error
>>>>> Firewall Rule: SBS TS 3389 In CustomFilter
>>>>> Cannot find the firewall rule, ignoring the error
>>>>> Firewall Rule: SBS TS 3389 Out CustomFilter
>>>>> Cannot find the firewall rule, ignoring the error
>>>>> Firewall Rule: SBS PptpReceivePredefinedType
>>>>> Cannot find the firewall rule, ignoring the error
>>>>> Firewall Rule: SBS PptpCallPredefinedType
>>>>> Cannot find the firewall rule, ignoring the error
>>>>> Firewall Rule: SBS FTP 21 In CustomFilter
>>>>> Cannot find the firewall rule, ignoring the error
>>>>> Firewall Rule: SBS FTP 21 Out CustomFilter
>>>>> Cannot find the firewall rule, ignoring the error
>>>>> Firewall Rule: SBS SMTP 25 Out CustomFilter
>>>>> Cannot find the firewall rule, ignoring the error
>>>>> Firewall Rule: SBS SmtpPredefinedType
>>>>> Cannot find the firewall rule, ignoring the error
>>>>> Firewall Rule: SBS NNTP 119 Out CustomFilter
>>>>> Cannot find the firewall rule, ignoring the error
>>>>> Firewall Rule: SBS Remote Web Workplace CustomFilter
>>>>> Cannot find the firewall rule, ignoring the error
>>>>> Firewall Rule: SBS NTP 123 Out CustomFilter
>>>>> Cannot find the firewall rule, ignoring the error
>>>>> Firewall Rule: Small Business RPC over HTTP Publishing Rule
>>>>> Cannot find the firewall rule, ignoring the error
>>>>> Firewall Rule: Small Business Business Card Publishing Rule
>>>>> Cannot find the firewall rule, ignoring the error
>>>>> Firewall Rule: Small Business CompanyWeb Publishing Rule
>>>>> Cannot find the firewall rule, ignoring the error
>>>>> Firewall Rule: Small Business TSWEB Publishing Rule
>>>>> Cannot find the firewall rule, ignoring the error
>>>>> Firewall Rule: Small Business RUP Publishing Rule
>>>>> Cannot find the firewall rule, ignoring the error
>>>>> Firewall Rule: Small Business Monitoring Publishing Rule
>>>>> Cannot find the firewall rule, ignoring the error
>>>>> Firewall Rule: Small Business OMA Publishing Rule
>>>>> Cannot find the firewall rule, ignoring the error
>>>>> Firewall Rule: Small Business OWA Web Publishing Rule
>>>>> Cannot find the firewall rule, ignoring the error
>>>>> Firewall Rule: Small Business Web Publishing Rule
>>>>> Cannot find the firewall rule, ignoring the error
>>>>> Firewall Rule: Small Business Server All Users Protocol Rule
>>>>> Cannot find the firewall rule, ignoring the error
>>>>> Firewall Rule: Small Business Internet Access Protocol Rule
>>>>> Cannot find the firewall rule, ignoring the error
>>>>> Firewall Rule: Small Business Internet Access Protocol Rule 2
>>>>> Cannot find the firewall rule, ignoring the error
>>>>> Firewall Rule: Small Business Server Internet Access Site and Content
>>>>> Rule
>>>>> Cannot find the firewall rule, ignoring the error
>>>>> Firewall Rule: Small Business Server Internet Access Site and Content
>>>>> Rule 2
>>>>> Cannot find the firewall rule, ignoring the error
>>>>> Firewall Rule: Small Business Server All Users Site and Content Rule
>>>>> Cannot find the firewall rule, ignoring the error
>>>>> Call to Removing ISA2k related firewall rules () returned ok.
>>>>> Custom protocol name: SBS FTP 20 In CustomFilter
>>>>> Cannot find the custom protocol, ignoring the error
>>>>> Custom protocol name: SBS FTP 20 Out CustomFilter
>>>>> Cannot find the custom protocol, ignoring the error
>>>>> Custom protocol name: SBS NTP 123 Out CustomFilter
>>>>> Cannot find the custom protocol, ignoring the error
>>>>> Custom protocol name: SBS Remote Web Workplace CustomFilter
>>>>> Cannot find the custom protocol, ignoring the error
>>>>> Call to Removing ISA2k related custom protocols () returned ok.
>>>>> Call to Removing inbound access rule allowing anybody in () returned
>>>>> ok.
>>>>> Call to Removing inbound access rule allowing anybody out () returned
>>>>> ok.
