Re: RRAS Port configuration
- From: v-gzwang@xxxxxxxxxxxxxxxxxxxx (Guozhen Wang[MSFT])
- Date: Mon, 23 Jun 2008 08:32:02 GMT
Hi Warren,
Thanks for your detail information.
I agree with Joe. And according to your description, I think this issue
should not related to RRAS configuration.It looks more like due to
problematic updates. I would like to suggest that you check the newest
update in Add or Remove Programs, remove it as a test.
If it is Windows Server 2003 sp2, please referring to the steps in the
following KB article:
You may experience network-related problems after you install Windows
Server 2003 SP2 or the Scalable Networking Pack on a Windows Server
2003-based computer
http://support.microsoft.com/kb/936594/
If the problems still persists, please help to gather Network Monitor logs
for further analysis. Below are the steps:
1. Download Network Montior at below:
http://www.microsoft.com/downloads/details.aspx?FamilyID=18b1d59d-f4d8-4213-
8d17-2f6dde7d7aac&displaylang=en
2. Run Network Monitor on SBS server, and then follow the steps below to
configure the correct parameters:
a. Click Capture -> Buffer Settings, and then set the Buffer Size to 30 MB.
b. You are asked to choose an interface. Network Monitor will capture some
packets which pass through this interface. Please choose the related NIC.
Since all interfaces are listed as their MAC addresses, it may be difficult
for us to choose a proper interface. You can run the command "ipconfig
/all" in the Command Prompt. This command will list the MAC addresses of
all interfaces. Choose a proper interface.
(If you need to change an interface, please click the Networks item on the
Captures menu in the Network Monitor window.)
3. Click Start on the Capture menu to capture network packets.
4. Please try to access the DDNS service. Wait until error occurs. (How
long will this process take?)
5. Then click the Stop Capture button to stop netmon capture.
6. Save and compress the netmon trace files and send the files to me at
v-gzwang@xxxxxxxxxxxxx
In addition, let me know the IP addresses of the server and problem
workstation.
I look forward to your reply. Also, if you have any questions or concerns,
please do not hesitate to let me know. I am happy to help. :-)
Thank you for your time and cooperation!
Best regards,
Gary Wang(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Date: Sun, 22 Jun 2008 21:23:37 +0100
| From: Joe <joe@xxxxxxxxxxxxxx>
| User-Agent: Mozilla-Thunderbird 2.0.0.14 (X11/20080509)
| MIME-Version: 1.0
| Subject: Re: RRAS Port configuration
| References: <63E65AA5-1767-4D1B-83CE-5F3E746DA020@xxxxxxxxxxxxx>
<weRzXUs0IHA.1308@xxxxxxxxxxxxxxxxxxxxxx>
<AF4348CD-C721-432E-B036-3AA76FC11B26@xxxxxxxxxxxxx>
<OLlRQKH1IHA.3920@xxxxxxxxxxxxxxxxxxxx>
<3BE6027C-B028-4646-A853-7A0658BA5BF6@xxxxxxxxxxxxx>
| In-Reply-To: <3BE6027C-B028-4646-A853-7A0658BA5BF6@xxxxxxxxxxxxx>
| Content-Type: text/plain; charset=ISO-8859-1; format=flowed
| Content-Transfer-Encoding: 7bit
| Message-ID: <eudRcXK1IHA.5564@xxxxxxxxxxxxxxxxxxxx>
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: jretradingltd.demon.co.uk 80.177.211.93
| Lines: 1
| Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP06.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:112629
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Warren Machanik wrote:
|
| "Joe" wrote:
| > > Warren Machanik wrote:
| >> > > Firstly sorry for the delay in gettin gback to you I did not
| receive a
| >> > > notification of a reply, may be a problem with my email hosting
| company (not
| >> > > the same ISP I use to connec tot he itnernet by the way)
| >> > >
| >> > > Thank you for your reply, in answer to your questions. I am
| using RRAS as a
| >> > > basic firewall. I have two NIC's in the server. The one NIC is
| connected to
| >> > > the internal switch the other is connected to a wireless iBurst
| device, that
| >> > > connects to the internet. All this was working fine unitl the
| latest security
| >> > > patches from Microsoft were downloaded and installed.
