Re: Cannot connect client to server 2003

Hello Customer,

Thank you for your update. And also thank Cliff for the good input.

I agree with Cliff, you need to reconfigure the IP schema of your SBS
network.

I suggest the network topology as following:

{Internet}=={router/firewall}=={switch}=={SBS and internal clients}

Therefore, the IP configuration like below:

Router/firewall external NIC:
IP Address: 67.91.25.162
Subnet Mask: 255.255.255.240
Default Gateway: 67.91.25.161
DNS Servers: 65.106.1.196
65.106.7.196

Router/firewall internal NIC:
IP Address: 192.168.16.1
Subnet Mask: 255.255.255.0
Default Gateway: blank

SBS NIC:
IP Address: 192.168.16.2
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.16.1
DNS Servers: 192.168.16.2

Internal Clients NIC:
IP Address: 192.168.16.1X
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.16.1
DNS Servers: 192.168.16.2

Please properly configure the router/firewall as above, and then run the
CEICW on SBS as below:

Go through the follow KB and rerun CEICW carefully.

How to configure Internet access in Windows Small Business Server 2003
http://support.microsoft.com/kb/825763

One network adapter - manual router connection to broadband. Detailed steps
for your reference:

a. On the SBS 2003 Server open the Server Management console. Go to
Standard Management\To Do List.
b. Click the "Connect to the Internet" link.
c. On the Connection Type page, click Broadband, and then click Next.
d. On the Broadband Connection page, under My server uses, click A local
router device with an IP address, and then click Next.
e. On the Router Connection page, next to Preferred DNS server and next to
Alternate DNS server, type the IP addresses that are provided by your ISP
(65.106.1.196 and 65.106.7.196). In the Local IP address of router box,
type the IP address (192.168.16.1) of the router that the server uses to
connect to the router.
f. Click to select the My server uses a single network connection for both
Internet access and the local network check box, and then click Next.
g. A message may appear that warns that the firewall that is provided
cannot be configured. You are offered a chance to view information about
configuration settings for an existing firewall device.
h. On the Network Connection page, click Server Local Area Connection
under the Connection Name.
i. Click Next.
j. Complete the Configure E-mail and Internet Connection Wizard.

I hope these steps will give you some help.

Thanks and have a nice day!

Best regards,

Terence Liu (MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
Thread-Topic: Cannot connect client to server 2003
thread-index: Acja4UM0lgd7EosmQRucOS/ZkqgpfA==
X-WBNR-Posting-Host: 207.46.19.168
From: =?Utf-8?B?U09MT05Z?= <SOLONY@xxxxxxxxxxxxxxxxxxxxxxxxx>
References: <CF3A98AC-310A-449C-9B7B-B6BA23FE83C0@xxxxxxxxxxxxx>
<91AD1694-E7F0-4B93-92C5-AA31876EA4E6@xxxxxxxxxxxxx>
<4917C4AD-B8BD-49F7-A5F7-4444B91FEBA3@xxxxxxxxxxxxx>
<nKX0Pyn2IHA.4032@xxxxxxxxxxxxxxxxxxxxxx>
<A75F90E3-441B-462B-A6EE-5FEDC5DF704B@xxxxxxxxxxxxx>
<958F40EE-5D60-45CD-BC80-3FA5726D0981@xxxxxxxxxxxxx>
Subject: Re: Cannot connect client to server 2003
Date: Mon, 30 Jun 2008 11:44:01 -0700
Lines: 316
Message-ID: <F970A181-AA6D-48ED-9363-1966EA51E124@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2992
Newsgroups: microsoft.public.windows.server.sbs
Path: TK2MSFTNGHUB02.phx.gbl
Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:113510
NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
X-Tomcat-NG: microsoft.public.windows.server.sbs

Cliff thanks for that reply. The situation is a little worse and I did
not
think it was necessary to mention but I inherieted this from another IT
person and I never got a chance to speak to him. I thought that DNS info
was
a little odd. I could not think of why he used a subnet since there are
only
6 or 7 workstations even though one is for testing new empoloyees.

What do you think I think I reconfigure the entire network but, and here
comes the bad news, I can not get into the darned router. I can ping what
I
THINK is the router but I can not open it. Its' a basic Linksys router
with
a real complex configuration. Maybe I will replace the router and do the
192.xxx.xxx.xxx thing before I lose a customer.

So am I to understand the network is exposed through DNS even though I can
not configure RWW?
"Cliff Galiher" wrote:

Solony:

After rereading this thread and noticing your comment about the client
machines having static IP addresses, it all clicked.

