RE: Connect Computer and VPN

Hello Robin,

Thank you for update.

The RPC filter that we disabled can be enabled (if required for other
configurations) after the clients have joined the domain. Whenever we need
to add another client to the domain, we will have to follow the above steps
again for Disabling RPC compliance on ISA 2004.

As you said, you can not use http to access web site on SBS, I suggest we
try the following steps to see if we can resolve this issue:

1. Open IIS console,

2. Extend Default Web Site, right-click it select Properties

3. Select Directory Security tap, click edit button under Secure
communications.

4. Ensure not Select Require secure channel (SSL)

5. Click OK to return.

6. Do the same steps from step 1 to step 5 on Companyweb.

If the issue persists, please kindly help me collect some information for
further investigation:

1. Try to telnet 80 port from client to SBS, is it work? Please capture a
screenshot on the outcome and send the picture to me at
v-terliu@xxxxxxxxxxxxx

2. Gather IIS Metabase:

1) Download the IIS Resource Kit tools from the following page:
http://www.microsoft.com/downloads/details.aspx?FamilyId=56FC92EE-A71A-4C73-
B628-ADE629C89499&displaylang=en

2) Install it, run MBExplorer (Metabase Explorer)

3) Right click the "LM" node and choose "Export to file".

4) Specify a file name, specify the password and finish the export.

5) Send the file and the password to v-terliu@xxxxxxxxxxxxxx

3. Collect the IIS log.

a. Open IIS snap-in.

b. Right click Default Web Site and click Properties.

c. Uncheck the "Enable Logging" box and click Apply.

d. Go to C:\WINDOWS\system32\LogFiles\W3SVC1 folder and move all files to a
backup location.

e. Check "Enable Logging" box and click OK.

f. Run IISReset command.

g. Reproduce the problem and send the log file in
C:\WINDOWS\system32\LogFiles\W3SVC1 folder to me for research.

Hope these steps will give you some help.

Thanks and have a nice day!

