Re: Netopia 3347NWG with Remote Desktop and Remote Web Workplace

Sounds like you're getting closer Greg. :-)

What error message are you getting when you try to access a workstation via
RWW? In your router, are you sure you have port 4125 forwarded to your
external NIC (192.168.2.10)?

You can take the router out of the equation by connecting a spare
workstation or laptop to a port onthe router, putting it in a workgroup,
giving it an IP address in the same range as the LAN side of the router
(192.168.2.x) and giving it a gateway of the router IP address
(192.168.2.10). Then try to RWW into the server and workstations. If you
still can't, then their is a configuration or software issue with the SBS
server.

--
Merv Porter [SBS-MVP]
============================


"Greg Kirkpatrick [SBSC,MCTS-Vista,MCITP]" <greg@xxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message news:1FDE6D63-94B1-4631-913A-49F23E1DA198@xxxxxxxxxxxxxxxx
Again, Merv, thank you for your help!

I figured out the reason Exchange Best Practices Analyzer could not
connect
to the server -- a mistyping in the previous entry was the culprit. It's
working fine now, with (almost) no issues, and certainly no critical ones.

While Remote Web Workplace is working, and Remote Desktop Connection will
connect directly with the server (port 3389 is forwarded to 192.168.2.10,
the
WAN Ethernet adapter of the server), I cannot Connect to Server Desktops
or
Connect to Client Desktops from Remote Web Workplace. I have seen this
problem in newsgroups previously, so perhaps I can find the solution.



"Greg Kirkpatrick [SBSC,MCTS-Vista,MCITP]" wrote:

Okay, while waiting, I ran the Exchange BPA anyway (after applying the
Exchange BPA updates), and here are its results:

Paging file larger than Physical Memory
[this was not strictly correct, as the current paging file was 2048MB,
and
the Physical Memory is 3.50GB; however, the automatically-created
settings
had a custom size of 2048MB initial and 5348MB maximum, so perhaps it was
this that triggered the error...no matter, it was a good time to reduce
the
paging file on the Windows drive to 200MB and create a static one of
3500MB
on another drive.]

RPC binding does not contain FQDN
The 'ncacn_ip_tcp' binding for server SBS2003 does not contain a
fully-qualified domain name.
[fixed]

Database backup critical
Database 'Public Folder Store (SBS2003)' on server SBS2003 has never had
a
full online backup.
[fixed]

Network interface driver file is more than two years old
[noted...there is no newer file available]

Storage driver is more than two years old
[noted...there is no newer file available]

The 'fast message retrieval' option is not enabled on IMAP4
[fixed]

The Network News Transfer Protocol (NNTP) service is running on server
sbs2003
[now disabled and stopped]

Application log size
As a best practice, the size of the 'Application' log on server
sbs2003.domain.local should be increased. The current size is 16MB. For
servers running Microsoft Exchange, a size of 40MB or more is
recommended.
[fixed...set to 40960KB]

Consider setting TarpitTime
Recipient filtering is enabled on server sbs2003.domain.local. As a best
practice, consider setting the 'TarpitTime' parameter as recommended in
Microsoft Knowledge Base article 899492.
[registry entry made, and request made for Hotfix from KB article 899492
via
"Contact Us: Hotfix Request Web Submission Form"...which Microsoft seems
to
keep moving to try to hide, but is currently at:
https://support.microsoft.com/contactus/emailcontact.aspx?scid=sw;en;1414&WS=hotfix ]

Enable automatic updates for message filtering
Automatic update for the Intelligent Message Filter is not enabled on
server
SBS2003. To improve the effectiveness of the filter, follow the
instructions
outlined in Microsoft Knowledge Base article 907747.
[why must this be a download-only .DOC file? First it says you should
enable automatic updates for message filtering, then it says you should
not
have them automatically installed!! -- and this is only the tip of the
Intelligent Message Filtering options. Done.]

Crash upload logging disabled
Exchange fatal error information on server sbs2003.domain.local is not
automatically sent to Microsoft for analysis. It is recommended that you
enable this feature through the Exchange System Manager.
[now enabled]

Sink registration not found Small Business Server Attachment Remover
Transport event sink 'Small Business Server Attachment Remover' was found
in
the metabase for SMTP instance '1' on server sbs2003.domain.local but its
registration could not be found. Registration expected in
HKEY_CLASSES_ROOT\CLSID\.
[this is one I'm going to need help with...the instructions on what to do
to
re-register the sink dll's are clear, but when I ran them as instructed
from
the \Program Files\Exchsrvr\Bin directory, I got errors for each one, all
of
them similar to this last one:
---------------------------
RegSvr32
---------------------------
msgfilter.dll was loaded, but the DllInstall entry point was not found.

