Re: Netopia 3347NWG with Remote Desktop and Remote Web Workplace

Okay, while waiting, I ran the Exchange BPA anyway (after applying the
Exchange BPA updates), and here are its results:

Paging file larger than Physical Memory
[this was not strictly correct, as the current paging file was 2048MB, and
the Physical Memory is 3.50GB; however, the automatically-created settings
had a custom size of 2048MB initial and 5348MB maximum, so perhaps it was
this that triggered the error...no matter, it was a good time to reduce the
paging file on the Windows drive to 200MB and create a static one of 3500MB
on another drive.]

RPC binding does not contain FQDN
The 'ncacn_ip_tcp' binding for server SBS2003 does not contain a
fully-qualified domain name.
[fixed]

Database backup critical
Database 'Public Folder Store (SBS2003)' on server SBS2003 has never had a
full online backup.
[fixed]

Network interface driver file is more than two years old
[noted...there is no newer file available]

Storage driver is more than two years old
[noted...there is no newer file available]

The 'fast message retrieval' option is not enabled on IMAP4
[fixed]

The Network News Transfer Protocol (NNTP) service is running on server sbs2003
[now disabled and stopped]

Application log size
As a best practice, the size of the 'Application' log on server
sbs2003.domain.local should be increased. The current size is 16MB. For
servers running Microsoft Exchange, a size of 40MB or more is recommended.
[fixed...set to 40960KB]

Consider setting TarpitTime
Recipient filtering is enabled on server sbs2003.domain.local. As a best
practice, consider setting the 'TarpitTime' parameter as recommended in
Microsoft Knowledge Base article 899492.
[registry entry made, and request made for Hotfix from KB article 899492 via
"Contact Us: Hotfix Request Web Submission Form"...which Microsoft seems to
keep moving to try to hide, but is currently at:
https://support.microsoft.com/contactus/emailcontact.aspx?scid=sw;en;1414&WS=hotfix ]

Enable automatic updates for message filtering
Automatic update for the Intelligent Message Filter is not enabled on server
SBS2003. To improve the effectiveness of the filter, follow the instructions
outlined in Microsoft Knowledge Base article 907747.
[why must this be a download-only .DOC file? First it says you should
enable automatic updates for message filtering, then it says you should not
have them automatically installed!! -- and this is only the tip of the
Intelligent Message Filtering options. Done.]

Crash upload logging disabled
Exchange fatal error information on server sbs2003.domain.local is not
automatically sent to Microsoft for analysis. It is recommended that you
enable this feature through the Exchange System Manager.
[now enabled]

Sink registration not found Small Business Server Attachment Remover
Transport event sink 'Small Business Server Attachment Remover' was found in
the metabase for SMTP instance '1' on server sbs2003.domain.local but its
registration could not be found. Registration expected in
HKEY_CLASSES_ROOT\CLSID\.
[this is one I'm going to need help with...the instructions on what to do to
re-register the sink dll's are clear, but when I ran them as instructed from
the \Program Files\Exchsrvr\Bin directory, I got errors for each one, all of
them similar to this last one:
---------------------------
RegSvr32
---------------------------
msgfilter.dll was loaded, but the DllInstall entry point was not found.

This file can not be registered.
---------------------------
OK
---------------------------

So much for Exchange Best Practices Analyzer.

As for the Small Business Server 2003 Best Practices Analyzer, I was already
automatically seeking and downloading updates, so I was using the latest
version.

I followed the steps to ascertain the "IP Address and Domain Name
Restrictions" of the Default Web Site, and it was already set to Grant Access
with nothing listed as exceptions. Knowing how these settings can sometimes
be entered in the Registry incorrectly, I reset this to Deny Access (applied
to all) and clicked OK and APPLY and OK, then repeated the steps to change it
back to Grant Access.