Best regards,

Terence Liu(MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| Thread-Topic: Connect Computer and VPN
| thread-index: AccwFi1F+xQ9brEsR2Ku2Scd62YSQA==
| X-WBNR-Posting-Host: 217.39.24.232
| From: =?Utf-8?B?TmV0d29ya0Z1c2lvbg==?=
<NetworkFusion@xxxxxxxxxxxxxxxxxxxxxxxxx>
| References: <9174356D-0AA5-4225-9FE4-3CD9BF32C58A@xxxxxxxxxxxxx>
<wFeu$ywLHHA.2488@xxxxxxxxxxxxxxxxxxxxxx>
| Subject: RE: Connect Computer and VPN
| Date: Thu, 4 Jan 2007 07:37:01 -0800
| Lines: 214
| Message-ID: <2B9CFE4C-64ED-4ED5-953C-AE66B6D68984@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 8bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757
| Newsgroups: microsoft.public.windows.server.sbs
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:8102
| NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Hi Terence,
|
| Thankyou for the quick responce to my question, I am now able to
| connectcomputer after disabling the suggested things in ISA. Does
disabling
| these things compromise any of the security, or is this ment to be on SBS?
|
| I still have to use https though in order for it to work, and when the
| client computer is all setup, it cannot enter companyweb unless you
manually
| change the http to https
|
| I will start a new post regarding the VPN as this still fails to work.
|
| Regards,
|
| Robin.
|
| --
| Delivered By Messenger Pigeon
|
|
| "Terence Liu [MSFT]" wrote:
|
| > Hello Robin,
| >
| > Thank you for posting here.
| >
| > According to your description, I understand that you can not join
clients
| > to SBS domain and can not connect the SBS via VPN. If I have
misunderstood
| > the problem, please don't hesitate to let me know.
| >
| > Based on my research, I suggest we try the following steps to see if we
can
| > resolve this issue:
| >
| > This problem occurs may because the ISA 2004 installation requires
Strict
| > Remote
| > Procedure Call Compliance on a default installation.
| >
| > Hence we need to DISABLE Strict Remote Procedure Call Compliance (
Strict
| > RPC
| > Compliance ) in ISA 2004 in the following places :
| >
| > 1. Right click on Firewall Polcy and click Edit System Policy. Click on
| > Active
| > Directory and uncheck "Enforce Strict RPC Compliance".
| >
| > 2. Click on Firewall Policy and locate the "SBS Protected Netwrk
Accesss
| > Rule" and
| > right click on the rule and select
| > "Configure RPC Protocol"
| > Uncheck "Enable Strict RPC Compliance"
| >
| > 3. Click on Firewall Policy and locate the "SBS Internet Accesss Rule"
and
| > right
| > click on the rule and select "Configure RPC Protocol"
| > Uncheck "Enable Strict RPC Compliance"
| >
| > 4. Click on Filters and search for the " RPC Filter ". Disable the RPC
| > filter in
| > the properties of the same.
| >
| > Apply all the changes using the option to restart all the ISA services
| > after
| > application of changes.
| >
| > Then, please try to join the client machines to SBS domain.
| >
| > Meanwhile, please test the VPN connection. If the VPN connection still
does
| > not work, that means the VPN connection is a separate issue and has no
| > relationship with RPC Filter. Please understand that our newsgroup is
an
| > issue based service, meaning we usually respond to one question/issue
per
| > post. This will lessen the confusion for both of us, as well as ensure
that
| > our results are accurate and not a result of a test for a different
| > question. Therefore, I will work with you on the first question in this
| > post (the connect computer issue). Regarding the additional question
(VPN),
| > I suggest you create a new post for getting more quick assistance.
| >
| > If the issue persists, please kindly help me collect some information
for
| > further investigation:
| >
| > 1. Please capture a screenshot on the error message and send the
picture to
| > me at v-terliu@xxxxxxxxxxxxx
| >
| > 2. Please send the SBSnetsetup.txt file to me.
| >
| > 3. Use the Networking MPS report to capture the server networking
| > configurations for further analysis:
| >
| > a. Download MPSrepot_network from
| >
http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0bd9
| > 15706/MPSRPT_NETWORK.EXE
| >
| > b. Run MPSRPT_NETWORK.exe on the server box.
| >
| > c. The tool will automatically collect the information. This procedure
will
| > take 10~15 minutes.
| >
| > d. Open Windows Explorer, navigate to the folder:
| > %SystemRoot%\MPSReports\Network\Reports\Cab\
| >
| > e. Send the .cab file directly to me.
| >
| > Hope these steps will give you some help.
| >
| > Thanks and have a nice day!
| >
| > Best regards,
| >
| > Terence Liu(MSFT)
| >
| > Microsoft CSS Online Newsgroup Support
| >
| > Get Secure! - www.microsoft.com/security
| >
| > =====================================================
| > This newsgroup only focuses on SBS technical issues. If you have issues
| > regarding other Microsoft products, you'd better post in the
corresponding
| > newsgroups so that they can be resolved in an efficient and timely
manner.
| > You can locate the newsgroup here:
| > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| >
| > When opening a new thread via the web interface, we recommend you check
the
| > "Notify me of replies" box to receive e-mail notifications when there
are
| > any updates in your thread. When responding to posts via your
newsreader,
| > please "Reply to Group" so that others may learn and benefit from your
| > issue.
| >
| > Microsoft engineers can only focus on one issue per thread. Although we
| > provide other information for your reference, we recommend you post
| > different incidents in different threads to keep the thread clean. In
doing
| > so, it will ensure your issues are resolved in a timely manner.
| >
| > For urgent issues, you may want to contact Microsoft CSS directly.
Please
| > check http://support.microsoft.com for regional support phone numbers.
| >
| > Any input or comments in this thread are highly appreciated.
| > =====================================================
| >
| > This posting is provided "AS IS" with no warranties, and confers no
rights.
| >
| > --------------------
| > | Thread-Topic: Connect Computer and VPN
| > | thread-index: AccukI+GpIQ0ToFVSZ2Z9ipluQsLwg==
| > | X-WBNR-Posting-Host: 217.39.24.232
| > | From: =?Utf-8?B?TmV0d29ya0Z1c2lvbg==?=
| > <NetworkFusion@xxxxxxxxxxxxxxxxxxxxxxxxx>
| > | Subject: Connect Computer and VPN
| > | Date: Tue, 2 Jan 2007 09:08:02 -0800
| > | Lines: 37
| > | Message-ID: <9174356D-0AA5-4225-9FE4-3CD9BF32C58A@xxxxxxxxxxxxx>
| > | MIME-Version: 1.0
| > | Content-Type: text/plain;
| > | charset="Utf-8"
| > | Content-Transfer-Encoding: 8bit
| > | X-Newsreader: Microsoft CDO for Windows 2000
| > | Content-Class: urn:content-classes:message
| > | Importance: normal
| > | Priority: normal
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757
| > | Newsgroups: microsoft.public.windows.server.sbs
| > | Path: TK2MSFTNGHUB02.phx.gbl
| > | Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:7640
| > | NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
| > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > |
| > | I am having some trouble with a new server I am setting up... it is a
| > Dell
| > | Poweredge 2800 dual nic with SBS2003R2 premium.
| > |
| > | The test client has a clean copy of windows XP Pro with all updates
| > | including IE7
| > |
| > | When I try to connect a new computer using
http://server/connectcomputer
| > it
| > | shows the page not found error. I can use
https://server/connectcomputer
| > and
| > | this seems to work ok, however when I click the link, fill in all the
| > | information and click finish it shows a network error has occurred
please
| > | contact the systems administrator. I have checked the usual stuff
| > including
| > | the connectcomputer entry in IIS is there. On the client in the
| > | SBSnetsetup.txt shows an error ââ?¬Å?FinishNetworkSetup() ââ?¬â??
| > NetJoinDomain() failed
| > | [1727]�
| > |
| > | If I try to manually add the computer to the domain I get an error
| > saying:
| > | The remote procedure Call failed and did not execute.
| > |
| > | VPN is being an ass as well... the router is a 2wire 1800HG (which
| > supports
| > | VPN) and anyway, I am running most of the tests from the DMZ, so this
| > should
| > | not be a problem� I am getting the famous error 800. I have
monitored
| > port
| > | 1723 from ISA2004 and it shows that the connection initialised (more
than
| > | once) and then about 40 seconds later the connection closed.
| > |
| > | Thanks In advance,
| > |
| > | Robin.
| > |
| > |
| > | If I try to manually add the computer to the domain I get an error
| > saying:
| > | The remote procedure Call was unable to execute.
| > |
| > | VPN is being an ass as well...
| > |
| > |
| > | --
| > | Delivered By Messenger Pigeon
| > |
| >
| >
|

.