This file can not be registered.
---------------------------
OK
---------------------------

So much for Exchange Best Practices Analyzer.

As for the Small Business Server 2003 Best Practices Analyzer, I was
already
automatically seeking and downloading updates, so I was using the latest
version.

I followed the steps to ascertain the "IP Address and Domain Name
Restrictions" of the Default Web Site, and it was already set to Grant
Access
with nothing listed as exceptions. Knowing how these settings can
sometimes
be entered in the Registry incorrectly, I reset this to Deny Access
(applied
to all) and clicked OK and APPLY and OK, then repeated the steps to
change it
back to Grant Access.

One thing I did notice, is that for anonymous access to the Default Web
Site, it is checking the password for IUSR_SBS2003, and perhaps the
problem
is there. I reset the password for this user in AD, and changed it for
Default Web Site and the other Virtual Directories in IIS Admin, as well
as
for each of the Web Sites under the Virtual Directories that had
anonymous
access checked.

In the message thread you mentioned, there was a mention of an ISAPI
Filter
sbssft.dll for Default Web Site. It was not there, and I have added it.
However, I question whether it is indeed necessary, since a working-RRW
SBS
server does not have this entry.

Having rebooted the server, it appears I have done something wrong, as
the
Exchange Best Practices Analzyer now cannot connect to the first
administration group under the SERVER -- there is an orange circle with a
white X next to it.

However, I just tested from an external connection, and REMOTE WEB
WORKPLACE
IS NOW WORKING !!!

Huzzah, Merv! Thank you.

That fixes both RWW and RDC, so I think I'll stop this thread, and start
a
new one in the Exchange newsgroup.


"Merv Porter [SBS-MVP]" wrote:

That second link should be:

Small Business Server 2003 Best Practices Analyzer Updated
http://blogs.technet.com/sbs/archive/2008/02/20/small-business-server-2003-best-practices-analyzer-updated.aspx


Also, let's look at IP restrictions (as in this thread):
http://groups.google.com/group/microsoft.public.windows.server.sbs/browse_thread/thread/1c4d49062fbed5c0/6ef2c2be383e1d30?hl=en&lnk=st&q=RWW+Lost+after+SBS2003+Reinstallation#6ef2c2be383e1d30


This issue can be caused by incorrect IP restriction settings. Let's
try
following steps to see if it works:

1. Open Server Management and expand to Internet Information Services
node.
2. Open the Default Web Site's properties
3. Click the Directory Security tab.
4. Click the Edit button next to the IP Address and Domain Name
Restrictions
heading.
5. Click to choose Granted Access and remove all the entries.
6. Click OK.

--
Merv Porter [SBS-MVP]
============================

"Greg Kirkpatrick [SBSC,MCTS-Vista,MCITP]"
<greg@xxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message
news:71331AC0-ADFC-44C4-B515-AB5FCC9FFB1A@xxxxxxxxxxxxxxxx
Correct -- the working-RWW server is named "win2003", but it is an
SBS
2003
Premium R2. The non-working-RWW server is named "sbs2003" and it is
an
SBS
2003 Premium R1. Hopefully, that won't make any difference in RWw's
setup.

Your second link was the same as the first, perhaps you meant this
one?
Microsoft Exchange Best Practices Analyzer Web Update Pack
http://www.microsoft.com/downloads/details.aspx?familyid=4f2f1339-cbcd-4d26-9174-f30c10d7ec4c&displaylang=en

When I ran SBS 2003 Best Practices Analyzer, I got these 6 warnings:
Network driver is more than a year old [I know this, but there
doesn't
appear to be an update, either from OEM, Tyan (most recent
2006/01/09) or
from Vendor, nVidia (most recent 2006/07). ]
EDNS is enabled [never heard of this, but I followed the steps to
disable
it]
The OWA update is not installed [it is now]
Reverse DNS zone does not allow for secure updates [so why wasn't
this set
automatically? it does now.]
Windows Backup Wizard has not yet run [I know -- I was waiting to get
this
clean, but now's a good time, I think]
Microsoft Outlook 2003 is missing [from the ClientApps folder--I
hadn't
installed Outlook 2003 or IE6, as all the workstations are on Office
2007
&
IE7, but to keep BPA happy, I did so]

The Reverse DNS message was a tad vague:
You should configure Reverse Lookup Zone: 16.168.192.in-addr.arpa to
allow
only secure dynamic updates. To configure the Reverse Lookup Zone,
click
Start, point to Administrative Tools, and then click DNS. Right-click
the
Reverse Lookup Zone: 16.168.192.in-addr.arpa, and then click
Properties.
Select Secure only from the Dynamic Updates dropdown list.

