Re: is sbs2003 setting up my clients firewall, greyed out

I always recommend calling PSS when an issue is having that big an impact.

If a desktop is rejecting incoming connections, it seems like that would
hopefully be pretty easy to troubleshoot. Can the domain Administrator
account get in? If not, that rules out user-specific permissions (although
that could still be an issue later). Is the Terminal Services service
running? (You don't need an actual terminal server, but the service needs
to be running on the host PC). What's it logging when it rejects the
connection?


"D_tek" <Dtek@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:0E06305B-0F53-4944-8750-7C0851F0391D@xxxxxxxxxxxxxxxx
I tried connecting from another workstation and NO GO. I did check browse
to
see if any computers showed up under my domain but I got an error saying
my
domain doesn't contain any terminal servers. Since when did I need this.
I've
set up VPN to RD plenty of times and no problems. I really need help with
this and everyone is being great but I checked and double checked all the
workstations setting for RD and they are right. What else could it be???
I'm
going nuts on this and loosing my shirt in the process.

"Dave Nickason [SBS MVP]" wrote:

I would start by checking the settings on the desktop PC, and seeing if
you
can connect over RDP from another workstation on the LAN. If not, it's
definitely a problem on the client PC.

I use a similar configuration - remote users connect VPN, then RDP to
desktop PC. (I'm not using RWW for a variety of reasons relating mostly
to
legacy configuration that I'm working on replacing, but for yourself,
have
you considered that RWW might be a better option than VPN?). Anyway, I
don't have an answer but I do have a couple of suggestions.

I just ran into a situation where the user did not have the correct
permissions on the desktop PC. I had to add him in CP -> System ->
Remote.
You could look there and see if remote access is enabled and if the user
is
listed. FWIW, my user was getting a more specific error stating that he
did
not have the right to log in remotely, not the error you're seeing. I
don't
know what the error would be if remote access was denied altogether. By
the
way, the Remote screen indicates that enabling remote access
automatically
configures the Windows Firewall appropriately.

Some of this stuff gets configured with the add computer wizard, so if
this
computer was part of your domain pre-SBS 2003, that could explain it.
Anyway, go into the Remote tab and see what the settings look like. Make
sure the user is a member of Mobile Users and Remote Web Workplace Users.



"D_tek" <Dtek@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:2473A287-A53A-40A7-88E4-107AD04C0BB3@xxxxxxxxxxxxxxxx
the message I get is:
the client could not connect to the remote computer.
remote connections might not be enabled or the computer might be to
busy......
it is also possible that the network problems are preventing....
please try again later......

I gave local user admin rights to local machine, did all the
exceptions,
enabled RD.

It just doesn't make sense that I can VPN into my network and connect
via
RD
to the server but no clients. I've got to be missing something stupid.
I
basically log onto the vpn connection. then start RD and I'm into
server.
no
problems. when I RD to client machine I get the message above. No
errors
numbers to trace.

"Dave Nickason [SBS MVP]" wrote:

This is set in a group policy called "Small Business Server Windows
Firewall." I'm assuming you never messed with this policy and that
it's
in
its default configuration. If that's the case, I'd say that it's
almost
certainly not the cause of your inability to RDP to desktop PCs.
Probably
99% of the posters in this group use the default GPO settings for
Windows
Firewall, and if they were blocking RDP it would be a well known
issue.

Rather than messing with the GPO, how about logging the firewall's
activities? You can enable that on the workstation in CP - > Windows
Firewall -> Advanced. It creates a log C:\WINDOWS\pfirewall.log.

It's hard to tell what's going on since you didn't give specifics of
what
happens when you try to connect. I'd run the CEICW to make sure
you're
set
up with your preferred remote access settings. On the desktops, look
at
CP -> System -> Remote to check that the Remote Desktop settings are
correct. Make the user a local admin on the host machine temporarily
to
rule out security settings. Make sure the machines are not set to
sleep
or
hibernate. Check SBS and desktop PC logs for errors.

If you're still not getting in normally, please post back the exact
error
the user receives when attempting the connection.

BTW, there's a common sentiment that perimeter firewalls eliminate the
need
for Windows Firewall on the desktops. I disagree with that - what
about
when someone downloads some malware or brings it into your domain on a
USB
memory key? In that case, the perimeter firewall isn't even involved.


"D_tek" <Dtek@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F3211A6B-499E-41CE-BDFD-1603A96089C1@xxxxxxxxxxxxxxxx
have sbs2003, all clients running xp sp2, office 2003. also have
fortigate
firewall so am not worried about disabling xp firewall. I can VPN
into
the
server and RDC with no problems. But I have 2 clients who need to
RDC
from
home and am having issues with those connections.(fortigate is
configed
correctly) When I lok at the client machines the firewall cannot be
disabled,
it is greyed out. I would like to turn it off for troubleshooting
reasons.
I
have tryed locally and as DC admin. all still greyed out. Is this
something
the sbs2003 server is asigning to the client machines and can I stop
it.
any
help would be great thanks Ed









.

Relevant Pages

  • Re: Making DB changes as client... crazy??
    ... Database) and the connection drops, ... you and the client drops, the client machine keeps grinding away. ... being a direct remote guest that causes the most risk. ... actually a protection to you and the customer. ...
    (comp.databases.filemaker)
  • Re: probs. with remote desktop via Remote Web Workplace
    ... in order to allow a remote desktop connection to a client ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • Re: Vista PC cannot rdp via RWW to Servers
    ... I wasn't sure if you uninstalled Sophos or just the firewall. ... MS-MVP - Windows Desktop Experience: ... > Type the remote site url ... a window from remote connection> desktop ...
    (microsoft.public.windows.server.sbs)
  • Re: DCOM 10009 errors on SBS2008 with NAS
    ... ports on the client machines to allow remote management. ... there is no firewall on the NAS to begin with. ... NAS is not running windows and thus will not be able to process remote ...
    (microsoft.public.windows.server.sbs)
  • Re: is sbs2003 setting up my clients firewall, greyed out
    ... I tried connecting from another workstation and NO GO. ... You could look there and see if remote access is enabled and if the user is ... configures the Windows Firewall appropriately. ... the client could not connect to the remote computer. ...
    (microsoft.public.windows.server.sbs)