Re: ISA Rule for Remote Desktop?
- From: "J. M. De Moor" <nospam@xxxxxxxxxx>
- Date: Tue, 20 Feb 2007 14:15:32 -1000
Jeff
A couple of things happen that you may want to investigate (as I am not sure
how the traffic is passed to the "backup bandwidth" in your case.) When SBS
receives a connection on port 4125, it first compares the IP that sent the
request with the previous 443 request's source IP. (The one that opened the
session with the https://server/remote). If the 2 IPs are different, port
4125 is closed. I wonder if what your ISP rigged up is messing with that
somehow. Ok, that's probably a stretch...
More likely related to your problem though is that a device between ISA and
the remote PC (at your ISP) is blocking 4125. Did you check:
http://support.microsoft.com/kb/828053/en-us
Joe
"Jeff Teel" <jdteel@RMoveThis sugardog.com> wrote in message
news:eV%2396qOVHHA.392@xxxxxxxxxxxxxxxxxxxxxxx
Well here is the "rest of the story". My Internet provider has the
ability to provide "backup bandwidth" if one of their resources fails or
is having problems (of course depending on the source of the problem). So
when I'm on backup bandwidth I have a different IP address than the normal
address. Recently I've been switched to the backup and in turn have a
different IP address. I initially noticed that there was no access to
RWW. After we got that problem figured out (A record for the domain name
pointing to the wrong IP address) I can now access RWW and use Outlook Web
but still can't Remote Desktop into anything from within RWW (from outside
the LAN). It has worked in the past...this is not a new
configuration.....and the ISP has ports 25, 443, 444, and 4125 forwarded
to my WAN card on the server. I see the attempts being made from the
logging interface in ISA to port 4125 when I attempt to do Remote Desktop
from outside my network but I receive this message:
"The client could not connect to the remote computer. Remote connections
might not be enabled or the computer might be too busy to accept new
connections. It is also possible that network problems are preventing
your connection. Please try again later. If the problem continues to
occur, contact your administrator."
The blue information bar on this window says: VBScript: Remote Desktop
Disconnected. I'm sure that traffic is getting through to port 4125
because I can see the attempt being made to connect to that port in ISA
logging but it looks like it gets closed right after that. There are three
connection attempts in the ISA log and right after each attempt the
connection is closed.
Thanks
Jeff
"SuperGumby [SBS MVP]" <not@xxxxxxxxxxx> wrote in message
news:uYc0nOMVHHA.1208@xxxxxxxxxxxxxxxxxxxxxxx
GAWD, that, and how ISA defines inbound/outbound rules, just confuses me.
ISA rules have nothing to do with how the remote PC sees it. The
inbound/outbound is purely from (some wierd MS) ISA's perspective and the
definition of source and destination networks.
It's all pretty well irrelevent however, the rules created by the CEICW
are correct if the network has been defined correctly. Rather than asking
'did the CEICW define this rule correctly' the OP should let us know what
problem he is experiencing, what error message is occurring, and just why
the frack someone who needs assistance understanding ISA inbound/outbound
definition believes there is any benefit in questioning the result of
several hundred hours of MS' best dev team development and the experience
of several thousand users.
I think I better 'back off', something got 'under my collar' earlier
today, I think I'm starting to bite simply because it feels good.
"J. M. De Moor" <nospam@xxxxxxxxxx> wrote in message
news:etqVryLVHHA.600@xxxxxxxxxxxxxxxxxxxxxxx
Jeff
I believe the direction is "outbound" when seen from External to Local,
which is correct. Although SBS dynamically opens port 4125, it is the
remote ActiveX that initiates the connection to SBS using 4125. If you
look at the URL that RWW receives from SBS when you try to connect to a
computer on the network, you will notice a &Port=4125&, in effect
telling the remote browser to use that port. From the perspective of
the remote computer, it is outbound. ISA Server (out of the box) blocks
actual outbound traffic on port 4125, which is why connecting to a
computer on your internal network via RWW gives you problems.
...at least that is the way I understand it. Hehe.
Joe
"Jeff Teel" <jdteel@RMoveThis sugardog.com> wrote in message
news:OltwwDLVHHA.4784@xxxxxxxxxxxxxxxxxxxxxxx
I am looking at a rule in ISA 2004 named SBS RWW Inbound Access Rule.
It has an Allow action, the protocol is named
SBS_Custom_Protocol_TCP_Outbound_4125 and in the details for that
protocol it is using port 4125 Outbound. It is from the External
listener to Local Host.
My questions: Is that rule correct for allowing Remote Desktop from
outside the LAN and should there be a rule for port 4125 Inbound as
well? I'm not seeing one.
Thanks
Jeff
.
- Follow-Ups:
- Re: ISA Rule for Remote Desktop?
- From: Jeff Teel
- Re: ISA Rule for Remote Desktop?
- References:
- ISA Rule for Remote Desktop?
- From: Jeff Teel
- Re: ISA Rule for Remote Desktop?
- From: J. M. De Moor
- Re: ISA Rule for Remote Desktop?
- From: SuperGumby [SBS MVP]
- Re: ISA Rule for Remote Desktop?
- From: Jeff Teel
- ISA Rule for Remote Desktop?
- Prev by Date: RE: FTP LS Failure
- Next by Date: Re: Exchange and SQL on same SBS Server
- Previous by thread: Re: ISA Rule for Remote Desktop?
- Next by thread: Re: ISA Rule for Remote Desktop?
- Index(es):
Relevant Pages
|
