Re: RWW not working externally (R2)
- From: "SusanV" <svanallen@xxxxxxxxxxxxxxx>
- Date: Thu, 15 Feb 2007 17:34:21 -0500
There's a rule for RWW Inbound Access, enabled, set to Allow, All Users.
For some reason every time I click the Protocols tab the ISA MMC crashes,
that can't be a good sign. <sigh> Time to go home, work on this tomorrow.
Further suggestions are more than welcome!
SusanV
"Cris Hanna [SBS-MVP]" <crisnospamhanna@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message news:47C4FEC3-9153-49C5-A62C-2D289A5F4C3E@xxxxxxxxxxxxxxxx
Don't have ISA on my machine although I'm thinking of adding it back now
that the firewall client is available for Vista
I'll check a client's machine later and see what we can I can find....but
you should find rules on ISA that 3389 inbound on all networks
--
Cris Hanna [SBS-MVP]
------------------------------
Please do not contact me directly, only respond in the Newsgroups
MVPs do not work for Microsoft
------------------------------
Send via Windows Mail on Vista Ultimate connected to SBS 2003 R2
"SusanV" <svanallen@xxxxxxxxxxxxxxx> wrote in message
news:uteJcpUUHHA.4252@xxxxxxxxxxxxxxxxxxxxxxx
Replies inline...
"Cris Hanna [SBS-MVP]" <crisnospamhanna@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message news:%23lQOuiUUHHA.4872@xxxxxxxxxxxxxxxxxxxxxxx
If you go to Active Directory Users and Computers...did down to
MyBusiness and find Security Groups you should find one called Remote
Web Workplace Users. Check to make sure that your Users are members of
that group...
Check. Those that should be allowed anyways <grin>
Then on your workstations and or the server, make sure that in the
Remote Tab and the Red Desktop Section, make sure that SBS Remote
Operators are listed in the box
Not listed, added on my workstation. Using another PC, connected to
external and logged on, but could not connect to the workstation, same
VBScript error I cited in my OP. Again, no error when connecting via the
internal address.
This is very frustrating and somewhat embarrassing, as RWW was one of my
key selling points in pushing for SBS rather than individual MS Products.
I don't think this is an ISA issue or you wouldn't be getting as far as
you are.
--
Cris Hanna [SBS-MVP]
------------------------------
Please do not contact me directly, only respond in the Newsgroups
MVPs do not work for Microsoft
------------------------------
Send via Windows Mail on Vista Ultimate connected to SBS 2003 R2
"SusanV" <svanallen@xxxxxxxxxxxxxxx> wrote in message
news:OoAmobUUHHA.4076@xxxxxxxxxxxxxxxxxxxxxxx
Hi Cris and thanks for responding. Not sure what you mean - I'm testing
this using the Administrator account? (from internal to external
address). Also had a user test with his credentials and it worked from
the internal but not the external address...
I'm getting confused.
"Cris Hanna [SBS-MVP]"
<crisnospamhanna@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:eURm7YUUHHA.5012@xxxxxxxxxxxxxxxxxxxxxxx
Everything certainly looks fine here
What you actually have I think is a gateway device, much like I have
for my business connection from charter
Anyway...could this simply be a matter that
a) users are not members of the RWW Security group (think its
actually called Remote Workplace Group)
b) the users with permissions for remote desktop doesn't include that
group
--
Cris Hanna [SBS-MVP]
------------------------------
Please do not contact me directly, only respond in the Newsgroups
MVPs do not work for Microsoft
------------------------------
Send via Windows Mail on Vista Ultimate connected to SBS 2003 R2
"SusanV" <svanallen@xxxxxxxxxxxxxxx> wrote in message
news:%235vI4yTUHHA.4404@xxxxxxxxxxxxxxxxxxxxxxx
Sorry Gregg, I should have given you more info.
It's not a NAT router, although it does have that capability I'm not
using it. The router ports are as follows:
external IP - 209.113.148.221
internal IP - 209.113.149.113
ipconfig output from the SBS server:
Windows IP Configuration
Host Name . . . . . . . . . . . . : LSGSBS
Primary Dns Suffix . . . . . . . : lightshipgroup.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : lightshipgroup.local
Ethernet adapter Server Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II
GigE (NDIS
VBD Client)
Physical Address. . . . . . . . . : 00-18-8B-49-F8-43
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.13
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.0.13
Primary WINS Server . . . . . . . : 192.168.0.13
Ethernet adapter Network Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II
GigE (NDIS
VBD Client) #2
Physical Address. . . . . . . . . : 00-18-8B-49-F8-45
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 209.113.149.114
Subnet Mask . . . . . . . . . . . : 255.255.255.248
Default Gateway . . . . . . . . . : 209.113.149.113
DNS Servers . . . . . . . . . . . : 192.168.0.13
NetBIOS over Tcpip. . . . . . . . : Disabled
Again, I can connect to the site with no trouble, to the point of
selecting a workstation. OWA works inside and out. RWW works
internally. RWW does not make the connection to the client from the
outside.
