RE: Several Problems; how to reset security and troubleshoot serve
- From: v-yanniw@xxxxxxxxxxxxxxxxxxxx ("Jenny wu [MSFT]")
- Date: Thu, 20 Apr 2006 10:58:18 GMT
Hi Robert,
Thanks for posting back. I appreciate your time to the issue.
Could you tell me what your fax issue is and how you resolved it? You can
give me the issue link so that I can analyze it.
When you tried to launch the Remote assistance, what is error message you
received? Can you help me capture a screen shot of the symptom?
When you tried to open "Help and Support", what is the error message you
received? Can you help me capture a screen shot of the symptom?
Also please save the application, security and system logs to .evt files
and mail them to me for analyze.
Please compress all files and mail it to my working mailbox:
v-yanniw@xxxxxxxxxxxxx
Have a nice day!
Sincerely,
Jenny Wu
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
Thread-Topic: Several Problems; how to reset security and troubleshootserve
thread-index: AcZkA99CStGf+ZQ3Qia2N5kMI6ckVg==<cPNzJZsXGHA.6000@xxxxxxxxxxxxxxxxxxxxx>
X-WBNR-Posting-Host: 24.99.91.108
From: =?Utf-8?B?Um9iZXJ0IE96b25l?= <RobertOzone@xxxxxxxxxxxxxxxxxxxxxxxxx>
References: <C414EEC4-E7BE-4E62-97D8-2AE0C7896B5C@xxxxxxxxxxxxx>
Subject: RE: Several Problems; how to reset security and troubleshoot servedoing
Date: Wed, 19 Apr 2006 15:52:02 -0700
Lines: 351
Message-ID: <3E6E1B7A-7010-4B87-B49E-7234690F4225@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
Newsgroups: microsoft.public.windows.server.sbs
Path: TK2MSFTNGXA01.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:261702
NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
X-Tomcat-NG: microsoft.public.windows.server.sbs
Sorry it took so long to respond,
First of all thank you for the detailed response.
1.) On the SBS security settings ; I accept your response, but will ask is
there a utility pgm that resets portions of the settings back to default
settings? "the safe to do areas"
2.) On the Remote Assistance Issue I have check all of the settings as you
outlined everything is OK. I need to add that I think what you had me
was past the main issue. Let me explain further:had
From the SBS server I can not even launch the dialog to start the RemoteAssistance Offer from the Server Managment MMC, Alot of the settings you
me checking especially on the clients has to do with an offer beingnot
unsuccesful. I can even start an offer. I have also discovered that I can
launch "Help and Support" from the Start Menu either. They may be related.problem
What started me on the path of security problem was I had a simular
a while ago when I could not launch the FAX setup from the ServerManagement
Console. I was instructed to reset some security settings and wala itworked.
change
3.) On the browser problem I follow all of your instructions with no
in the result. here is the resultsyou requested.the
nbtstat -n
LAN Connection:
Node IpAddress: [192.168.16.2] Scope Id: []
NetBIOS Local Name Table
Name Type Status
---------------------------------------------
AICSBS2KSERVER <00> UNIQUE Registered
ALPHAINSULATION<00> GROUP Registered
ALPHAINSULATION<1C> GROUP Registered
AICSBS2KSERVER <20> UNIQUE Registered
ALPHAINSULATION<1B> UNIQUE Registered
ALPHAINSULATION<1E> GROUP Registered
AICSBS2KSERVER <03> UNIQUE Registered
ALPHAINSULATION<1D> UNIQUE Registered
..__MSBROWSE__.<01> GROUP Registered
AICSBS2KSERVER <01> UNIQUE Registered
ADMINISTRATOR <03> UNIQUE Registered
WAN Connection:
Node IpAddress: [69.15.216.18] Scope Id: []
No names in cache
E:\Documents and Settings\administrator.ALPHAINSULATION>nbtstat -r
NetBIOS Names Resolution and Registration Statistics
----------------------------------------------------
Resolved By Broadcast = 1
Resolved By Name Server = 506
Registered By Broadcast = 8
Registered By Name Server = 3
NetBIOS Names Resolved By Broadcast
---------------------------------------------
ALPHAINSULATION<1E>
""Jenny wu [MSFT]"" wrote:
Hi Robert,
Thanks for using the SBS newsgroup.
From your description, I understand that you have several problems on
onSBS server box. That is:
1. Remote Assistance does not work.
2. The SBS serve box does not show up in network browser.
3. The domain policy can not be deployed properly to client workstations.
If I am off base, please don't hesitate to let me know.
Let us focus the first issue first. Microsoft engineers can only focus
resetone issue per thread. we recommend you post different incidents in
different threads to keep the thread clean. In doing so, it will ensure
your issues are resolved an efficient and timely manner. Thanks for your
understanding!