Your current setup apparently has your SBS server and all of the clients
directly attached to the internet. And you have enough IP addresses
for....oh....doing the subnet math in my head....14 clients...give or
take.

Maybe this setup is intentional and the client machines are subordinate
servers. So I won't assume your setup is 'wrong.' You should, however,
make sure you have a good firewall between your server and the net
though,
as you are essentially hanging your domain controller out there for
other
machines to see (not a recommended configuration by any means.) If you
*don't* need each machine to have its own public IP address, you should
look
at reconfiguring your network. SBS plays much better when configured
behind
a NAT router AND a firewall so it can run DHCP, can properly host DNS
without worrying about the public abusing a recursive resolver out
there,
etc.

As far as your problem browsing to the machine, you cannot use
http://servername *anything* with your configuration.
Your client machines DNS need to point to the SBS server, not the public
DNS
servers that are listed. I'll be honestl, I'm a bit surprised you
aren't
having *more* problems with active directory with that configuration.
You
mentioned you could see other client computers, which means you are
running
file and print sharing across a public IP space...

yeah...every time I read my message, I think of more things that *point*
to
this being a significant network design issue. Again, maybe this is
intentional...but if you have that many servers I'd *STILL* recommend
pulling SBS off a public IP altogether. Let the other servers handle
the
front-facing activities.

And if none of this makes sense, sorry. I tried to re-edit and
refactor...but there is just so much to cover that I wanted to
convey...in
no uncertain terms...how odd (and potentially dangerous) this current
setup
is. Getting clients to join the domain should probably be the least of
your
concerns at the moment.

-Cliff




"SOLONY" <SOLONY@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A75F90E3-441B-462B-A6EE-5FEDC5DF704B@xxxxxxxxxxxxxxxx
Thanks for your reply.

I am going to expedite the instructions to day and will get back to
you.
I
hope I am not being redundant but the network is subnetted to
255-255-255-240
so I will adjust the requirements accoerdingly.

Additionally, only one NIC is deployed on the server (with the same
network
settings on all machines) so if I need to know something else please
let
me
know. The settings are:

67.91.25.162
255.255.255.240
gateway 67.91.25.161 (I can not access) I get paage cannot be
displayed
DNS (can not identify any of these)
65.106.1.196
65.106.7.196
198.6.1.3
64.151.103.120

Thank sin advance and I will be in touch.

"Terence Liu [MSFT]" wrote:

Hello Customer,

Thank you for posting here. I'm sorry for the delay response due to
the
weekend.

Let's also thank Cliff for the input.

According to your description, I understand that you unable to access
the
connectcomputer web site from 2 clients and get "page cannot be
displayed"
error. If I have misunderstood the problem, please don't hesitate to
let
me
know.

Based on my research, I suggest we try the following steps to see if
we
can
resolve this issue:

1. On the SBS server, open IE and browse to
http://sbsservername/connectcomputer or
http://localhost/connectcomputer,
does this bring up the ConnectComputer site? On the good clients, can
you
access the http://sbsservername/connectcomputer?

2. Please refer to the following information to examine the DNS
settings
and network properties on the SBS server:

a. Leave the Default Gateway of the internal NIC blank.
b. Configure both the internal NIC and the external NIC to use the
internal DNS Service as the DNS Server.
c. On the DNS Server, create the DNS Forwarder to forward the
external
DNS resolution requests to the ISP's DNS server. See:

323380 How to configure DNS for Internet access in Windows Server 2003
http://support.microsoft.com/?id=323380

d. Strictly followed the instructions in the KB article below to run
CEICW:

825763 How to configure Internet access in Windows Small Business
Server
2003
http://support.microsoft.com/?id=825763

3. Then follow the steps below to see if the network binding order is
configured correctly:

A. Right-click My Network Places, and then click Properties.
B. On the Advanced menu, click Advanced Settings.
C. Under Connections, use the up and down arrow buttons to put the
connections in the following order:
- Local Area Connection for the internal adapter
- Local Area Connection for the external adapter
- Remote Access Connections

4. Click Start, click Run, type "inetmgr" and click OK. Expand Web
Sites\Default Web Site, look for a virtual directory named
ConnectComputer
to see if it exists.

If you look at the C:\Inetpub, do you have a folder called
ConnectComputer?

If the virtual directory doesn't exist but you have the
ConnectComputer
folder, then create a virtual directory called ConnectComputer under
the
Default Web Site. Make sure you enable anonymous access to the virtual
directory, and the "Integrated Windows authentication" option is
cleared.
The path of this vdir is C:\Inetpub\ConnectComputer.

If the virtual directory exists, make sure it is pointing to the
ConnectComputer folder.

