Re: RWW - Can't login

Problem Solved.

I did't realise there was an RWW security group. I've never had to add
anyone to this group on the previous 6 SBS 2003 Standard servers that I have
installed and it just worked. Must be a difference between Standard and
Premium and ISA.

Thanks,
Lester

"Terence Liu [MSFT]" <v-terliu@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:RawqN%23mKHHA.2080@xxxxxxxxxxxxxxxxxxxxxxxxx
Hello Lester,

Thank you for kind update.

Based on my research, I suggest that we try the following steps to see if
the problem can be resolved:

Modify Internet Access Rule in ISA server

1. Click Start, point to All Programs, point to Microsoft ISA Server, and
then click ISA Server Management.

2. In the Microsoft Internet Security and Acceleration Server 2004
console,
expand YourServerName , and then click Firewall Policy.

3. In the center pane, find a policy named SBS Internet Access Rule,
double-click it.

4. Click Users tap in SBS Internet Access Rule Properties window,
highlight
SBS Internet Users and click Remove button, then click Add button and
double-click All Users

5. Click OK, then click Apply button to save and apply the new
configuration.

If the issue persists, please kindly help me collect some information for
further investigation:

1. Do the clients logon SBS domain when they access Internet?

2. Do all clients have the same issue?

3. Please help to gather the ISA Info:

1) Download the file from the following URL:

http://www.isatools.org/tools/isainfo.zip

2) Extract all files to a folder on ISA server.

3) Double click Isainfo.js. This will generate 2 files
ISAInfo2004-<computer-name>.log and ISAInfo2004-<computer-name>.xml in the
current folder.

4) Please send these files to me at v-terliu@xxxxxxxxxxxxx

4. Please follow the link and download and run the Microsoft Internet
Security and Acceleration (ISA) Server 2004 Best Practices Analyzer Tool
and then send me the results

http://www.microsoft.com/downloads/details.aspx?FamilyId=D22EC2B9-4CD3-4BB6-
91EC-0829E5F84063&displaylang=en

5. Please also help to gather the ISA logs:

1) Schedule a down time.

2) Open ISA 2004 management console.

3) Expand the server node and highlight 'Monitoring'.

4) In the right pane, switch to the 'Logging' tab, make sure the 'Task
Pane' is showed there.

5) In the 'Task Pane', click 'Configure Firewall Logging' under 'Logging
Tasks', and then switch the 'log storage format' from 'MSDE database'
(default) to 'File'.

6) Switch to the 'Fields' tab, click 'Select All', and then click OK.

7) In the 'Task Pane', click 'Configure Web Proxy Logging' under 'Logging
Tasks', and then switch the 'log storage format' from 'MSDE database'
(default) to 'File'.

8) Switch to the 'Fields' tab, click 'Select All', and then click OK.

9) Click 'Apply' to save changes and update the configuration.

10) Temporarily disable the Firewall service. To do that, please click
Monitoring | Services tab, and then right click 'Microsoft Firewall' to
choose 'Stop'.

11) Clear the current existing W3C logs. To do that, go to the log saving
directory and clean any existing .W3C logs. By default, the logs will be
saved to 'C:\Program Files\Microsoft ISA Server\ISALogs'. (Some MDF may
not
be able to deleted, that's normal.) You may backup them first and then
delete them.

12) Go back to the ISA 2004 management console, and then Start the stopped
'Microsoft Firewall' service.

13) Reproduce the problem, stop the service, and then gather the resulting
W3C files to me for analysis.

14) Please also let me know the IP address of the testing clients so that
I
can filter the data.

Hope these steps will give you some help.

Thanks and have a nice day!

Best regards,

Terence Liu(MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check
the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In
doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no
rights.