>>>>> CStingrayCommit::CommitPortMappings
>>>>> CStringray::RemoveAllSpecialRules
>>>>> Call to Resetting the rule enumeration () returned ok.
>>>>> Call to MoveToNextSpecialRule () returned ok.
>>>>> Call to Getting the special rule info () returned ok.
>>>>> Removing the access rule SBS RWW Inbound Access Rule
>>>>> Call to Removing the access rule () returned ok.
>>>>> Call to MoveToNextSpecialRule () returned ok.
>>>>> Call to Getting the special rule info () returned ok.
>>>>> Removing the access rule SBS FTP Outbound Access Rule
>>>>> Call to Removing the access rule () returned ok.
>>>>> Call to MoveToNextSpecialRule () returned ok.
>>>>> Call to Getting the special rule info () returned ok.
>>>>> Removing the access rule SBS RDP Outbound Access Rule
>>>>> Call to Removing the access rule () returned ok.
>>>>> Call to MoveToNextSpecialRule () returned ok.
>>>>> Call to Getting the special rule info () returned ok.
>>>>> Removing the access rule SBS Smtp Server Access Rule
>>>>> Call to Removing the access rule () returned ok.
>>>>> Call to MoveToNextSpecialRule () returned ok.
>>>>> Call to Getting the special rule info () returned ok.
>>>>> Removing the access rule SBS POP3 Outbound Access Rule
>>>>> Call to Removing the access rule () returned ok.
>>>>> Call to MoveToNextSpecialRule () returned ok.
>>>>> Call to Getting the special rule info () returned ok.
>>>>> Removing the access rule SBS Localhost Dhcp Access Rule
>>>>> Call to Removing the access rule () returned ok.
>>>>> Call to MoveToNextSpecialRule () returned ok.
>>>>> Call to CStringray::RemoveAllSpecialRules () returned ok.
>>>>> Call to Removing all special firewall rules () returned ok.
>>>>> CStingrayCommit::CreateStandardPortMappings
>>>>> Call to Enabling the DHCP system policy () returned ok.
>>>>> Call to Enabling the CRL download system policy () returned ok.
>>>>> Call to Creating the DHCP access rule () returned ok.
>>>>> Call to Disabling ICMP () returned ok.
>>>>> Call to CStingrayCommit::CreateStandardPortMappings () returned ok.
>>>>> Call to Creating the standard filters () returned ok.
>>>>> CStingrayCommit::CreatePortMappingsFromXML
>>>>> Call to Resetting the port mapping list () returned ok.
>>>>> Call to Getting the number of port mappings () returned ok.
>>>>> Number of port mappings 5
>>>>> Call to Getting the next port mapping () returned ok.
>>>>> Call to Reading Port () returned ok.
>>>>> Call to Reading Protocol () returned ok.
>>>>> Call to Reading Direction () returned ok.
>>>>> Call to Validating TCP direction () returned ok.
>>>>> Call to Reading Enable () returned ok.
>>>>> Call to Getting the name for the predefined port mapping () returned
>>>>> ok.
>>>>> Call to Creating tcp port mapping protocol () returned ok.
>>>>> Call to Creating the outbound SMTP access rule () returned ok.
>>>>> Call to Creating the outbound POP3 access rule () returned ok.
>>>>> Call to Creating the outbound NNTP access rule () returned ok.
>>>>> Call to Handling predefined port mapping () returned ok.
>>>>> Creating access rule SBS Smtp Server Access Rule TCP 25 returned 0
>>>>> Call to Getting the next port mapping () returned ok.
>>>>> Call to Reading Port () returned ok.
>>>>> Call to Reading Protocol () returned ok.
>>>>> Call to Reading Direction () returned ok.
>>>>> Call to Validating TCP direction () returned ok.
>>>>> Call to Reading Enable () returned ok.
>>>>> Skipping the port mapping for Port 1723
>>>>> Call to Creating the outbound PPTP access rule () returned ok.
>>>>> Call to Handling predefined port mapping () returned ok.
>>>>> Call to Creating outbound PPTP access rule () returned ok.
>>>>> Call to Getting the next port mapping () returned ok.
>>>>> Call to Reading Port () returned ok.
>>>>> Call to Reading Protocol () returned ok.
>>>>> Call to Reading Direction () returned ok.
>>>>> Call to Validating TCP direction () returned ok.
>>>>> Call to Reading Enable () returned ok.
>>>>> Call to Getting the name for the predefined port mapping () returned
>>>>> ok.
>>>>> Call to Creating tcp port mapping protocol () returned ok.
>>>>> Call to Creating the outbound RDP access rule () returned ok.
