RE: Several Problems; how to reset security and troubleshoot server
- From: v-yanniw@xxxxxxxxxxxxxxxxxxxx ("Jenny wu [MSFT]")
- Date: Thu, 13 Apr 2006 06:48:33 GMT
Hi Robert,
Thanks for using the SBS newsgroup.
From your description, I understand that you have several problems on theSBS server box. That is:
1. Remote Assistance does not work.
2. The SBS serve box does not show up in network browser.
3. The domain policy can not be deployed properly to client workstations.
If I am off base, please don't hesitate to let me know.
Let us focus the first issue first. Microsoft engineers can only focus on
one issue per thread. we recommend you post different incidents in
different threads to keep the thread clean. In doing so, it will ensure
your issues are resolved an efficient and timely manner. Thanks for your
understanding!
Since the SBS server box is an DC, also there are many specific security
settings has been configured on the SBS server box, we can not easily reset
the security settings to default settings.
To the remote assistance issue, please refer to the following steps to
check your configurations and then test the issue again to see if it
resolved.
To configure the computer of the novice user to accept Remote Assistance
offers, you must make sure that the following requirements are met:
1. The Group Policy on the computer of the novice user must be configured
to enable Remote Assistance offers.
2. The computers of the novice and expert users must be members of the same
domain or members of trusted domains.
3. Both computers must have Windows XP or Windows 2003 installed.
4. The expert user must be a member of the Local Administrators group on
the computer of the novice.
I. To configure the Group Policies for the Remote Assistance tool, you need
a list of expert users from which the computers of the novice users can
accept Remote Assistance offers. This list must contain Domain User groups
and Domain User accounts.
II. Configure Offer Remote Assistance policy setting in XP workstation
1. Start the Microsoft Management Console (MMC) Group Policy snap-in. To do
this, click Start, and then click Run. In the Open box, type: gpedit.msc.
Then, click OK.
2. In the Local Computer Policy\Computer Configuration\Administrative
Templates\System\Remote Assistance folder, locate and double-click Offer
Remote Assistance.
3. On the Offer Remote Assistance Properties dialog box, click Enable.
4. Select an option from the list to determine which of the following
actions the expert users can take
** View the computer of the novice user
** View and control the computer of the novice user
*Note: This setting is for the entire group that is listed. The Offer
Remote Assistance policy setting does not provide a mechanism that lets one
group of users view the computer of the novice user, and also lets a second
group of users view and control the computer of the novice user. There can
be only one expert group.
5. Click Show. The Show Contents dialog box opens.
6. Click Add to add the Domain Users and Domain User Groups.
7. Click OK to close the Show Contents dialog box, and then click OK to
close the Offer Remote Assistance Properties dialog box.
8. Quit the MMC Group Policy snap-in.
These policies are effective immediately. You do not have to restart the
computer.
***Important: Use caution when you populate the properties of the Offer
Remote Assistance Group Policy because you cannot verify the domain
accounts that you enter. We recommend that you extensively test this policy
setting before you perform a large policy roll out.
*Note: The Offer Remote Assistance policy is not available in Microsoft
Windows XP Home Edition.
*Note: Remote Assistance uses DCOM. In Windows XP and Windows 2003, the
DCOM entry is located in the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole
The String value of the DCOM entry is EnableDCOM = Y. If this value is set
to 'N' or if this value is missing, Remote Assistance will not work.
III. Configure Windows Firewall for offer-based Remote Assistance in XP
workstation
To update your Group Policy objects with the new Windows Firewall settings,
follow these steps:
1. Log on to your Window XP SP2-based computer as a member of the Domain
Administrators security group, of the Enterprise Administrators security
group, or of the Group Policy Creator Owners security group.
2. Click Start, click Run, type mmc, and then click OK.
3. On the File menu, click Add/Remove Snap-in, click the Standalone tab,
and then click Add.
4. In the Available Standalone Snap-ins list, click Group Policy Object
Editor, and then click Add.
5. In the Select Group Policy Object dialog box, click Browse.
6. In Browse for a Group Policy Object, click the Group Policy object that
you want to update with the new Windows Firewall settings, and then click
OK.
7. Click Finish to complete the Group Policy Wizard.
8. In the Add Standalone Snap-in dialog box, click Close.
9. In the Add/Remove Snap-in dialog box, click OK.
10. In the console tree, expand Computer Configuration, expand
Administrative Templates, expand Network, expand Network Connections, and
then click Windows Firewall.
11. Use the Group Policy Object Editor snap-in to locate Windows Firewall
Group Policy settings. To do this, click Start, click Run, type gpedit.msc
in the Open box, and then click OK.
