RE: Connect Computer and VPN

Hello Robin,

I'm glad to hear that things are working correctly for you now.

Thank you very much for sharing your resolution. I believe other customers
will get help from this post.

As you said, the settings by default are enabled. Tick the Bypass proxy for
web servers in this network in ISA server side, we will do not need to
configure client machine one by one.

Thanks again for you sharing.

Please do not hesitate to post in this great newsgroup if you need any
assistance in the future. I look forward to working with you again.

Thank you and have a nice day,

Best regards,

Terence Liu(MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| Thread-Topic: Connect Computer and VPN
| thread-index: Acc5m6LWZ8u8viPiTLe/etzH185SKQ==
| X-WBNR-Posting-Host: 217.39.24.232
| From: =?Utf-8?B?TmV0d29ya0Z1c2lvbg==?=
<NetworkFusion@xxxxxxxxxxxxxxxxxxxxxxxxx>
| References: <9174356D-0AA5-4225-9FE4-3CD9BF32C58A@xxxxxxxxxxxxx>
<wFeu$ywLHHA.2488@xxxxxxxxxxxxxxxxxxxxxx>
<2B9CFE4C-64ED-4ED5-953C-AE66B6D68984@xxxxxxxxxxxxx>
<ohdbUUMMHHA.4020@xxxxxxxxxxxxxxxxxxxxxx>
<4FF4AFA3-34FA-47E5-AAD8-D098EA9F0670@xxxxxxxxxxxxx>
<B06E5113-83E1-480F-8D49-AED9FCD498BE@xxxxxxxxxxxxx>
<dRYGWfwMHHA.2488@xxxxxxxxxxxxxxxxxxxxxx>
| Subject: RE: Connect Computer and VPN
| Date: Tue, 16 Jan 2007 10:25:01 -0800
| Lines: 334
| Message-ID: <E84175AD-6CA3-441E-A5ED-655AA27CEF25@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 8bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757
| Newsgroups: microsoft.public.windows.server.sbs
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:10668
| NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Hi Terence,
|
| Sorry for the delayed reply,
|
|
| I had already found and checked the sollution you posted, after a lot of
| reaserch I discovered a solution
|
| The problem was to do with the default ISA 2004 configuration,
|
| I had to change the following settings in the internal network properties:
|
| [Web Browser Tab]
| Bypass proxy for webservers in this network (untick)
| Directly acces domain computers specified in the domain tab (untick)
|
| And this setting:
| Configuration > General >Define IP Preferences
| [IP Routing Tab]
| Enable IP Routing (untick)
|
|
| I have never had this problem pre R2 and wondered if these settings have
| been missed when R2 was compiled for release?
|
| Thanks for your help
|
| Robin.
| --
| Delivered By Messenger Pigeon
|
|
| "Terence Liu [MSFT]" wrote:
|
| > Hello Robin,
| >
| > Thank you for kind update.
| >
| > Based on research, we found that if the "Require all users to
authenticate"
| > option is enabled on the ISA's Internal network and all the LAN clients
are
| > configured as Web Proxy client and the "Bypass proxy server for local
| > addresses" option is ticked, the LAN clients receive 403 access denied
when
| > accessing http://companyweb.
| >
| > The problem occurred because ISA requires authentication for all HTTP
| > traffic from the internal network. When the "Bypass proxy server for
local
| > addresses" option is selected, IE will bypass the proxy when accessing
| > resources considered locally (whose URL doesn't contain a period) and
| > leverage either the Firewall client and the SecureNAT client to send
the
| > traffic. If Firewall Client is not installed, the SecureNAT will handle
the
| > traffic. As the SecureNAT cannot pass the user credential to the ISA,
the
| > access failed.
| >
| > We have 3 resolutions to fix this issue:
| >
| > 1. Un-tick "Require all users to authenticate" option.
| >
| > a. Open ISA 2004 console, extend Configuration->Networks
| >
| > b. Click networks tap, double click Internal
| >
| > c. Click Web Proxy tab, click Authentication button, un-tick Require
all
| > users to authenticate
| >
| > d. Click OK several times, and then click Apply button to save
| > configuration.
| >
| > 2. Un-tick the "Bypass proxy server for local addresses" and ¡°Use
| > automatic configuration script¡± option in IE.
| >
| > 3. Install the Firewall Client on all the workstations.
| >
| > Hope these steps will give you some help.
| >
| > Thanks and have a nice day!
| >
| > Best regards,
| >
| > Terence Liu(MSFT)
| >
| > Microsoft CSS Online Newsgroup Support
| >
| > Get Secure! - www.microsoft.com/security
| >
| > =====================================================
| > This newsgroup only focuses on SBS technical issues. If you have issues
| > regarding other Microsoft products, you'd better post in the
corresponding
| > newsgroups so that they can be resolved in an efficient and timely
manner.
| > You can locate the newsgroup here:
| > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| >