--------------------
| From: "Lester Bennett" <lbennett@xxxxxxxxxxxxx>
| References: <eefJLY7JHHA.4376@xxxxxxxxxxxxxxxxxxxx>
<OmIsEo7JHHA.3952@xxxxxxxxxxxxxxxxxxxx> <surveysimon.2jcks5@xxxxxxxxxxxxx>
<eG3tQ8JKHHA.3936@xxxxxxxxxxxxxxxxxxxx>
<uxzVhgLKHHA.3552@xxxxxxxxxxxxxxxxxxxx>
<Oj#kEYYKHHA.4712@xxxxxxxxxxxxxxxxxxxx>
<TfN7VmZKHHA.4020@xxxxxxxxxxxxxxxxxxxxxx>
| Subject: Re: RWW - Can't login
| Date: Thu, 28 Dec 2006 06:13:56 +1000
| Lines: 203
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.3028
| X-RFC2646: Format=Flowed; Original
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028
| Message-ID: <#mO2IOfKHHA.4384@xxxxxxxxxxxxxxxxxxxx>
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: dsl-202-173-151-92.qld.westnet.com.au 202.173.151.92
| Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP03.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:6759
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Hi Terence,
|
| Thank you for your input with these problems.
| I have already performed steps 1, 2 and 3 a number of times.
| I checked the Web Proxy settings for Internal Network as you described
in
| step 4 and they were already set as you described but I still can't
browse
| the internet from an Internal client computer.
|
| What should I try next? Uninstall ISA 2004 and rerun CEICW and see if
the
| client PCs can browse the internet?
|
| Regards,
| Lester
|
| "Terence Liu [MSFT]" <v-terliu@xxxxxxxxxxxxxxxxxxxx> wrote in message
| news:TfN7VmZKHHA.4020@xxxxxxxxxxxxxxxxxxxxxxxxx
| > Hello Lester,
| >
| > Thank you for posting here.
| >
| > According to your description, I understand that one client can not
access
| > Internet, you can not log on RWW for a not administrator account, you
get
| > error when you click Protocols tap of access rule in ISA. If I have
| > misunderstood the problem, please don't hesitate to let me know.
| >
| > Based on my research, I suggest we try the following steps to see if
we
| > can
| > resolve this issue:
| >
| > Step 1: For client can not access Internet
| >
| > 1. Ensure your SBS 2003 server have right network configuration. Go
| > through
| > the follow KB and Rerun CEICW again carefully.
| >
| > How to configure Internet access in Windows Small Business Server 2003
| > http://support.microsoft.com/kb/825763/en-us
| >
| > Note: Please never select Do Not Change¡­ we have to complete
reconfigure
| > network.
| >
| > 2. Instill ISA firewall client: access \\SBSServerName\mspclnt,
| > double-click setup.exe to install the firewall client
| >
| > 3. Ensure IE proxy settings
| >
| > Please open Internet Explorer -> Internet Options -> Connections
tab ->
| > LAN
| > settings -> Input the ISA server as the proxy server and input correct
| > proxy port defined on ISA server, by default it is 8080 on SBS 2k3.
| >
| > 4. Ensure proxy settings in ISA
| >
| > a. Please open ISA 2004 console, extend Configuration->Networks
| >
| > b. Click Networks tap in middle pane, double-click Internal
| >
| > c. Click Web Proxy tab, tick Enable Web Proxy clients and Enable HTTP,
| > then
| > input 8080 behind HTTP port.
| >
| > d. Click OK, then click Apply button to save configuration.
| >
| > Step 2: For get error when click Protocols tap of access rule
| >
| > Please download ISA server 2004 sp2 and install it
| >
| > Microsoft Internet Security and Acceleration (ISA) Server 2004
Standard
| > Edition Service Pack 2
| >
http://www.microsoft.com/downloads/details.aspx?familyid=88350ABA-D09E-44B5-
| > 8002-96590ABFA148&displaylang=en
| >
| > Step 3: For not log on RWW for a not administrator account
| >
| > By default, only Administrator and SBS Remote Operators group can
connect
| > RWW to SBS server, you can add the account to group Remote Operators
| > (ADUC->domain.local->MyBusiness->Security Groups)
| >
| > Hope these steps will give you some help.
| >
| > Thanks and have a nice day!
| >
| > Best regards,
| >
| > Terence Liu(MSFT)
| >
| > Microsoft CSS Online Newsgroup Support
| >
| > Get Secure! - www.microsoft.com/security
| >
| > =====================================================
| > This newsgroup only focuses on SBS technical issues. If you have
issues
| > regarding other Microsoft products, you'd better post in the
corresponding
| > newsgroups so that they can be resolved in an efficient and timely
manner.