Thanks for your help, it's truly appreciated.
SusanV
"Gregg Hill" <bogus@xxxxxxxxxxx> wrote in message
news:%23fPyIsTUHHA.3592@xxxxxxxxxxxxxxxxxxxxxxx
Susan,
If it is a NAT router, then it should have port forwarding in it.
Is your WAN NIC connected to a NAT router and does it have a private
IP, or is getting a routable IP address on the WAN NIC?
Give us an "ipconfig /all" output from the server.
Gregg Hill
"SusanV" <svanallen@xxxxxxxxxxxxxxx> wrote in message
news:uVmUanTUHHA.1364@xxxxxxxxxxxxxxxxxxxxxxx
The router is not a firewall, hence no ports to open or forward.
When connecting from the server itself to the external IP address I
get the same result as from the outside.
I've run the CEICW multiple times with no joy (and no errors).
=/
"Gregg Hill" <bogus@xxxxxxxxxxx> wrote in message
news:%23DguJYTUHHA.3652@xxxxxxxxxxxxxxxxxxxxxxx
For full SBS functionality, your firewall should have these ports
open.
25 SMTP
443 SSL for OWA, OMA, and RWW login
444 SharePoint
4125 for RWW RDP to servers and workstations
Each one should be forwarded to the SBS box.
Then, run the CEICW. It should take care of the ISA settings for
you.
Gregg Hill
"SusanV" <svanallen@xxxxxxxxxxxxxxx> wrote in message
news:u2pS32SUHHA.4756@xxxxxxxxxxxxxxxxxxxxxxx
Hi all,
Running SBS 2003 Premium R2, and RWW is working fine internally,
but not from the outside. The site works, i.e., you get the cert
and the logon, and then can select the computer to connect to,
but cannot make a connection. The error is:
The client could not establish a connection to the remote
computer. The most likely causes for this error are: . Remote
connections might not be enabled at the remote computer.
. The maximum number of connections might be exceeded at the
remote computer.
. A network error might have occurred while establishing the
connection.
. The Remote Web Workplace designated port might be blocked
by a firewall.
I found a KB article 828053,
http://support.microsoft.com/kb/828053 Scenario 2 is the one
matching my setup, but am finding it difficult to follow as it
was written for ISA 2000 rather than 2004. Can someone help me to
translate the instructions to those for ISA 2004? The steps as
outlined in the article:
Resolution for scenario two: Set a protocol rule on your ISA
Server
If you connect to the Remote Web Workplace from a computer that
is internal to the ISA Server, and you have Firewall Client
software installed on your computer, you must configure a
protocol rule on your ISA Server. To create a protocol rule,
follow these steps: 1. Click Start, point to Programs, point to
Microsoft ISA Server, and then click ISA Management.
2. In the ISA Management console tree, expand Servers and
Arrays, expand Your_Server_Name, and then expand Access Policy.
3. Right-click Protocol Rules, point to New, and then click
Rule.
4. In the Protocol Rule Name box, type the name that you
want to give to the rule, and then click Next.
5. On the Rule Action page, click Allow, and then click
Next.
6. On the Protocols page, in the Apply this rule to list,
click All IP traffic, and then click Next.
7. On the Schedule page, in the Use this schedule list,
click the schedule option you want to use, and then click Next.
8. On the Client Type page, click Specific users and groups,
and then click Next.
9. On the Users and Groups page, click Add.
10. In the Enter the object names to select box, type the
names of the users or the groups that you want to use this
protocol rule, click OK, and then click Next.
11. Click Finish.
Again, RWW works fine internally, only fails from external, and
the RWW pages and OWA are working, but as I never used ISA 200 I
can't translate the above instructions.
TIA,
SusanV
.
- References:
- RWW not working externally (R2)
- From: SusanV
- Re: RWW not working externally (R2)
- From: Gregg Hill
- Re: RWW not working externally (R2)
- From: SusanV
- Re: RWW not working externally (R2)
- From: Gregg Hill
- Re: RWW not working externally (R2)
- From: SusanV
- Re: RWW not working externally (R2)
- From: Cris Hanna [SBS-MVP]
- Re: RWW not working externally (R2)
- From: SusanV
- Re: RWW not working externally (R2)
- From: Cris Hanna [SBS-MVP]
- Re: RWW not working externally (R2)
- From: SusanV
- Re: RWW not working externally (R2)
- From: Cris Hanna [SBS-MVP]
- RWW not working externally (R2)
- Prev by Date: Re: Cannot install certificate on Vista
- Next by Date: Re: FQDN to resolve internally
- Previous by thread: Re: RWW not working externally (R2)
- Next by thread: Re: RWW not working externally (R2)
- Index(es):
Relevant Pages
|
Loading