>>>>> Call to Handling predefined port mapping () returned ok.
>>>>> Creating access rule SBS RDP Server Access Rule TCP 3389 returned 0
>>>>> Call to Getting the next port mapping () returned ok.
>>>>> Call to Reading Port () returned ok.
>>>>> Call to Reading Protocol () returned ok.
>>>>> Call to Reading Direction () returned ok.
>>>>> Call to Validating TCP direction () returned ok.
>>>>> Call to Reading Enable () returned ok.
>>>>> Call to Getting the name for the predefined port mapping () returned
>>>>> ok.
>>>>> Call to Creating tcp port mapping protocol () returned ok.
>>>>> Call to Creating the outbound FTP access rule () returned ok.
>>>>> Call to Handling predefined port mapping () returned ok.
>>>>> Creating access rule SBS FTP Server Access Rule TCP 21 returned 0
>>>>> Call to Getting the next port mapping () returned ok.
>>>>> Call to Reading Port () returned ok.
>>>>> Call to Reading Protocol () returned ok.
>>>>> Call to Reading Direction () returned ok.
>>>>> Call to Validating TCP direction () returned ok.
>>>>> Call to Reading Enable () returned ok.
>>>>> Skipping the port mapping for Port 80
>>>>> Call to CStingrayCommit::CreatePortMappingsFromXML () returned ok.
>>>>> Call to Creating predefined port mappings () returned ok.
>>>>> CStingrayCommit::CreatePortMappingsFromXML
>>>>> Call to Resetting the port mapping list () returned ok.
>>>>> Call to Getting the number of port mappings () returned ok.
>>>>> Number of port mappings 2
>>>>> Call to Getting the next port mapping () returned ok.
>>>>> Call to Reading Port () returned ok.
>>>>> Call to Reading Protocol () returned ok.
>>>>> Call to Reading Direction () returned ok.
>>>>> Call to Validating TCP direction () returned ok.
>>>>> Call to Reading Enable () returned ok.
>>>>> Call to Reading Name () returned ok.
>>>>> Call to Creating tcp port mapping protocol () returned ok.
>>>>> Creating access rule SBS RWW Inbound Access Rule TCP 1749 returned 0
>>>>> Call to Getting the next port mapping () returned ok.
>>>>> Call to Reading Port () returned ok.
>>>>> Call to Reading Protocol () returned ok.
>>>>> Call to Reading Direction () returned ok.
>>>>> Call to Validating TCP direction () returned ok.
>>>>> Call to Reading Enable () returned ok.
>>>>> Call to Getting the name for the predefined port mapping for RWW ()
>>>>> returned ok.
>>>>> Error 0x800700b7 returned from call to Creating tcp port mapping
>>>>> protocol().
>>>>> Error 0x800700b7 returned from call to
>>>>> CStingrayCommit::CreatePortMappingsFromXML().
>>>>> Error 0x800700b7 returned from call to Creating custom port
>>>>> mappings().
>>>>> Error 0x800700b7 returned from call to
>>>>> CStingrayCommit::CommitPortMappings().
>>>>> Error 0x800700b7 returned from call to Creating port mappings().
>>>>> Error 0x800700b7 returned from call to CStingrayCommit::CommitEx().
>>>>> Calling CCertCommit::CommitEx
>>>>> Calling CCertCommit::ValidatePropertyBag
>>>>> Require SSL for OWA: 1
>>>>> Require SSL for Remote Portal: 1
>>>>> Require SSL for Monitoring: 0
>>>>> Require SSL for OMA: 0
>>>>> Require SSL for CompanyWeb: 0
>>>>> Require 128 Bit Encryption: 1
>>>>> Cert selection: -1
>>>>> CCertCommit::ValidatePropertyBag returned OK
>>>>> Opening the cert store returned OK
>>>>> Reading the computer name returned OK
>>>>> Reading the fully qualified server name returned OK
>>>>> Reading web publishing selection returned OK
>>>>> Reading Sharepoint publishing value returned OK
>>>>> Sharepoint publishing: 0
>>>>> Initializing ISA2k4 Library returned OK
>>>>> *** Removing sharepoint publishing rule returned ERROR 80070002
>>>>> Rule not found, ignorning error and continuing.
>>>>> Removing Sbs CompanyWeb Listener returned OK
>>>>> Saving changes and restarting services returned OK
>>>>> Publishing CompanyWeb through ISA2k4 returned OK
>>>>> CCertCommit::EnableSSL returned OK
>>>>> CCertCommit::RequireSSL returned OK
>>>>> CCertCommit::NotifyRemoteUserPortal returned OK
>>>>> Reading the Internet Server Name returned OK
>>>>> Updating provisioning info returned OK
>>>>> Sending RUP intro mail returned OK
>>>>> CCertCommit::SaveUserSelections returned OK
>>>>> CCertCommit::CommitEx returned OK
>>>>> calling CEmailCommit::Commit (0xff4800).
