Re: is sbs2003 setting up my clients firewall, greyed out
- From: "D_tek" <Dtek@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sat, 18 Feb 2006 12:51:29 -0800
I tried connecting from another workstation and NO GO. I did check browse to
see if any computers showed up under my domain but I got an error saying my
domain doesn't contain any terminal servers. Since when did I need this. I've
set up VPN to RD plenty of times and no problems. I really need help with
this and everyone is being great but I checked and double checked all the
workstations setting for RD and they are right. What else could it be??? I'm
going nuts on this and loosing my shirt in the process.
"Dave Nickason [SBS MVP]" wrote:
I would start by checking the settings on the desktop PC, and seeing if you.
can connect over RDP from another workstation on the LAN. If not, it's
definitely a problem on the client PC.
I use a similar configuration - remote users connect VPN, then RDP to
desktop PC. (I'm not using RWW for a variety of reasons relating mostly to
legacy configuration that I'm working on replacing, but for yourself, have
you considered that RWW might be a better option than VPN?). Anyway, I
don't have an answer but I do have a couple of suggestions.
I just ran into a situation where the user did not have the correct
permissions on the desktop PC. I had to add him in CP -> System -> Remote.
You could look there and see if remote access is enabled and if the user is
listed. FWIW, my user was getting a more specific error stating that he did
not have the right to log in remotely, not the error you're seeing. I don't
know what the error would be if remote access was denied altogether. By the
way, the Remote screen indicates that enabling remote access automatically
configures the Windows Firewall appropriately.
Some of this stuff gets configured with the add computer wizard, so if this
computer was part of your domain pre-SBS 2003, that could explain it.
Anyway, go into the Remote tab and see what the settings look like. Make
sure the user is a member of Mobile Users and Remote Web Workplace Users.
"D_tek" <Dtek@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:2473A287-A53A-40A7-88E4-107AD04C0BB3@xxxxxxxxxxxxxxxx
the message I get is:
the client could not connect to the remote computer.
remote connections might not be enabled or the computer might be to
busy......
it is also possible that the network problems are preventing....
please try again later......
I gave local user admin rights to local machine, did all the exceptions,
enabled RD.
It just doesn't make sense that I can VPN into my network and connect via
RD
to the server but no clients. I've got to be missing something stupid. I
basically log onto the vpn connection. then start RD and I'm into server.
no
problems. when I RD to client machine I get the message above. No errors
numbers to trace.
"Dave Nickason [SBS MVP]" wrote:
This is set in a group policy called "Small Business Server Windows
Firewall." I'm assuming you never messed with this policy and that it's
in
its default configuration. If that's the case, I'd say that it's almost
certainly not the cause of your inability to RDP to desktop PCs.
Probably
99% of the posters in this group use the default GPO settings for Windows
Firewall, and if they were blocking RDP it would be a well known issue.
Rather than messing with the GPO, how about logging the firewall's
activities? You can enable that on the workstation in CP - > Windows
Firewall -> Advanced. It creates a log C:\WINDOWS\pfirewall.log.
It's hard to tell what's going on since you didn't give specifics of what
happens when you try to connect. I'd run the CEICW to make sure you're
set
up with your preferred remote access settings. On the desktops, look at
CP -> System -> Remote to check that the Remote Desktop settings are
correct. Make the user a local admin on the host machine temporarily to
rule out security settings. Make sure the machines are not set to sleep
or
hibernate. Check SBS and desktop PC logs for errors.
If you're still not getting in normally, please post back the exact error
the user receives when attempting the connection.
BTW, there's a common sentiment that perimeter firewalls eliminate the
need
for Windows Firewall on the desktops. I disagree with that - what about
when someone downloads some malware or brings it into your domain on a
USB
memory key? In that case, the perimeter firewall isn't even involved.
"D_tek" <Dtek@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F3211A6B-499E-41CE-BDFD-1603A96089C1@xxxxxxxxxxxxxxxx
have sbs2003, all clients running xp sp2, office 2003. also have
fortigate
firewall so am not worried about disabling xp firewall. I can VPN into
the
server and RDC with no problems. But I have 2 clients who need to RDC
from
home and am having issues with those connections.(fortigate is configed
correctly) When I lok at the client machines the firewall cannot be
disabled,
it is greyed out. I would like to turn it off for troubleshooting
reasons.
I
have tryed locally and as DC admin. all still greyed out. Is this
something
the sbs2003 server is asigning to the client machines and can I stop
it.
any
help would be great thanks Ed
- Follow-Ups:
- Re: is sbs2003 setting up my clients firewall, greyed out
- From: Dave Nickason [SBS MVP]
- Re: is sbs2003 setting up my clients firewall, greyed out
- References:
- Re: is sbs2003 setting up my clients firewall, greyed out
- From: Dave Nickason [SBS MVP]
- Re: is sbs2003 setting up my clients firewall, greyed out
- From: Dave Nickason [SBS MVP]
- Re: is sbs2003 setting up my clients firewall, greyed out
- Prev by Date: Re: SBS 2003 R2 - Expanded client access license (CAL) rights?
- Next by Date: Re: Outlook 2003
- Previous by thread: Re: is sbs2003 setting up my clients firewall, greyed out
- Next by thread: Re: is sbs2003 setting up my clients firewall, greyed out
- Index(es):
Relevant Pages
|
|
