RE: TELNET connection failure
- From: Richard Dill <RichardDill@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 7 Dec 2006 03:59:00 -0800
Thank you for the reply. I finally figured out that I needed to put the
Telnet enabling protocol filter ahead of the SBS Internet Access entry. That
ISA filter was blocking the Telnet access.
"Terence Liu [MSFT]" wrote:
Hello Richard,.
Thank you for posting here.
According to your description, I understand that you cannot telnet external
server behind ISA. If I have misunderstood the problem, please don't
hesitate to let me know.
First, I recommend you to use the CEICW wizard to configure the SBS server
network:
825763 How to configure Internet access in Windows Small Business Server
2003
http://support.microsoft.com/?id=825763
Based on my research, the ISA firewall client will have this problem. I
suggest we try the following steps to change client to SecureNAT see if we
can resolve this issue:
1. Disable the ISA firewall client on client.
2. Then, make the client Default Gateway points to the internal address of
the ISA server
If the issue persists, please kindly help me collect some information for
further investigation:
1. Can you telnet external from ISA server?
2. Please help to gather the ISA Info:
1) Download the file from the following URL:
http://www.isatools.org/tools/isainfo.zip
2) Extract all files to a folder on ISA server.
3) Double click Isainfo.js. This will generate 2 files
ISAInfo2004-<computer-name>.log and ISAInfo2004-<computer-name>.xml in the
current folder.
4) Please send these files to me at v-terliu@xxxxxxxxxxxxx
3. Please follow the link and download and run the Microsoft Internet
Security and Acceleration (ISA) Server 2004 Best Practices Analyzer Tool
and then send me the results
http://www.microsoft.com/downloads/details.aspx?FamilyId=D22EC2B9-4CD3-4BB6-
91EC-0829E5F84063&displaylang=en
4. Please also help to gather the ISA logs:
1) Schedule a down time.
2) Open ISA 2004 management console.
3) Expand the server node and highlight 'Monitoring'.
4) In the right pane, switch to the 'Logging' tab, make sure the 'Task
Pane' is showed there.
5) In the 'Task Pane', click 'Configure Firewall Logging' under 'Logging
Tasks', and then switch the 'log storage format' from 'MSDE database'
(default) to 'File'.
6) Switch to the 'Fields' tab, click 'Select All', and then click OK.
7) In the 'Task Pane', click 'Configure Web Proxy Logging' under 'Logging
Tasks', and then switch the 'log storage format' from 'MSDE database'
(default) to 'File'.
8) Switch to the 'Fields' tab, click 'Select All', and then click OK.
9) Click 'Apply' to save changes and update the configuration.
10) Temporarily disable the Firewall service. To do that, please click
Monitoring | Services tab, and then right click 'Microsoft Firewall' to
choose 'Stop'.
11) Clear the current existing W3C logs. To do that, go to the log saving
directory and clean any existing .W3C logs. By default, the logs will be
saved to 'C:\Program Files\Microsoft ISA Server\ISALogs'. (Some MDF may not
be able to deleted, that's normal.) You may backup them first and then
delete them.
12) Go back to the ISA 2004 management console, and then Start the stopped
'Microsoft Firewall' service.
13) Reproduce the problem, stop the service, and then gather the resulting
W3C files to me for analysis.
14) Please also let me know the IP address of the testing clients so that I
can filter the data.
Hope these steps will give you some help.
Thanks and have a nice day!
Best regards,
Terence Liu(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: TELNET connection failure
| thread-index: AccZbcKJSAasOiByQTa6rTCjuXq93Q==
| X-WBNR-Posting-Host: 207.115.77.187
| From: =?Utf-8?B?UmljaGFyZCBEaWxs?= <RichardDill@xxxxxxxxxxxxxxxxxxxxxxxxx>
| Subject: TELNET connection failure
| Date: Wed, 6 Dec 2006 11:36:00 -0800
| Lines: 16
| Message-ID: <AFE6A755-310F-499E-8C12-DF6B41BAD7AD@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757
| Newsgroups: microsoft.public.windows.server.sbs
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:2222
| NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Just finished a major upgrade and migration from SBS 2000 to SBS 2003 R2
PRO.
|
| We are now unable to use TELNET to connect to some external servers. I
have
| tried making some changes to the ISA configuration, searched through the
| Knowledgebase and the WEB in general and cannot figure out how to make
this
| work. I am able to TELNET to an outside server using port 25 but when I
try
| using the default (port 23) the connection fails. Using PORTQRY shows
that
| the error is "No rout to host" so I figure ISA must be blocking this for
some
| reason. I am able to telnet to the servers from a system on a different
| network that doesn;t go through the SBS server so I know the host side is
| working.
|
| Is there a Security Group that I don't know about for TELNET use or is it
| something else?
|
| Any help on this is appreciated.
|
- Follow-Ups:
- RE: TELNET connection failure
- From: Terence Liu [MSFT]
- RE: TELNET connection failure
- References:
- RE: TELNET connection failure
- From: Terence Liu [MSFT]
- RE: TELNET connection failure
- Prev by Date: Re: 5.7.1 Relaying not allowed NDR
- Next by Date: Re: CALs and languages
- Previous by thread: RE: TELNET connection failure
- Next by thread: RE: TELNET connection failure
- Index(es):
Relevant Pages
|