One thing I did notice, is that for anonymous access to the Default Web
Site, it is checking the password for IUSR_SBS2003, and perhaps the problem
is there. I reset the password for this user in AD, and changed it for
Default Web Site and the other Virtual Directories in IIS Admin, as well as
for each of the Web Sites under the Virtual Directories that had anonymous
access checked.

In the message thread you mentioned, there was a mention of an ISAPI Filter
sbssft.dll for Default Web Site. It was not there, and I have added it.
However, I question whether it is indeed necessary, since a working-RRW SBS
server does not have this entry.

Having rebooted the server, it appears I have done something wrong, as the
Exchange Best Practices Analzyer now cannot connect to the first
administration group under the SERVER -- there is an orange circle with a
white X next to it.

However, I just tested from an external connection, and REMOTE WEB WORKPLACE
IS NOW WORKING !!!

Huzzah, Merv! Thank you.

That fixes both RWW and RDC, so I think I'll stop this thread, and start a
new one in the Exchange newsgroup.


"Merv Porter [SBS-MVP]" wrote:

That second link should be:

Small Business Server 2003 Best Practices Analyzer Updated
http://blogs.technet.com/sbs/archive/2008/02/20/small-business-server-2003-best-practices-analyzer-updated.aspx


Also, let's look at IP restrictions (as in this thread):
http://groups.google.com/group/microsoft.public.windows.server.sbs/browse_thread/thread/1c4d49062fbed5c0/6ef2c2be383e1d30?hl=en&lnk=st&q=RWW+Lost+after+SBS2003+Reinstallation#6ef2c2be383e1d30


This issue can be caused by incorrect IP restriction settings. Let's try
following steps to see if it works:

1. Open Server Management and expand to Internet Information Services node.
2. Open the Default Web Site's properties
3. Click the Directory Security tab.
4. Click the Edit button next to the IP Address and Domain Name Restrictions
heading.
5. Click to choose Granted Access and remove all the entries.
6. Click OK.

--
Merv Porter [SBS-MVP]
============================

"Greg Kirkpatrick [SBSC,MCTS-Vista,MCITP]" <greg@xxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message news:71331AC0-ADFC-44C4-B515-AB5FCC9FFB1A@xxxxxxxxxxxxxxxx
Correct -- the working-RWW server is named "win2003", but it is an SBS
2003
Premium R2. The non-working-RWW server is named "sbs2003" and it is an
SBS
2003 Premium R1. Hopefully, that won't make any difference in RWw's
setup.

Your second link was the same as the first, perhaps you meant this one?
Microsoft Exchange Best Practices Analyzer Web Update Pack
http://www.microsoft.com/downloads/details.aspx?familyid=4f2f1339-cbcd-4d26-9174-f30c10d7ec4c&displaylang=en

When I ran SBS 2003 Best Practices Analyzer, I got these 6 warnings:
Network driver is more than a year old [I know this, but there doesn't
appear to be an update, either from OEM, Tyan (most recent 2006/01/09) or
from Vendor, nVidia (most recent 2006/07). ]
EDNS is enabled [never heard of this, but I followed the steps to disable
it]
The OWA update is not installed [it is now]
Reverse DNS zone does not allow for secure updates [so why wasn't this set
automatically? it does now.]
Windows Backup Wizard has not yet run [I know -- I was waiting to get this
clean, but now's a good time, I think]
Microsoft Outlook 2003 is missing [from the ClientApps folder--I hadn't
installed Outlook 2003 or IE6, as all the workstations are on Office 2007
&
IE7, but to keep BPA happy, I did so]

The Reverse DNS message was a tad vague:
You should configure Reverse Lookup Zone: 16.168.192.in-addr.arpa to allow
only secure dynamic updates. To configure the Reverse Lookup Zone, click
Start, point to Administrative Tools, and then click DNS. Right-click the
Reverse Lookup Zone: 16.168.192.in-addr.arpa, and then click Properties.
Select Secure only from the Dynamic Updates dropdown list.