Test the issue again.

5. Reinstall ConnectComputer and see if it helps:

A. Go to IIS and expand servername -> Web Sites -> Default Web Site.
Delete
the ConnectComputer vdir.
B. Rename the C:\Inetpub\ConnectComputer folder.
C. Create new folder named ConnectComputer under C:\Inetpub.
D. Copy all the files from the SBS2K3 media
cd3:\SBS\ClientSetup\ClientSetup to the C:\Inetpub\ConnectComputer
directory. Make sure to remove the "Read-only" attributes from the
files.
E. Right-click on Default Web Site in IIS, choose New -> Virtual
Directory.
F. In the Alias field, type in ConnectComputer and click Next.
G. In the path box, browse to C:\Inetpub\ConnectComputer.
H. Click Next through the wizard, the default permissions are the
default
for ConnectComputer.
I. Once it is completed, right-click on ConnectComptuer and select
Properties.
J. Click Remove for the "Application name" under the "Application
settings"
at the bottom of the Virtual Directory tab.
K. Click on the Directory Security tab, click Edit for
"Authentication
and
access control".
L. Uncheck "Integrated Windows authentication", click OK.
M. Click on the Edit button on the "IP address and domain name
restrictions".
N. Put the bullet next to "Denied access" and then click Add.
O. Add 127.0.0.1 and the internal subnet (192.168.16.2/255.255.255.0
is
the
default). Click OK.
P. Click OK out of the ConnectComputer properties.

If we cannot resolve the issue after we perform the steps above,
please
help me collect some information for further investigation:

1. Please capture screenshots of the error page and send the pictures
to
me
at v-terliu@xxxxxxxxxxxxx

2. Gather MPS network report on SBS:

a. Download MPSrepot_network from

http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0bd9
15706/MPSRPT_NETWORK.EXE

b. Run MPSRPT_NETWORK.exe.

c. The tool will automatically collect the information. This
procedure
will
take 10~15 minutes.

d. Open Windows Explorer, navigate to the folder:
%SystemRoot%\MPSReports\Network\Reports\Cab\

e. Send the .cab file directly to me at v-terliu@xxxxxxxxxxxxx

3. Run command "ipconfig /all > c:\ipconfig_client.txt" and "route
print
>
c:\route_client.txt" on problematic client, send the files
c:\ipconfig_client.txt and c:\route_client.txt to me at
v-terliu@xxxxxxxxxxxxx

4. Gather IIS log:

a. Open IIS snap-in.

b. Right click Default Web Site and click Properties.

c. Uncheck the "Enable Logging" box and click Apply.

d. Go to C:\WINDOWS\system32\LogFiles\W3SVC1 folder and move all
files to
a
backup location.

e. Check "Enable Logging" box and click OK.

f. Run IISReset command.

g. Reproduce the problem and send the log file in
C:\WINDOWS\system32\LogFiles\W3SVC1 folder to me for research.

5. Gather IIS Metabase:

1) Download the IIS Resource Kit tools from the following page:

http://www.microsoft.com/downloads/details.aspx?FamilyId=56FC92EE-A71A-4C73-
B628-ADE629C89499&displaylang=en

2) Install it, run MBExplorer (Metabase Explorer)

3) Right click the "LM" node and choose "Export to file".

4) Specify a file name, specify the password and finish the export.

5) Send the file and the password to v-terliu@xxxxxxxxxxxxx

I hope these steps will give you some help.

Thanks and have a nice day!

Best regards,

Terence Liu (MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have
issues
regarding other Microsoft products, you'd better post in the
corresponding
newsgroups so that they can be resolved in an efficient and timely
manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you
check
the
"Notify me of replies" box to receive e-mail notifications when there
are
any updates in your thread. When responding to posts via your
newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although
we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In
doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly.
Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no
rights.

--------------------
Thread-Topic: Cannot connect client to server 2003
thread-index: AcjZ557tNhq8UrTxQousBgA1Pd6Vlw==
X-WBNR-Posting-Host: 207.46.19.168
From: =?Utf-8?B?U09MT05Z?= <SOLONY@xxxxxxxxxxxxxxxxxxxxxxxxx>
References: <CF3A98AC-310A-449C-9B7B-B6BA23FE83C0@xxxxxxxxxxxxx>
<91AD1694-E7F0-4B93-92C5-AA31876EA4E6@xxxxxxxxxxxxx>
Subject: Re: Cannot connect client to server 2003
Date: Sun, 29 Jun 2008 05:57:00 -0700
Lines: 46
Message-ID: <4917C4AD-B8BD-49F7-A5F7-4444B91FEBA3@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit


.