| > When opening a new thread via the web interface, we recommend you check
the
| > "Notify me of replies" box to receive e-mail notifications when there
are
| > any updates in your thread. When responding to posts via your
newsreader,
| > please "Reply to Group" so that others may learn and benefit from your
| > issue.
| >
| > Microsoft engineers can only focus on one issue per thread. Although we
| > provide other information for your reference, we recommend you post
| > different incidents in different threads to keep the thread clean. In
doing
| > so, it will ensure your issues are resolved in a timely manner.
| >
| > For urgent issues, you may want to contact Microsoft CSS directly.
Please
| > check http://support.microsoft.com for regional support phone numbers.
| >
| > Any input or comments in this thread are highly appreciated.
| > =====================================================
| >
| > This posting is provided "AS IS" with no warranties, and confers no
rights.
| >
| > --------------------
| > | Thread-Topic: Connect Computer and VPN
| > | thread-index: Accw+XcXzt04PzgZT16wdB5Y1UptKA==
| > | X-WBNR-Posting-Host: 81.137.105.244
| > | From: =?Utf-8?B?TmV0d29ya0Z1c2lvbg==?=
| > <NetworkFusion@xxxxxxxxxxxxxxxxxxxxxxxxx>
| > | References: <9174356D-0AA5-4225-9FE4-3CD9BF32C58A@xxxxxxxxxxxxx>
| > <wFeu$ywLHHA.2488@xxxxxxxxxxxxxxxxxxxxxx>
| > <2B9CFE4C-64ED-4ED5-953C-AE66B6D68984@xxxxxxxxxxxxx>
| > <ohdbUUMMHHA.4020@xxxxxxxxxxxxxxxxxxxxxx>
| > <4FF4AFA3-34FA-47E5-AAD8-D098EA9F0670@xxxxxxxxxxxxx>
| > | Subject: RE: Connect Computer and VPN
| > | Date: Fri, 5 Jan 2007 10:44:00 -0800
| > | Lines: 316
| > | Message-ID: <B06E5113-83E1-480F-8D49-AED9FCD498BE@xxxxxxxxxxxxx>
| > | MIME-Version: 1.0
| > | Content-Type: text/plain;
| > | charset="Utf-8"
| > | Content-Transfer-Encoding: 7bit
| > | X-Newsreader: Microsoft CDO for Windows 2000
| > | Content-Class: urn:content-classes:message
| > | Importance: normal
| > | Priority: normal
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757
| > | Newsgroups: microsoft.public.windows.server.sbs
| > | Path: TK2MSFTNGHUB02.phx.gbl
| > | Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:8425
| > | NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
| > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > |
| > | After some further investigation, it is the ISA firewall Client or
ISA
| > Server
| > | 2004 which is causing the problem. if you have either "Bypass Proxy
for
| > Local
| > | network" or "use automatic configuration script" enabled, you cant
access
| > the
| > | sbs websites.
| > |
| > | any ideas on how to correct this?
| > |
| > | Thanks,
| > |
| > | Robin.
| > | --
| > | Delivered By Messenger Pigeon
| > |
| > |
| > | "NetworkFusion" wrote:
| > |
| > | > Hi Terence,
| > | >
| > | > I have checked IIS and the settings were correct, Also I was able
to
| > telnet
| > | > to port 80 on sbs with no errors, although it was only a blank
screen.
| > | >
| > | > I beleive the problem to be related to SBS not routing correctly as
| > from the
| > | > server (local host) http connections work fine.
| > | >
| > | > If you would still like me to send you an email of the IIS
metadata,
| > please
| > | > let me know
| > | >
| > | > Thankyou for your help, it is much apperciated.
| > | >
| > | > --
| > | > Delivered By Messenger Pigeon
| > | >
| > | >
| > | > "Terence Liu [MSFT]" wrote:
| > | >
| > | > > Hello Robin,
| > | > >
| > | > > Thank you for update.
| > | > >
| > | > > The RPC filter that we disabled can be enabled (if required for
other
| > | > > configurations) after the clients have joined the domain.
Whenever we
| > need
| > | > > to add another client to the domain, we will have to follow the
above
| > steps
| > | > > again for Disabling RPC compliance on ISA 2004.
| > | > >
| > | > > As you said, you can not use http to access web site on SBS, I
| > suggest we
| > | > > try the following steps to see if we can resolve this issue:
| > | > >
| > | > > 1. Open IIS console,
| > | > >
| > | > > 2. Extend Default Web Site, right-click it select Properties
| > | > >
| > | > > 3. Select Directory Security tap, click edit button under Secure
| > | > > communications.
| > | > >
| > | > > 4. Ensure not Select Require secure channel (SSL)
| > | > >
| > | > > 5. Click OK to return.
| > | > >
| > | > > 6. Do the same steps from step 1 to step 5 on Companyweb.
| > | > >
| > | > > If the issue persists, please kindly help me collect some
information
| > for
| > | > > further investigation:
| > | > >
| > | > > 1. Try to telnet 80 port from client to SBS, is it work? Please
| > capture a
| > | > > screenshot on the outcome and send the picture to me at