*Note: The Group Policy settings are located in the following Group Policy
Object Editor folders:
o Computer Configuration/Administrative Templates/Network/Network
Connections/Windows Firewall
o Computer Configuration/Administrative Templates/Network/Network
Connections/Windows Firewall/ Domain Profile
o Computer Configuration/Administrative Templates/Network/Network
Connections/Windows Firewall/ Standard Profile
12. For each snap-in path that you located in step 11, add the following
entry to the Windows Firewall: Define port exceptions setting:
135:TCP:*:Enabled:Offer Remote Assistance
13. For each snap-in path, add the following entries to the Windows
Firewall: Define program exceptions setting:
o %WINDIR%\SYSTEM32\Sessmgr.exe:*:Enabled:Remote Assistance
o %WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe:*:Enabled:Offer Remote
Assistance
o %WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe:*:Enabled:Remote
Assistance - Windows Messenger and Voice
Then please test the issue again and let me know the result.
If the issue persists, please kindly help me collect some information to
isolate the issue:
1. What is the SBS version? Is it SBS 2003 or SBS 2003 SP1?
2. When you provide assistance to the remote client from the SBS server
box, what is symptom when you choose the specific client to provide remote
assistance? Can you help me capture a screen shot of it?
3. Have you installed ISA on the SBS server box? What is the version? Have
you installed any hardware firewall/router outside the SBS server box?
==================================
To the network browser issue, please check the following settings:
I. Please double-check the Computer Browser services on the server:
1. Click Start -> Run, type Services.msc. Go to Computer Browser service,
make sure it is started and set to startup automatically.
2. Open the Network Connection properties, go to Advanced tab, make sure
that the ICF is not enabled.
3. Make sure that no other Firewall application is running.
4. Restart the computer to see if the issue is resolved.
II. Please make sure that the NBT has been properly configured on the
Server and the clients.
1. On the SBS Server, open Network Connections and open the properties for
the local connection.
2. Double-click Internet Protocol (TCP/IP) from the list and click Advanced.
3. Click WINS tab and make sure that "Enable NetBIOS over TCP/IP" has been
selected.
4. On the client computers, make sure that the "Default" or "Enable NetBIOS
over TCP/IP" has been selected.
III. Clear cache on the clients.
1. On the client computers, open CMD prompt.
2. Run the "nbtstat -RR" (with no quotation marks and the RRs are capital
letters) command.
3. Run the "nbtstat -n" and "nbtstat -r" (with no quotation marks and the n
and r are in lower cases) command and post back with the output.
==================================
More information:
816585 HOW TO: Apply Predefined Security Templates in Windows Server 2003
http://support.microsoft.com/?id=816585
Overview of Remote Assistance in Windows XP
http://support.microsoft.com/kb/300546/EN-US/
Supported connection scenarios for Remote Assistance
http://support.microsoft.com/?id=301529
300692 Description of the Remote Assistance Connection Process
http://support.microsoft.com/?id=300692
Hope above information helps! I am happy to be of assistance to you and
look forward to your reply!
Have a nice day!
Sincerely,
Jenny Wu
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
Thread-Topic: Several Problems; how to reset security and troubleshootserver
thread-index: AcZd5mlFkDAMKh2SQqmgZuDeeJ3NUw==server
X-WBNR-Posting-Host: 24.99.91.108
From: =?Utf-8?B?Um9iZXJ0IE96b25l?= <RobertOzone@xxxxxxxxxxxxxxxxxxxxxxxxx>
Subject: Several Problems; how to reset security and troubleshoot server
Date: Tue, 11 Apr 2006 21:06:01 -0700
Lines: 21
Message-ID: <C414EEC4-E7BE-4E62-97D8-2AE0C7896B5C@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
Newsgroups: microsoft.public.windows.server.sbs
Path: TK2MSFTNGXA01.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:259749
NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
X-Tomcat-NG: microsoft.public.windows.server.sbs
When I try to launch remote assistance from server management - client
computer nothing happens. I had a simular problem with the fax in the
management gui and microsoft support reset security on some selecteditems. I
am thinking this may be a simular problem.settings
I think there is a utility coomand that goes through the entire SBS
and sets the security settings to the original default. Does any body knowof
this and how to use it?that
I am also having problem where the server is not listing itself in the
browser table. I can call it explicitly \\sbsserver but it the only item
does not show up in the network browser.
Lastly I am having some clients reporting unable to find domain during
processing of group policy, client logs on but policy processing is
terminated.
I am thinking this may all be related. Can anybody help guide me how to go
about troubleshooting these issues?
Thank You in advance
.
- Follow-Ups:
- RE: Several Problems; how to reset security and troubleshoot serve
- From: Robert Ozone
- RE: Several Problems; how to reset security and troubleshoot serve
- Prev by Date: RE: How do I disable firewall on remote client?
- Next by Date: RE: REPOST - Site Design
- Previous by thread: Re: Performance Degrade after promote to DC
- Next by thread: RE: Several Problems; how to reset security and troubleshoot serve
- Index(es):
Relevant Pages
|