| >> > >
| >> > > The problem is that the iBurst device works in a strange way
| that I cannot
| >> > > understand and the technical people could not explain how it
| works to me
| >> > > either, it conencts to the internet via PPPoE and does not get
| issued an IP
| >> > > address. The server obviously gives it one of those random 169
| addresses.
| >> > > Normally what would happen is the DDNS service I have been using
| would
| >> > > establish the external IP and then map the internet to it, that
| way I could
| >> > > use Mobile Active Sync, OMA, and OWA.
| >> > >
| >> > > However now the DDNS service crashes and reports that TCP
| traffic is blocked
| >> > > on port 40019 (sorry I made a mistake the last post kept on
| putting 40010
| >> > > instead).
| >> > >
| >> > > So I went into RRAS and try doing what you said already, but the
| problem is
| >> > > that you cannot open a whole class "B" and as stated I have no
| idea what the
| >> > > external IP is goin got be since the ISP issues an IP in that
| class "B" range
| >> > > (41.208.x.x). I have tried using 127.0.0.1 but that interface I
| assume is the
| >> > > default interface which I believe is the internal network.
| >> > >
| >> > > Hope this makes it clearer
| > >
| > > A little. The short answer is that a server should never have a
| dynamic
| > > IP address, for this and other reasons, so the problem shouldn't
| arise.
| > > Can your ISP recommend a suitable router that works with its
| service and
| > > also your DDNS service? Internet routers usually have DDNS software
| > > built-in, which would eliminate the problem completely as far as
| the SBS
| > > is concerned. If not, at least you'd only be concerned with one IP
| > > address for the SBS. Routers tend to have fairly flexible filtering
| > > arrangements, much more so than RRAS.
| > >
|
| The problem is that in South Africa we have STUPID ISP's that protect
their
| dedicated IP connections. the cheapest method available here that has a
| dedicated IP is the same as $250.00 a month, which for me woudl work out
to
| over $60 per user, and that is restricited to 3G of downloads a month so
it
| is not worth it. So we have to get around this problem using a DDNS
| service.
| I have no router and had not planned to purchase one to solve a problem I
| have only had since MS did some security tweaking in the latest updates. I
| have used SBS to try get all the features I had go used to at my
| previous job
| that mean I can use Active Sync Remotely, OMA, and RPC over HTTPS.
|
| The DDNS service I have used successfully for almost 3 years is a prodct
| called Direct Update. It is now telling me that it cannot work since port
| 40019 is blocked, and all I would like to do is tell the SBS server to
| unblack that port for all comms, without turning of the basic firewall
| setting
|
|
|
|
| Yes, I had assumed there was some reason for your question. Personally,
| I don't see why (or how) a DDNS system would need to make inbound
| contact to an IP address which it supposedly does not know. All DDNS
| software I've ever known connects outward, from the location with the
| newly unknown IP address. The RRAS basic firewall has no problem sending
| things out, it just blocks unsolicited inbound messages, and while I
| haven't looked at a 2-NIC SBS basic firewall for some time, I seem to
| recall the packet filters had a network address/netmask type of
| configuration, which should do what you want.
|
.
- Follow-Ups:
- Re: RRAS Port configuration
- From: Warren Machanik
- Re: RRAS Port configuration
- References:
- RE: RRAS Port configuration
- From: Guozhen Wang[MSFT]
- RE: RRAS Port configuration
- From: Warren Machanik
- Re: RRAS Port configuration
- From: Joe
- Re: RRAS Port configuration
- From: Warren Machanik
- Re: RRAS Port configuration
- From: Joe
- RE: RRAS Port configuration
- Prev by Date: RE: Cannot install SBS setup error;
- Next by Date: RE: Error Sending Using Outlook RPC over HTTP
- Previous by thread: Re: RRAS Port configuration
- Next by thread: Re: RRAS Port configuration
- Index(es):
Relevant Pages
|