| > You can locate the newsgroup here:
| > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| >
| > When opening a new thread via the web interface, we recommend you
check
| > the
| > "Notify me of replies" box to receive e-mail notifications when there
are
| > any updates in your thread. When responding to posts via your
newsreader,
| > please "Reply to Group" so that others may learn and benefit from your
| > issue.
| >
| > Microsoft engineers can only focus on one issue per thread. Although
we
| > provide other information for your reference, we recommend you post
| > different incidents in different threads to keep the thread clean. In
| > doing
| > so, it will ensure your issues are resolved in a timely manner.
| >
| > For urgent issues, you may want to contact Microsoft CSS directly.
Please
| > check http://support.microsoft.com for regional support phone numbers.
| >
| > Any input or comments in this thread are highly appreciated.
| > =====================================================
| >
| > This posting is provided "AS IS" with no warranties, and confers no
| > rights.
| >
| > --------------------
| > | From: "Lester Bennett" <lbennett@xxxxxxxxxxxxx>
| > | References: <eefJLY7JHHA.4376@xxxxxxxxxxxxxxxxxxxx>
| > <OmIsEo7JHHA.3952@xxxxxxxxxxxxxxxxxxxx>
<surveysimon.2jcks5@xxxxxxxxxxxxx>
| > <eG3tQ8JKHHA.3936@xxxxxxxxxxxxxxxxxxxx>
| > <uxzVhgLKHHA.3552@xxxxxxxxxxxxxxxxxxxx>
| > | Subject: Re: RWW - Can't login
| > | Date: Wed, 27 Dec 2006 17:09:56 +1000
| > | Lines: 50
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Outlook Express 6.00.2900.3028
| > | X-RFC2646: Format=Flowed; Response
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028
| > | Message-ID: <Oj#kEYYKHHA.4712@xxxxxxxxxxxxxxxxxxxx>
| > | Newsgroups: microsoft.public.windows.server.sbs
| > | NNTP-Posting-Host: dsl-202-173-151-92.qld.westnet.com.au
202.173.151.92
| > | Path:
TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP04.phx.gbl
| > | Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.windows.server.sbs:6676
| > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > |
| > | Some of the workstation already had the old client installed, some I
| > | installed the current client on but the results are the same on
both.
| > | I had a look at the firewall rules in ISA Manager and when I looked
at
| > the
| > | properties of the last rule giving internet access I got an MMC
error
| > when
| > | clicking on the Protocol tab. I look at a couple of others and got
the
| > same
| > | error.
| > |
| > | Maybe I should uninstall and reinstall ISA 2004. If I do, are there
any
| > | gotchas to be aware of?
| > |
| > | Lester
| > |
| > | "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]"
<sbradcpa@xxxxxxxxxxx>
| > | wrote in message news:uxzVhgLKHHA.3552@xxxxxxxxxxxxxxxxxxxxxxx
| > | > Have you installed the ISA firewall client on the workstations?
| > | >
| > | > Lester Bennett wrote:
| > | >> I just tried and I can login as the administrator but not any
other
| > user.
| > | >> This is the first Premium install I've done as as I haven't had
the
| > | >> problem before with the Standard edition I guess it is something
to
| > do
| > | >> with ISA 2004. I have another ISA problem. I can't browse the
| > internet
| > | >> from an internal client but I can from the server and when I try
to
| > view
| > | >> I page that has been browsed from the server I can then see it.
| > Obviously
| > | >> coming from the ISA cache.
| > | >> Maybe both problems are related.
| > | >> Any suggestions?
| > | >>
| > | >> Regards,
| > | >> Lester
| > | >>
| > | >> "surveysimon" <surveysimon.2jcks5@xxxxxxxxxxxxx> wrote in message
| > | >> news:surveysimon.2jcks5@xxxxxxxxxxxxxxxx
| > | >>> I would have to go with Cris Hanna as well. I think you have
the
| > | >>> permissions for those users incorrectly assigned. Can
Administrator
| > | >>> login succesfully?
| > | >>>
| > | >>> Simon
| > | >>>
| > | >>>
| > | >>> --
| > | >>> surveysimon
| > | >>>
|
> ------------------------------------------------------------------------
| > | >>> surveysimon's Profile:
| > | >>> http://forums.techarena.in/member.php?userid=12706
| > | >>> View this thread:
http://forums.techarena.in/showthread.php?t=647401
| > | >>>
| > | >>> http://forums.techarena.in
| > | >>>
| > | >>
| > |
| > |
| >
|
|
|



.