Since the SBS server box is an DC, also there are many specific security
settings has been configured on the SBS server box, we can not easily
configuredthe security settings to default settings.
To the remote assistance issue, please refer to the following steps to
check your configurations and then test the issue again to see if it
resolved.
To configure the computer of the novice user to accept Remote Assistance
offers, you must make sure that the following requirements are met:
1. The Group Policy on the computer of the novice user must be
sameto enable Remote Assistance offers.
2. The computers of the novice and expert users must be members of the
needdomain or members of trusted domains.
3. Both computers must have Windows XP or Windows 2003 installed.
4. The expert user must be a member of the Local Administrators group on
the computer of the novice.
I. To configure the Group Policies for the Remote Assistance tool, you
groupsa list of expert users from which the computers of the novice users can
accept Remote Assistance offers. This list must contain Domain User
doand Domain User accounts.
II. Configure Offer Remote Assistance policy setting in XP workstation
1. Start the Microsoft Management Console (MMC) Group Policy snap-in. To
gpedit.msc.this, click Start, and then click Run. In the Open box, type:
oneThen, click OK.
2. In the Local Computer Policy\Computer Configuration\Administrative
Templates\System\Remote Assistance folder, locate and double-click Offer
Remote Assistance.
3. On the Offer Remote Assistance Properties dialog box, click Enable.
4. Select an option from the list to determine which of the following
actions the expert users can take
** View the computer of the novice user
** View and control the computer of the novice user
*Note: This setting is for the entire group that is listed. The Offer
Remote Assistance policy setting does not provide a mechanism that lets
secondgroup of users view the computer of the novice user, and also lets a
cangroup of users view and control the computer of the novice user. There
policybe only one expert group.
5. Click Show. The Show Contents dialog box opens.
6. Click Add to add the Domain Users and Domain User Groups.
7. Click OK to close the Show Contents dialog box, and then click OK to
close the Offer Remote Assistance Properties dialog box.
8. Quit the MMC Group Policy snap-in.
These policies are effective immediately. You do not have to restart the
computer.
***Important: Use caution when you populate the properties of the Offer
Remote Assistance Group Policy because you cannot verify the domain
accounts that you enter. We recommend that you extensively test this
setsetting before you perform a large policy roll out.
*Note: The Offer Remote Assistance policy is not available in Microsoft
Windows XP Home Edition.
*Note: Remote Assistance uses DCOM. In Windows XP and Windows 2003, the
DCOM entry is located in the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole
The String value of the DCOM entry is EnableDCOM = Y. If this value is
settings,to 'N' or if this value is missing, Remote Assistance will not work.
III. Configure Windows Firewall for offer-based Remote Assistance in XP
workstation
To update your Group Policy objects with the new Windows Firewall
thatfollow these steps:
1. Log on to your Window XP SP2-based computer as a member of the Domain
Administrators security group, of the Enterprise Administrators security
group, or of the Group Policy Creator Owners security group.
2. Click Start, click Run, type mmc, and then click OK.
3. On the File menu, click Add/Remove Snap-in, click the Standalone tab,
and then click Add.
4. In the Available Standalone Snap-ins list, click Group Policy Object
Editor, and then click Add.
5. In the Select Group Policy Object dialog box, click Browse.
6. In Browse for a Group Policy Object, click the Group Policy object
clickyou want to update with the new Windows Firewall settings, and then
andOK.
7. Click Finish to complete the Group Policy Wizard.
8. In the Add Standalone Snap-in dialog box, click Close.
9. In the Add/Remove Snap-in dialog box, click OK.
10. In the console tree, expand Computer Configuration, expand
Administrative Templates, expand Network, expand Network Connections,
Firewallthen click Windows Firewall.
11. Use the Group Policy Object Editor snap-in to locate Windows
gpedit.mscGroup Policy settings. To do this, click Start, click Run, type
Policyin the Open box, and then click OK.
*Note: The Group Policy settings are located in the following Group
remoteObject Editor folders:
o Computer Configuration/Administrative Templates/Network/Network
Connections/Windows Firewall
o Computer Configuration/Administrative Templates/Network/Network
Connections/Windows Firewall/ Domain Profile
o Computer Configuration/Administrative Templates/Network/Network
Connections/Windows Firewall/ Standard Profile
12. For each snap-in path that you located in step 11, add the following
entry to the Windows Firewall: Define port exceptions setting:
135:TCP:*:Enabled:Offer Remote Assistance
13. For each snap-in path, add the following entries to the Windows
Firewall: Define program exceptions setting:
o %WINDIR%\SYSTEM32\Sessmgr.exe:*:Enabled:Remote Assistance
o %WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe:*:Enabled:Offer Remote
Assistance
o %WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe:*:Enabled:Remote
Assistance - Windows Messenger and Voice
Then please test the issue again and let me know the result.