| > | > > v-terliu@xxxxxxxxxxxxx
| > | > >
| > | > > 2. Gather IIS Metabase:
| > | > >
| > | > > 1) Download the IIS Resource Kit tools from the following page:
| > | > >
| >
http://www.microsoft.com/downloads/details.aspx?FamilyId=56FC92EE-A71A-4C73-
| > | > > B628-ADE629C89499&displaylang=en
| > | > >
| > | > > 2) Install it, run MBExplorer (Metabase Explorer)
| > | > >
| > | > > 3) Right click the "LM" node and choose "Export to file".
| > | > >
| > | > > 4) Specify a file name, specify the password and finish the
export.
| > | > >
| > | > > 5) Send the file and the password to v-terliu@xxxxxxxxxxxxxx
| > | > >
| > | > > 3. Collect the IIS log.
| > | > >
| > | > > a. Open IIS snap-in.
| > | > >
| > | > > b. Right click Default Web Site and click Properties.
| > | > >
| > | > > c. Uncheck the "Enable Logging" box and click Apply.
| > | > >
| > | > > d. Go to C:\WINDOWS\system32\LogFiles\W3SVC1 folder and move all
| > files to a
| > | > > backup location.
| > | > >
| > | > > e. Check "Enable Logging" box and click OK.
| > | > >
| > | > > f. Run IISReset command.
| > | > >
| > | > > g. Reproduce the problem and send the log file in
| > | > > C:\WINDOWS\system32\LogFiles\W3SVC1 folder to me for research.
| > | > >
| > | > > Hope these steps will give you some help.
| > | > >
| > | > > Thanks and have a nice day!
| > | > >
| > | > > Best regards,
| > | > >
| > | > > Terence Liu(MSFT)
| > | > >
| > | > > Microsoft CSS Online Newsgroup Support
| > | > >
| > | > > Get Secure! - www.microsoft.com/security
| > | > >
| > | > > =====================================================
| > | > > This newsgroup only focuses on SBS technical issues. If you have
| > issues
| > | > > regarding other Microsoft products, you'd better post in the
| > corresponding
| > | > > newsgroups so that they can be resolved in an efficient and
timely
| > manner.
| > | > > You can locate the newsgroup here:
| > | > > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| > | > >
| > | > > When opening a new thread via the web interface, we recommend you
| > check the
| > | > > "Notify me of replies" box to receive e-mail notifications when
there
| > are
| > | > > any updates in your thread. When responding to posts via your
| > newsreader,
| > | > > please "Reply to Group" so that others may learn and benefit from
| > your
| > | > > issue.
| > | > >
| > | > > Microsoft engineers can only focus on one issue per thread.
Although
| > we
| > | > > provide other information for your reference, we recommend you
post
| > | > > different incidents in different threads to keep the thread
clean. In
| > doing
| > | > > so, it will ensure your issues are resolved in a timely manner.
| > | > >
| > | > > For urgent issues, you may want to contact Microsoft CSS
directly.
| > Please
| > | > > check http://support.microsoft.com for regional support phone
numbers.
| > | > >
| > | > > Any input or comments in this thread are highly appreciated.
| > | > > =====================================================
| > | > >
| > | > > This posting is provided "AS IS" with no warranties, and confers
no
| > rights.
| > | > >
| > | > > --------------------
| > | > > | Thread-Topic: Connect Computer and VPN
| > | > > | thread-index: AccwFi1F+xQ9brEsR2Ku2Scd62YSQA==
| > | > > | X-WBNR-Posting-Host: 217.39.24.232
| > | > > | From: =?Utf-8?B?TmV0d29ya0Z1c2lvbg==?=
| > | > > <NetworkFusion@xxxxxxxxxxxxxxxxxxxxxxxxx>
| > | > > | References:
<9174356D-0AA5-4225-9FE4-3CD9BF32C58A@xxxxxxxxxxxxx>
| > | > > <wFeu$ywLHHA.2488@xxxxxxxxxxxxxxxxxxxxxx>
| > | > > | Subject: RE: Connect Computer and VPN
| > | > > | Date: Thu, 4 Jan 2007 07:37:01 -0800
| > | > > | Lines: 214
| > | > > | Message-ID: <2B9CFE4C-64ED-4ED5-953C-AE66B6D68984@xxxxxxxxxxxxx>
| > | > > | MIME-Version: 1.0
| > | > > | Content-Type: text/plain;
| > | > > | charset="Utf-8"
| > | > > | Content-Transfer-Encoding: 8bit
| > | > > | X-Newsreader: Microsoft CDO for Windows 2000
| > | > > | Content-Class: urn:content-classes:message
| > | > > | Importance: normal
| > | > > | Priority: normal
| > | > > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757
| > | > > | Newsgroups: microsoft.public.windows.server.sbs
| > | > > | Path: TK2MSFTNGHUB02.phx.gbl
| > | > > | Xref: TK2MSFTNGHUB02.phx.gbl
| > microsoft.public.windows.server.sbs:8102
| > | > > | NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
| > | > > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > | > > |
| > | > > | Hi Terence,
| > | > > |
| > | > > | Thankyou for the quick responce to my question, I am now able
to
| > | > > | connectcomputer after disabling the suggested things in ISA.
Does
| > | > > disabling
|

.