When I looked in DNS, the only entry under Reverse Lookup Zones was
"192.168.16.x Subnet". I tried to create "16.168.192.in-addr.arpa" -- but
then I was told that it already exists. So I went to "192.168.16.x
Subnet"
and right-clicked, and clicked on Properties, and on the General tab, I
changed the Dynamic Updates drop-down from "non-secure and secure" to
"Secure
only". [Rhetorical question: why on earth is this option even necessary?
would there ever be a reason to have this set to anything except "Secure
only"? and if not, why doesn't Windows Update set this automatically?]

None of those warnings would appear to have any effect on the non-working
of
RWW, and in fact, following the changes, RWW is still showing "You are not
authorized to view this page" from external and internal workstations.





"Merv Porter [SBS-MVP]" wrote:

"while on the working-RWW server (win2003)..."

Wait a minute... RWW only comes with SBS 2003. I trust you really mean
that this is just another SBS 2003 server (that is functioning properly).

At this point I would install adn run a scan with the SBS 2003 BPA:

Microsoft Windows Small Business Server 2003 Best Practices Analyzer
http://207.46.19.190/downloads/details.aspx?familyid=3874527A-DE19-49BB-800F-352F3B6F2922&displaylang=en

Small Business Server 2003 Best Practices Analyzer Updated
http://207.46.19.190/downloads/details.aspx?familyid=3874527A-DE19-49BB-800F-352F3B6F2922&displaylang=en

How to Use the Windows SBS 2003 BPA
http://blogs.technet.com/sbs/archive/2007/10/22/how-to-use-the-windows-sbs-2003-bpa.aspx

--
Merv Porter [SBS-MVP]
============================

"Greg Kirkpatrick [SBSC,MCTS-Vista,MCITP]"
<greg@xxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message
news:FA26C6AF-0C69-44E7-9127-73A09785D38E@xxxxxxxxxxxxxxxx
I have compared this SBS 2003 server with another one on which RWW is
running
fine.
These are some of the differences:

In the non-working-RWW server (sbs2003), in the properties of the
Default
Web Site, under Home Directory, the Execute Permissions were set to
"Scripts
only", while on the working-RWW server (win2003), it was set to
"Scripts
and
Executables". On sbs2003, the Application Pool was set to StsAppPool1;
on
win2003, it is set to DefaultAppPool. On win2003, the Documents tab
shows
four items: Default.htm, Default.asp, index.htm, and iistart.htm. On
sbs2003, there was a fifth (last) item: Default.aspx. On sbs2003, the
ISAPI
Filters tab shows SBSFLT with High Priority, followed by fpexedll.dll
with
Low Priority, and Owalogon with "Unknown" priority. On win2003, the
same,
except SBSFLT is not listed. On sbs2003, HTTP Headers tab has "Enable
content expiration" checked, and "Expire after 30 days" selected. On
win2003, that is not checked; and under Custom Web Header, win2003 has
listed
MicrosoftOfficeWebServer: 5.0_Pub and XP-Powered-By: ASP.NET. On
sbs2003,
only XP-Powered-By: ASP.NET is listed. On win2003, on the Server
Extensions
2003 tab, it says "Microsoft SharePoint is installed on this site.
Version
5.0.2.6790. On sbs2003, it says: This server has not been configured
to
use
the server extensions.

I configured the server extensions for the Default Web Site under
sbs2003,
and made changes to mimic the settings on win2003. However, I am still
getting "you are not authorized to view this page" when I attempt to
access
https://sbs2003.domain.com/Remote.



"Greg Kirkpatrick" wrote:

This is the pertintent text from KB925653:
--------------------------------------------------------------------------------
In this situation, the default.aspx page is not added to the list of
default
content pages for the remote virtual directory in IIS.

