RE: Group Policy, Firewall and RDP - Terminal Services

Hello Customer,

Thank you for posting here.

From your post, I understand that after modifying some group policies, all
the clients cannot be connected remotely.

I suggest you try following steps:

Step 1: Re-running CEICW on SBS server:
=============================
Let's re-run CEICW to reset the network configuration. Please refer to
following article to do this.

How to configure Internet access in Windows Small Business Server 2003
http://support.microsoft.com/kb/825763/en-us

Then, please re-run configure remote access wizard.

After that, please download connection manager from RWW to the clients and
check if it works.

Step 2:
=====
1. Edit Small Business Server Windows Firewall GPO
2. Navigate to Computer Configuration-->Administrative
Templates-->Network-->Network Connections-->Windows Firewall-->Domain
Profile
3. Double click Windows Firewall: Allow Remote Desktop exception.
4. Ensure it is enabled and * is in the box.

Step 3:
=====
1. Run gpresult /z > c:\gp.txt
2. Open gp.txt and check if following policy is enabled:

Computer Configuration--->Administrative Templates-->Windows
Components-->Terminal Services.

If not, please enabled it in Default Domain Policy.

I hope the above information is helpful to you. If the problem still
occurs, please reproduce the problem and help me gather following
information:

1. Please let me know the detailed information of your network topology.

2. On the server, try to telnet the client workstation at port 3389, what
is the result?

telnet ClientName 3389
telnet ClientIP 3389

3. Please help me capture screenshots of all error messages you encountered
and send them to v-mzhuan@xxxxxxxxxxxxx

To capture the image, we can perform the steps below:

(a) When the error message appears, press the Print Screen key several
times (this key is located to the right of the F12 key on the keyboard)
(b) Open Paint ['start' => 'All Programs' => 'Accessories' => 'Paint'].
(c) Click Edit (menu) -> Paste or press Ctrl + V.
(d) Click File (menu) -> Save. Save it as a .jpg or .gif file and send it
to me as an attachment.

4. GP result
========
On the problematic clients, type the following command in command prompt,
and then press ENTER:
"gpresult -Z > C:\gpresult_z.txt" (without the quotation marks)

This creates a list of the implemented policies on the machine in the
following text file: C:\gpresult_z.txt. Please send this file to
v-mzhuan@xxxxxxxxxxxxxx

5. Please download the MPS Report tool from the following link and run it
on both the client workstation and the SBS server, then send the generated
CAB file to my mailbox v-mzhuan@xxxxxxxxxxxxx for further investigation so
that we can find what the root cause is:

http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0bd9
15706/MPSRPT_SETUPPerf.EXE

For your information:
http://www.microsoft.com/downloads/details.aspx?FamilyId=CEBF3C7C-7CA5-408F-
88B7-F9C79B7306C0&displaylang=en

Please try the above steps at your earliest convenience. If you have any
concern, please feel free to let me know.

Best regards,

Manfred Zhuang(MSFT)
Microsoft Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: Group Policy, Firewall and RDP - Terminal Services
| thread-index: AcgMg83ngibx16EoQoCq0irskk9Gzw==
| X-WBNR-Posting-Host: 207.46.192.207
| From: =?Utf-8?B?SGVscGluRkw=?= <HelpinFL@xxxxxxxxxxxxxxxxxxxxxxxxx>
| Subject: Group Policy, Firewall and RDP - Terminal Services
| Date: Thu, 11 Oct 2007 20:56:01 -0700
| Lines: 13
| Message-ID: <DB7F8E87-6DA3-4252-A0FA-67567F1CF65B@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2929
| Newsgroups: microsoft.public.windows.server.sbs
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:68852
| NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| I have recently moved to a new location with new external IP's, etc.
Today I
| have found that I may have inadvertently changed something on the Group
| Policy with the Firewalls.
|
| I can't seem to Remotely login to any computer except the Server. I
can't
| VPN into any computer except the Server. I can't even Terminal Service
into
| a computer from the Server.
|
| I was trying to make some changes to the Group Policy of the Client
| Computers Firewall. It sounds like I have locked myself out of Remote
| Connections all together.
|
| Please Help. Thank you.
|

.

Relevant Pages

  • RE: document spools then disappears in Remote printing in RWW
    ... then access RWW site and then connect to the server box to print? ... The remote machine ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • RE: Check Your Server Configuration
    ... Some clients are connecting ... > When installing WSUS on Windows Small Business Server 2003, ... > enables V4 and V5 clients to selfupdate through the default Web site. ... > computer running Small Business Server that also has Microsoft Windows ...
    (microsoft.public.windows.server.sbs)
  • SecurityFocus Microsoft Newsletter #172
    ... MICROSOFT VULNERABILITY SUMMARY ... LionMax Software WWW File Share Pro Remote Denial of Service... ... Sun Microsystems Sun One Web Server Remote Buffer Overflow V... ...
    (Focus-Microsoft)
  • RE: Check Your Server Configuration
    ... you still get that error message in your WSUS? ... Please note that Windows Server update service currently is not supported ... Microsoft is providing this information as a convenience to you. ... >> site WSUS vroots access settings must be modified to enable WUS clients ...
    (microsoft.public.windows.server.sbs)
  • Re: Cannot connect to desktops on LAN using RWW or RDC
    ... Microsoft CSS Online Newsgroup Support ... but you can RDP to the server. ... >> Users cannot connect to remote desktops by using the Windows Small ...
    (microsoft.public.windows.server.sbs)