Re: SBS Wireless policy

Owen wrote:
I have only two
choices here and both are labeled vortex.hellmouth.local. One has no
friendly name and has an issuer of the same. The other's friendly name
is vortexDC and issued by hellmouthCA (the name of the CA I chose on
the last reinstall. I'm now selecting the latter cert.

The latter cert sounds like the right one.

OK, that's the one selected in IAS.

When you ran the CEICW, did you enter "vortex.hellmouth.local" as the "Web
server name" on the "Web Server Certificate" page? Normally this should be the
public DNS (or public IP) for your server, to enable remote access, e.g.:

MyServer.PublicDomain.com

(It can be left blank if you don't support remote access.) Sounds like you
provided the private (internal) name instead. That's confusing (as you found)
but I don't think it will affect the wireless configuration as long as you
select the correct cert in IAS.

I actually didn't have a public domain name until recently, which is
why I entered the private one. I'm pretty sure in the CEICW I entered
vortex.hellmouth.local

Just so you know, my docs assume a "standard" SBS configuration, meaning the
wizards were used for all the basic setup. Most administrators tweak a few
things outside the wizards, but the rule of thumb is: If a wizard can do it,
use the wizard unless you REALLY know what you are doing _in_the_context_of_
_SBS_ (not plain Windows Server 2003).

Well, the only thing I had done before I released my mistake was create
computer accounts and users... but after realizing the 'right' way to
do it, I deleted the computer account and used the wizard +
connectComputer site to join the domain (and have company web as my
homepage now). This was all before I attempted this setup though. Are
there wizards for DNS and DHCP, as I have been configuring that
'manually.' My SBS 2003 Unleased book arrived today, I will read
through that cover to cover.

I believe Small Business Remote Access Policy is added by running the Remote
Access Wizard (which configures VPN). I did run that even though I don't use
VPN on my server (except for testing).

I told it not to setup VPN; perhaps I should?

Advanced tab:
Name Vendor Value
Ignore-User-Dialin-Properties Microsoft True
Service-type RADIUS Standard Framed
Termination-Action RADIUS Standard RADIUS-Request

Interesting, I had deleted the policy and recreated it per your
docment, but only had the Service-type setting. I have now added the
other settings.

Hmmm ... this could be significant! I'm glad you added the other settings.

Alas, it seems not to have worked..

I even had the No encryption checked, I have unchecked it.

Yeah, I believe "No encryption" is checked by default, and wireless access
should work with it checked. But leaving it checked (in theory) permits an
unencrypted connection which sort of defeats our purpose here! 8-)

Agreed but I thought I'd leave it at unencptyed until I got the
connection up and running ;-)

Certificate issued to: <yourSBS>.<yourdomain>.<yourTLD>
Friendly name: <may be blank>
Issuer: <your certificate authority>
Expiration date: <some time in the future>

Again, this is the cert we created (vortexDC issued by hellmouthCA).

Sounds like the right cert.

Hmm.. I guess I'll have to double check, because I'm back to the same
errors.

I deleted all the certs from the laptop, and am attempting to get them
refreshed from GP or auto-enrollment. It had some of the old certs
from previous attempts, and I thought it might be confusing things..

.

Relevant Pages

  • Re: SBS Wireless policy
    ... The latter cert sounds like the right one. ... server name" on the "Web Server Certificate" page? ... public DNS for your server, to enable remote access, e.g.: ... outside of the wizards before I knew it was a no-no. ...
    (microsoft.public.windows.server.sbs)
  • Re: Setting up a VPN
    ... If you can't connect with a PC outside the domain Routing and Remote Access ... some more information - we have a SBS 2003 and 2 internal scanners on ... I proceeded to run the Routing and Remote Access wizard in Server ... was working correctly before i ran the two wizards). ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS2003 "Built In" Firewall
    ... There are a few things that must be done to enable remote access to a SBS ... All of them are driven by the wizards. ... necessary ports are open on the router and forwarded to the SBS server WAN ...
    (microsoft.public.windows.server.sbs)
  • RE: IIS Key pairs (how to export an IIS 4.0 self-issued Root CA a nd import into new IIS 4.0 box)
    ... it prompts the user for what client cert they want to use to connect to the ... it issues client certificates to the end users. ... Step I - Installing the New Server ... Install NT SP 3 ONLY ...
    (Focus-Microsoft)
  • Re: Configure RWW using Single NIC and Static IP
    ... rather than using the wizards. ... the RWW using a Static IP as opposed to an FQDN. ... Just enabling RWW from the Internet certainly ... Users section in the Server Management window. ...
    (microsoft.public.windows.server.sbs)
Loading