>>>>> calling CEmailCommit::ValidatePropertyBag ().
>>>>> calling pdispPPPBag->QueryInterface (IPropertyPagePropertyBag,
>>>>> 0x6e488).
>>>>> Call to pdispPPPBag->QueryInterface () returned ok.
>>>>> calling ReadInt4 (0x25c838, DB5E5E45-3598-4F1D-8FF7-0ED35B9EB6A4).
>>>>> Call to ReadInt4 () returned ok.
>>>>> The out param of ReadInt4() is -1.
>>>>> calling CValidatePropertyUtil.ValidatePropertyInteger ().
>>>>> Call to CValidatePropertyUtil.ValidatePropertyInteger () returned ok.
>>>>> Call to CEMailCommit::ValidatePropertyBag () returned ok.
>>>>> calling pdispPPPBag->QueryInterface (IPropertyPagePropertyBag,
>>>>> 0x6e4f4).
>>>>> Call to pdispPPPBag->QueryInterface () returned ok.
>>>>> calling ReadInt4 (0x25c838, DB5E5E45-3598-4F1D-8FF7-0ED35B9EB6A4).
>>>>> Call to ReadInt4 () returned ok.
>>>>> The out param of ReadInt4() is -1.
>>>>> calling GetDomainAndControllerNames ().
>>>>> Call to GetDomainAndControllerNames () returned ok.
>>>>> calling GetOrganizationName (\\servername.companyname.local,
>>>>> DC=companyname,DC=local).
>>>>> Call to GetOrganizationName () returned ok.
>>>>> calling GetFirstAdministrativeGroup (\\servername.companyname.local,
>>>>> DC=companyname,DC=local, companyname).
>>>>> Call to GetFirstAdministrativeGroup () returned ok.
>>>>> calling GetFirstRoutingGroup (\\servername.companyname.local,
>>>>> DC=companyname,DC=local, companyname, first administrative group).
>>>>> Call to GetFirstRoutingGroup () returned ok.
>>>>> Call to SetCookieAuthentication () returned ok.
>>>>> Call to Enabling Wireless admin for OMA () returned ok.
>>>>> Call to Getting NETBIOS domain name () returned ok.
>>>>> NETBIOS domain name: companyname
>>>>> Call to Enabling NTLM on /public () returned ok.
>>>>> calling CommitPOP3 (0x25c838).
>>>>> Call to CommitPOP3 () returned ok.
>>>>> calling _SetRegInt4Value (HKEY_LOCAL_MACHINE,
>>>>> SOFTWARE\Microsoft\SmallBusinessServer\Connectivity\ICW,
>>>>> Last_MailOption_Exchange, -1).
>>>>> Ignoring return value from call to _SetRegInt4Value().
>>>>> Call to CEMailCommit::Commit () returned ok.
>>>>> calling GetBOConnector ().
>>>>> Call to GetBOConnector () returned ok.
>>>>> calling spADs->PutEx (ADS_PROPERTY_CLEAR,
>>>>> msExchSmtpOutboundSecurityPassword).
>>>>> Call to spADs->PutEx () returned ok.
>>>>> calling spADs->SetInfo ().
>>>>> Call to spADs->SetInfo () returned ok.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> "Merv Porter [SBS-MVP]" <mwport@xxxxxxxxxxxxxxxxxxx> wrote in message
>>>>> news:uMZUNkIJGHA.3100@xxxxxxxxxxxxxxxxxxxxxxx
>>>>>> Hi Mike,
>>>>>>
>>>>>> C:\Program Files\Microsoft Windows Small Business
>>>>>> Server\Support\icwlog.txt
>>>>>>
>>>>>>
>>>>>> You might want to first delete or rename icwlog.txt. This will allow
>>>>>> a fresh copy of the file to be created when you run CEICW. Then
>>>>>> re-run CEICW and post the resultant icwlog.txt file for us to look
>>>>>> at.