When I looked in DNS, the only entry under Reverse Lookup Zones was
"192.168.16.x Subnet". I tried to create
"16.168.192.in-addr.arpa" -- but
then I was told that it already exists. So I went to "192.168.16.x
Subnet"
and right-clicked, and clicked on Properties, and on the General tab,
I
changed the Dynamic Updates drop-down from "non-secure and secure" to
"Secure
only". [Rhetorical question: why on earth is this option even
necessary?
would there ever be a reason to have this set to anything except
"Secure
only"? and if not, why doesn't Windows Update set this
automatically?]

None of those warnings would appear to have any effect on the
non-working
of
RWW, and in fact, following the changes, RWW is still showing "You
are not
authorized to view this page" from external and internal
workstations.





"Merv Porter [SBS-MVP]" wrote:

"while on the working-RWW server (win2003)..."

Wait a minute... RWW only comes with SBS 2003. I trust you really
mean
that this is just another SBS 2003 server (that is functioning
properly).

At this point I would install adn run a scan with the SBS 2003 BPA:

Microsoft Windows Small Business Server 2003 Best Practices Analyzer
http://207.46.19.190/downloads/details.aspx?familyid=3874527A-DE19-49BB-800F-352F3B6F2922&displaylang=en

Small Business Server 2003 Best Practices Analyzer Updated
http://207.46.19.190/downloads/details.aspx?familyid=3874527A-DE19-49BB-800F-352F3B6F2922&displaylang=en

How to Use the Windows SBS 2003 BPA
http://blogs.technet.com/sbs/archive/2007/10/22/how-to-use-the-windows-sbs-2003-bpa.aspx

--
Merv Porter [SBS-MVP]
============================

"Greg Kirkpatrick [SBSC,MCTS-Vista,MCITP]"
<greg@xxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message
news:FA26C6AF-0C69-44E7-9127-73A09785D38E@xxxxxxxxxxxxxxxx
I have compared this SBS 2003 server with another one on which RWW
is
running
fine.
These are some of the differences:

In the non-working-RWW server (sbs2003), in the properties of the
Default
Web Site, under Home Directory, the Execute Permissions were set
to
"Scripts
only", while on the working-RWW server (win2003), it was set to
"Scripts
and
Executables". On sbs2003, the Application Pool was set to
StsAppPool1;
on
win2003, it is set to DefaultAppPool. On win2003, the Documents
tab
shows
four items: Default.htm, Default.asp, index.htm, and iistart.htm.
On
sbs2003, there was a fifth (last) item: Default.aspx. On sbs2003,
the
ISAPI
Filters tab shows SBSFLT with High Priority, followed by
fpexedll.dll
with
Low Priority, and Owalogon with "Unknown" priority. On win2003,
the
same,
except SBSFLT is not listed. On sbs2003, HTTP Headers tab has
"Enable
content expiration" checked, and "Expire after 30 days" selected.
On
win2003, that is not checked; and under Custom Web Header, win2003
has
listed
MicrosoftOfficeWebServer: 5.0_Pub and XP-Powered-By: ASP.NET. On
sbs2003,
only XP-Powered-By: ASP.NET is listed. On win2003, on the Server
Extensions
2003 tab, it says "Microsoft SharePoint is installed on this site.
Version
5.0.2.6790. On sbs2003, it says: This server has not been
configured
to
use
the server extensions.

I configured the server extensions for the Default Web Site under
sbs2003,
and made changes to mimic the settings on win2003. However, I am
still
getting "you are not authorized to view this page" when I attempt
to
access
https://sbs2003.domain.com/Remote.



"Greg Kirkpatrick" wrote:

This is the pertintent text from KB925653:
--------------------------------------------------------------------------------
In this situation, the default.aspx page is not added to the list
of
default
content pages for the remote virtual directory in IIS.

RESOLUTION
To resolve this issue, follow these steps:
1. Click Start, point to Administrative Tools, and then click
Internet
Information Services (IIS) Manager.
2. Under ComputerName (local computer), expand Web Sites, expand
Default
Web
Site, right-click Remote, and then click Properties.
3. In the Remote Properties dialog box, click the Documents tab,
and
then
click Add.
4. In the Add Content Page dialog box, type default.aspx in the
Default
content page box, and then click OK two times.
--------------------------------------------------------------------------------


.