Re: Server inaccessible
- From: Owen Williams [SBS MVP] <Owen@xxxxxxxxxxxxxxxxxx>
- Date: Thu, 7 Sep 2006 14:45:48 -0400
In article <1157642746.143624.252430@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
erik.r58c@xxxxxxxxx says...
OK, let me make sure I've got this right:
* You are running a 3rd-party firewall (F-Secure) on the workstations
only (not on the server). [With SBS2003 Standard, the only valid
firewall which you _may_ be running on the server is the RRAS Basic
Firewall, which should be configured by the CEICW.]
* The "Security Configuration Wizard" is also something you are running
on the workstations, right? Because there is no such thing which you
should be running on SBS2003. The Windows Server 2003 SP1 Security
Configuration Wizard is *only* intended to be run on plain Windows
Server 2003, *not* SBS2003. If you run it on SBS, all kinds of problems
can happen. With SBS, the SBS-specific wizards - like the CEICW -
handle security configuration.
If the preceding is the case:
As you surmised, you should not be running two firewalls on your
workstations because they can interfere with one another. You should
disable the F-Secure firewall and use the Windows Firewall, which is
managed centrally by GPO [generally the most easily managed approach]
-or- modify the "Small Business Server Windows Firewall" policy so
Windows Firewall is disabled and rely on the F-Secure firewall. [See
Computer Configuration | Administrative Templates | Network | Network
Connections | Windows Firewall | Domain Profile => Windows Firewall:
Protect all network connections.]
-- Owen Williams (SBS MVP)
A week before this happened F-Secure was upgraded from v.5.52 to 6.02,.
but I unloaded it on the workstations during all my testing the past
week and didn't think it would be a problem.
Today i ran the Security Configuration Wizard and immediately lost
contact to the Internet. The DNS had stopped passing request on to the
root servers. I then rolled back the settings but the DNS still had
problems. I also could not use remote desktop from the Internet, but
from the local client PCs it still worked.
I also updated the Intel 1000 CT network driver on the server. The old
one was from 2003. The clients was running realtek chips on the
motherboard (Shuttel PCs). No drivers was updated in months.
During all this rebooting I suddenly noticed that the client hadd
intermittent connection to the server when the server booted. It
managed to syncronise its documents for a short time and then lost
contact again.
This led me to look at det GPOs since they are aplied late in the boot
process. I have little experience with GPOs and ended up with disabling
all of them. Now I had some access although very slow.
I reenabled the Default Domain Controllers Policy and the Default
Domain Policy.
After the SCW problems I noticed that a lot of services was disabled
(inkluding the plug & play and event log services). Exchange was also
down and the services complained about dependecies when I tried to
start them. It would also not show the dependencies. This might be the
cause for the slowness.
I then changed all the disabled services to manual (excluding the ones
I obviously didn't need) and started everything. The DNS however got
stuck in a "Starting" state.
- Follow-Ups:
- Re: Server inaccessible
- From: Erik
- Re: Server inaccessible
- References:
- Server inaccessible
- From: Erik
- Re: Server inaccessible
- From: Owen Williams [SBS MVP]
- Re: Server inaccessible
- From: Erik
- Server inaccessible
- Prev by Date: Adding PC to SBS 2000 domain
- Next by Date: Re: Adding PC to SBS 2000 domain
- Previous by thread: Re: Server inaccessible
- Next by thread: Re: Server inaccessible
- Index(es):
Relevant Pages
|