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Merv Porter [SBS MVP]
>>>>>> ===================================
>>>>>>
>>>>>> "MikeR" <research@xxxxxxxxxxxxxxxxxx> wrote in message
>>>>>> news:uRWWuXHJGHA.604@xxxxxxxxxxxxxxxxxxxxxxx
>>>>>>> Hi Merv,
>>>>>>>
>>>>>>> I ran it a week ago to be sure that OMA was enabled because I had an
>>>>>>> issue with a treo 700 not syncing with exchange. The odd thing about
>>>>>>> the first time I ran it was that it killed a few other things such
>>>>>>> as subfolder paths on the root website. Seems like it reverted to a
>>>>>>> "default" installation. It did not error out when I ran it a week
>>>>>>> ago though. All is forwarded fine from the router and I did select
>>>>>>> "enable firewall" and enabled the services that I want. It still
>>>>>>> finishes with errors when it gets to the firewall section. I don't
>>>>>>> use UPNP.
>>>>>>> Do you know of a method to determine an error code for the failure?
>>>>>>> Nothing appears in event viewer.
>>>>>>>
>>>>>>>
>>>>>>> "Merv Porter [SBS-MVP]" <mwport@xxxxxxxxxxxxxxxxxxx> wrote in
>>>>>>> message news:Ohs0FFGJGHA.500@xxxxxxxxxxxxxxxxxxxxxxx
>>>>>>>> OK, I gotta ask... Why did you run CEICW a week ago (what were you
>>>>>>>> adding or trying to fix)?
>>>>>>>>
>>>>>>>> When you ran CEICW, did you enable the firewall and select the
>>>>>>>> services you wanted to use?
>>>>>>>> Are ports 443 and 4125 forwarded from your router to your external
>>>>>>>> NIC? (I 'm assuming a 2 NIC + router network configuration).
>>>>>>>>
>>>>>>>> If you re-run CEICW now, does it finish with any errors or
>>>>>>>> messages?
>>>>>>>>
>>>>>>>> And don't use the UPNP setup feature if CEICW offers (set up the
>>>>>>>> port forwarding manually in the router).
>>>>>>>>
>>>>>>>> --
>>>>>>>> Merv Porter [SBS MVP]
>>>>>>>> ===================================
>>>>>>>>
>>>>>>>> "MikeR" <research@xxxxxxxxxxxxxxxxxx> wrote in message
>>>>>>>> news:et6au7FJGHA.668@xxxxxxxxxxxxxxxxxxxxxxx
>>>>>>>>> There are no error codes displayed anywhere that I can find. This
>>>>>>>>> is a
>>>>>>>>> server that has been and is running fine otherwise. The reason I
>>>>>>>>> am trying
>>>>>>>>> to run CEICW is that I ran through it a week ago and since then
>>>>>>>>> cannot
>>>>>>>>> access computers via RWW. This always worked before. The error I
>>>>>>>>> receive
>>>>>>>>> when attempting to logon to any local computer via RWW is: "the
>>>>>>>>> client could
>>>>>>>>> not connect to the remote computer. remote connections might not
>>>>>>>>> be enabled
>>>>>>>>> or the computer might be too bust to accept connections. it is
>>>>>>>>> also possible
>>>>>>>>> that network problems are preventing your connection....." This is
>>>>>>>>> not a
>>>>>>>>> permissions issue as I cannot even log on as an administrator via
>>>>>>>>> RWW. I can log on via rdp from any local system as any user so
>>>>>>>>> remote connections are enabled. I am thinking that when I
>>>>>>>>> initially ran through the CEICW something hosed a rule that
>>>>>>>>> allowed terminal service through RWW.
>>>>>>>>> I appreciate any ideas.
>>>>>>>>>
>>>>>>>>> Mike
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
.
- Follow-Ups:
- Re: CEICW fails at firewall config
- From: Jan
- Re: CEICW fails at firewall config
- From: MikeR
- Re: CEICW fails at firewall config
- References:
- CEICW fails at firewall config
- From: MikeR
- Re: CEICW fails at firewall config
- From: Merv Porter [SBS-MVP]
- Re: CEICW fails at firewall config
- From: MikeR
- Re: CEICW fails at firewall config
- From: Merv Porter [SBS-MVP]
- Re: CEICW fails at firewall config
- From: MikeR
- Re: CEICW fails at firewall config
- From: Merv Porter [SBS-MVP]
- Re: CEICW fails at firewall config
- From: MikeR
- Re: CEICW fails at firewall config
- From: Merv Porter [SBS-MVP]
- Re: CEICW fails at firewall config
- From: MikeR
- CEICW fails at firewall config
- Prev by Date: Re: SBS Server or Windows Server?
- Next by Date: Exchange Account Creation Problem....
- Previous by thread: Re: CEICW fails at firewall config
- Next by thread: Re: CEICW fails at firewall config
- Index(es):
Relevant Pages
|
