Re: Can only connect to local RWW, over internet cannot

OK, so now we know RWW works, and it is a function within RWW, the ability
to 'Connect to Server' which is problematic, from inside the LAN. (Though
that's not what was indicated earlier :-) Low surprise factor.

The 'Connect to server desktops' and 'Connect to my computer at work'
shortcuts use a mechanism known as the RDP Proxy. Yes, this uses 4125. The
RDP Proxy dynamically opens the connection to the requesting IP so at this
point you have a fairly complex routing picture if you want to go from
inside the LAN, out to your WAN interface, reflect back in, then establish
the connection. Theoretically it should either work or not but I wouldn't
lay London to a brick on it.

The most common failure I see where connection to RWW is possible but then
either constant or erratic failure to connect to an RDP session is due to
stale records in DNS. This should not effect connection to SBS itself as it
should be on a static IP and therefore not be subject to stale records, it's
relatively common for workstations if the DNS updates aren't being handled
correctly. RWW hands you off to the RDP Proxy which looks at DNS to find the
IP of the device you wish to connect to, if there's stale records (multiple
records for a device) you sometimes get directed to an IP no longer in use
or in use by another workstation. Check the DNS console.

"Dave Mc" <DaveMc@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:79562779-071F-4538-988A-178080A65F76@xxxxxxxxxxxxxxxx
Hi
I have been testing from inside the LAN and getting someone ocasionally
from
outside the LAN, (I know its not ideal but loopback works on 3com
officeconnect dsl)

I can connect to OWA, when try to Connect to the Server this is when it
fails

Yes from LAN get https://SBS_external_private_IP/remote using there ip or
mail.client.com host name can login but fail on Connect to Server

From lan https://127.0.0.1/remote can login and Connect to Server



"SuperGumby [SBS MVP]" wrote:

4125 will show as closed, it is opened on SBS dynamically by RWW, and
then
only to the requesting IP. The router, if forwarding 4125 to the server
is
forwarding to a port which GRC will _never_ see as 'open'.

The request from inside the LAN to the pulic name is also _most likely_
to
fail due to a limitation of most routers in that they do not process
'loopback' connections (ie. a connection from their LAN side to the WAN
IP
and then back to the LAN.

SO, lets set ground rules for everyone else as well.

4125 IS NOT REQUIRED BY RWW, and Dave is getting a failure connecting to
RWW
(ie. https://mail.whatever/remote). The _only_ port used for this
connection
is 443. This connection should display a web page, but isn't.

Dave, you are (hopefully) testing from _outside_ the router (ie. another
ISP
connection), right?

From the LAN, do you get anything when browsing
https://SBS_external_private_IP/remote ?

"Dave Mc" <DaveMc@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:DAB8A62D-BB79-49B5-B07E-627A382FB03A@xxxxxxxxxxxxxxxx


I am testing this tool from my own lan and says 4125 port is closed,
tried
25 an that is open.
I can still rww into my lan so am i doing something wrong tested 4125


"Costas" wrote:

Dave,

Goto https://www.grc.com/x/ne.dll?bh0bkyd2 click on the "Proceed"
button
type the port you want to check and click on the 'User Specified
Custom
Port
Probe'. Try both 3389 and 4125

See what the result is. Since you can access the remote internally,
the
configuration is correct. If there was a problem with RWW you wouldn't
be
able to access it internally either. Something is preventing the
external
connections. What is the exact error number you get in Internet
Explorer?


"Dave Mc" <DaveMc@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:CE06F045-32BC-4DCE-91F8-8150CF545489@xxxxxxxxxxxxxxxx
Hi Costas,

It has a hardware sonicwall firewall. The user has lost the password
so
before resetting this I brought in 3com officeconnect. did all the
usual
setup of this configured firewall ports as below. Wont connect. I
turned
off
firewall and tryed with no luck.

Is there any way of testing connections to port 4125

Maybe it needs a RWW reinstall?

"Costas" wrote:

This is most probably a firewall issue. I would start by disabling
the
firewall on the router and see if you can access the remote. If
not,
then
re-enable the firewall (with the forwarded ports as you have them
now)
and
move to the server. If you have two NICs on the server then go to
Routing
and Remote Access and check the basic firewall to make sure that
the
4125
port is open. I know you said that you run CEICW but these checks
are
for
the 'just in case' scenario.

Costas



"Dave Mc" <DaveMc@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:DCCD1D5A-17B3-4857-8415-0C821BDA5289@xxxxxxxxxxxxxxxx
Hi Costa,

It is standard edition, sp1 with security updates

"Costas" wrote:

Dave,

Is this a Standard Edition? (No ISA)? R2? Is SP2 installed?

Costas



"Dave Mc" <DaveMc@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F12E6E26-EA93-4DA6-A261-7B21C3509DD6@xxxxxxxxxxxxxxxx
Hi Costa,

No (though I wish!) I am connecting to
https://mail.test.com/remote
I can logon to owa no prob, when I try logon to server IT
waits
for
ages
and
comes back with error begining "Could not connect to the..
When I connect locally Its ok (https://127.0.0.1/remote)

I have restared iis, stopped IAC, restared default website,
companyweb,
recreated ssl certificate twice through ciecw

Any ideas Please


"Costas" wrote:

You don't use the 127.0.0.1 IP address to access the server
over
the
Internet, do you?

Costas


"Dave Mc" <DaveMc@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:2E552AA1-570A-4052-836A-257841B58156@xxxxxxxxxxxxxxxx
Hi There,
I can connect to https://127.0.0.1/remote but cannot
connect
over
the
internet.
I have checked 3com router and forwarding 4125 443 & 3389
to
the
server

I can connect to outside RWW from this server I am working
on

I have run ceiw tool, recreated ssl cert, Run remote access
tool
etc

I think it maybe corrupt any ideas please, is it possible
to
reinstall
RWW

Regards
Dave









.