RESOLUTION
To resolve this issue, follow these steps:
1. Click Start, point to Administrative Tools, and then click Internet
Information Services (IIS) Manager.
2. Under ComputerName (local computer), expand Web Sites, expand
Default
Web
Site, right-click Remote, and then click Properties.
3. In the Remote Properties dialog box, click the Documents tab, and
then
click Add.
4. In the Add Content Page dialog box, type default.aspx in the
Default
content page box, and then click OK two times.
--------------------------------------------------------------------------------
APPLIES TO
. Microsoft Windows Small Business Server 2003 Premium Edition
. Microsoft Windows Small Business Server 2003 Standard Edition

Keywords: kbtshoot kbprb KB925653
--------------------------------------------------------------------------------

When I checked, there was a Default.aspx created in the Documents of
the
Remote properties, but it was listed last. I deleted it, and
recreated
it as
default.aspx, and moved it to the top of the list. However, when I
attempted
to access RWW via an external computer, I got the same "You are not
authorized to view this page".

I then looked at this message:

OWA and RWW not accessible.
http://groups.google.com/group/microsoft.public.windows.server.sbs/msg/0fe8e7fea60c5efc
--------------------------------------------------------------------------------
[quoting Robert Li of MSFT]:

"All Windows Small Business Server Website and Virtual Directories
work
only
with .Net Framework 1.1 and are no support with 2.0

- Default website
- Exchange (OWA)
- Remote (RWW)
- ActiveSync
- OMA and all
- Companyweb
- SharePoint Central Administration
- Microsoft SharePoint Administration"


1. Open Internet Information Services (IIS) Manager
2. Expand to Server | Web Sites | Default Web Sites
3. Right click the each web site and select Properties.
4. On the ASP.NET tab, make sure the version is 1.1.4322.
--------------------------------------------------------------------------------

I will not install .NET Framework 2.0 or 3.0 or 3.5 -- I don't want
companyweb and Monitoring to break again.

However, when I checked the properties for Default Web Site, .NET
Framework
2.0 was installed (the ASP.NET tab was there) -- something must done
it.
ARGH! I have uninstalled .NET 2.0 Framework.

Now, the ASP.NET tab is not present in the properties for Default Web
Site
or any virtual directories, so they have to be using 1.1.

I found, in the messages you referenced, a mention of the ASP.NET IIS
Registration Tool (Aspnet_regiis.exe):
http://msdn.microsoft.com/en-us/library/k6h9cz8h.aspx

This is a GREAT command-prompt tool, as it confirms exactly what is
mapped
to where instantly:
%WINDIR%\Microsoft.NET\Framework\v1.1.4322\Aspnet_regiis.exe -lk

It also gives a way, via command-prompt commands, to change what is
needed.

I think it is tragic that, as Robert Li of MSFT says:

"When installing .NET Framework 2.0 on Windows Small Business Server,
all the websites are automatically switched to use .NET Framework 2.0
which
they are not intended to work with."

This is a recipe for disaster!
Especially since so many other programs, including "WSUS 3.0", require
.NET
Framework 2.0.

Why is there NO WARNING GIVEN when installing .NET Framework 2.0 (or
3.0
or
3.5) on SBS 2003?
[This is a rhetorical question, as I don't expect you to answer it.]

Some progress is being made, however:

When I navigate to http://sbs2003.domain.com/ and see the Default Web
Site
(as permissions are still, temporarily, unrestricted), I can now click
on
Information and Answers and see http://sbs2003.domain.com/ClientHelp
and
its
sub-pages -- which previously gave me "The page cannot be found".

Clicking on Network Configuration Wizard still gets
http://sbs2003.domain.com/ConnectComputer -- "The page cannot be
found".

Clicking on Remote Web Workplace still gets
http://sbs2003.domain.com/Remote
-- "You are not authorized to view this page". Changing that to
https://sbs2003.domain.com/Remote has the same result.

Since some parts of an uninstall wait for a reboot, I rebooted the
server,
just to see whether that would make any difference. It didn't.



"Merv Porter [SBS-MVP]" wrote:

What if you now go back to...

Error message when you try to access the Remote Web Workplace in
Windows
Small Business Server 2003: "You are not authorized to view this
page"
http://support.microsoft.com/kb/925653
.

Loading