If the issue persists, please kindly help me collect some information to
isolate the issue:
1. What is the SBS version? Is it SBS 2003 or SBS 2003 SP1?
2. When you provide assistance to the remote client from the SBS server
box, what is symptom when you choose the specific client to provide
Haveassistance? Can you help me capture a screen shot of it?
3. Have you installed ISA on the SBS server box? What is the version?
service,you installed any hardware firewall/router outside the SBS server box?
==================================
To the network browser issue, please check the following settings:
I. Please double-check the Computer Browser services on the server:
1. Click Start -> Run, type Services.msc. Go to Computer Browser
formake sure it is started and set to startup automatically.
2. Open the Network Connection properties, go to Advanced tab, make sure
that the ICF is not enabled.
3. Make sure that no other Firewall application is running.
4. Restart the computer to see if the issue is resolved.
II. Please make sure that the NBT has been properly configured on the
Server and the clients.
1. On the SBS Server, open Network Connections and open the properties
Advanced.the local connection.
2. Double-click Internet Protocol (TCP/IP) from the list and click
been3. Click WINS tab and make sure that "Enable NetBIOS over TCP/IP" has
NetBIOSselected.
4. On the client computers, make sure that the "Default" or "Enable
capitalover TCP/IP" has been selected.
III. Clear cache on the clients.
1. On the client computers, open CMD prompt.
2. Run the "nbtstat -RR" (with no quotation marks and the RRs are
the nletters) command.
3. Run the "nbtstat -n" and "nbtstat -r" (with no quotation marks and
correspondingand r are in lower cases) command and post back with the output.
==================================
More information:
816585 HOW TO: Apply Predefined Security Templates in Windows Server 2003
http://support.microsoft.com/?id=816585
Overview of Remote Assistance in Windows XP
http://support.microsoft.com/kb/300546/EN-US/
Supported connection scenarios for Remote Assistance
http://support.microsoft.com/?id=301529
300692 Description of the Remote Assistance Connection Process
http://support.microsoft.com/?id=300692
Hope above information helps! I am happy to be of assistance to you and
look forward to your reply!
Have a nice day!
Sincerely,
Jenny Wu
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the
manner.newsgroups so that they can be resolved in an efficient and timely
theYou can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check
are"Notify me of replies" box to receive e-mail notifications when there
newsreader,any updates in your thread. When responding to posts via your
doingplease "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In
Pleaseso, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly.
rights.check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no
<RobertOzone@xxxxxxxxxxxxxxxxxxxxxxxxx>
--------------------
Thread-Topic: Several Problems; how to reset security and troubleshootserver
thread-index: AcZd5mlFkDAMKh2SQqmgZuDeeJ3NUw==
X-WBNR-Posting-Host: 24.99.91.108
From: =?Utf-8?B?Um9iZXJ0IE96b25l?=
knowSubject: Several Problems; how to reset security and troubleshoot serverserver
Date: Tue, 11 Apr 2006 21:06:01 -0700
Lines: 21
Message-ID: <C414EEC4-E7BE-4E62-97D8-2AE0C7896B5C@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
Newsgroups: microsoft.public.windows.server.sbs
Path: TK2MSFTNGXA01.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:259749
NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
X-Tomcat-NG: microsoft.public.windows.server.sbs
When I try to launch remote assistance from server management - client
computer nothing happens. I had a simular problem with the fax in the
management gui and microsoft support reset security on some selecteditems. I
am thinking this may be a simular problem.settings
I think there is a utility coomand that goes through the entire SBS
and sets the security settings to the original default. Does any body
itemof
this and how to use it?
I am also having problem where the server is not listing itself in the
browser table. I can call it explicitly \\sbsserver but it the only
gothat
does not show up in the network browser.
Lastly I am having some clients reporting unable to find domain during
processing of group policy, client logs on but policy processing is
terminated.
I am thinking this may all be related. Can anybody help guide me how to
about troubleshooting these issues?
Thank You in advance
.
- Follow-Ups:
- RE: Several Problems; how to reset security and troubleshoot serve
- From: Robert Ozone
- RE: Several Problems; how to reset security and troubleshoot serve
- References:
- RE: Several Problems; how to reset security and troubleshoot server
- From: "Jenny wu [MSFT]"
- RE: Several Problems; how to reset security and troubleshoot serve
- From: Robert Ozone
- RE: Several Problems; how to reset security and troubleshoot server
- Prev by Date: Re: One user can't use Outlook Client but OWA works fine
- Next by Date: Re: Authentication over VPN (Domain name issue?)
- Previous by thread: RE: Several Problems; how to reset security and troubleshoot serve
- Next by thread: RE: Several Problems; how to reset security and troubleshoot serve
- Index(es):
Relevant Pages
|
