Re: Unable to access server resources via vpn

Hi John,

Thank you for your update.

Since this is a intermittently issue, I suggest you check the following
things:

1. Please contact your ISP, to ensure your Internet connection is stable.
2. Please update your SBS NIC driver, ensure you install the latest driver
of your NIC.
3. Check your router before SBS, or try to replace it with another one for
test. As I know, some un-qualify router will cause this issue.
4. Please install the last service pack of SBS:

Downloading and Installing Windows Small Business Server 2003 Service Pack 1
http://download.microsoft.com/download/e/0/f/e0fee8ce-768d-41c0-8871-9bc48e0
b3fc3/ToDownLoadFilesandReadInstructions.htm

Windows Server 2003 Service Pack 2 (32-bit x86)
http://www.microsoft.com/downloads/details.aspx?FamilyID=95ac1610-c232-4644-
b828-c55eec605d55&DisplayLang=en

In regards to OWA and RWW access issue, this is mostly a ISA settings
issue. I suggest you perform the following steps:

1. Open ISA server 2004, select Firewall Policy
2. Select Toolbox tab at right pane
3. Select Network Objects -> Web Listeners
4. Double click SBS Web listener
5. Select Preferences tab, click Authentication button.
6. Uncheck Require all users to authenticate, and ensure only tick
Integrated in the list.
7. Click OK twice.
8. Repeat step 4 to 7 on SBS CompanyWeb listener.
9. Click Apply button.

If we cannot resolve the issue after we perform the steps above, please
help me collect some information for further investigation:

1. Please help to gather the ISA Info:

1) Download the file from the following URL:

http://www.isatools.org/tools/isainfo.zip

2) Extract all files to a folder on ISA server.

3) Double click Isainfo.js. This will generate 2 files
ISAInfo2004-<computer-name>.log and ISAInfo2004-<computer-name>.xml in the
current folder.

4) Please send these files to me at v-terliu@xxxxxxxxxxxxx

2. Please also help to gather the ISA logs:

1) Schedule a down time.

2) Open ISA 2004 management console.

3) Expand the server node and highlight 'Monitoring'.

4) In the right pane, switch to the 'Logging' tab, make sure the 'Task
Pane' is showed there.

5) In the 'Task Pane', click 'Configure Firewall Logging' under 'Logging
Tasks', and then switch the 'log storage format' from 'MSDE database'
(default) to 'File'.

6) Switch to the 'Fields' tab, click 'Select All', and then click OK.

7) In the 'Task Pane', click 'Configure Web Proxy Logging' under 'Logging
Tasks', and then switch the 'log storage format' from 'MSDE database'
(default) to 'File'.

8) Switch to the 'Fields' tab, click 'Select All', and then click OK.

9) Click 'Apply' to save changes and update the configuration.

10) Temporarily disable the Firewall service. To do that, please click
Monitoring | Services tab, and then right click 'Microsoft Firewall' to
choose 'Stop'.

11) Clear the current existing W3C logs. To do that, go to the log saving
directory and clean any existing .W3C logs. By default, the logs will be
saved to 'C:\Program Files\Microsoft ISA Server\ISALogs'. (Some MDF may not
be able to deleted, that's normal.) You may backup them first and then
delete them.

12) Go back to the ISA 2004 management console, and then Start the stopped
'Microsoft Firewall' service.

13) Reproduce the problem, stop the service, and then gather the resulting
W3C files to me for analysis.

14) Please also let me know the IP address of the testing clients so that I
can filter the data.

I hope these steps will give you some help.

Thanks and have a nice day!

Best regards,

Terence Liu (MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
Reply-To: "John" <info@xxxxxxxxxxxxxxxxxxxx>
From: "John" <info@xxxxxxxxxxxxxxxxxxxx>
References: <ODlGdj75IHA.1428@xxxxxxxxxxxxxxxxxxxx>
<F2D6E32F-71A6-44BD-8FB8-A49A78A1EC76@xxxxxxxxxxxxx>
<OP7dRk96IHA.5276@xxxxxxxxxxxxxxxxxxxx>
<jfMPufL7IHA.1624@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: Unable to access server resources via vpn
Date: Fri, 25 Jul 2008 05:42:58 +0100
Lines: 202
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.5512
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512
X-RFC2646: Format=Flowed; Original
Message-ID: <#MEloDh7IHA.2072@xxxxxxxxxxxxxxxxxxxx>
Newsgroups: microsoft.public.windows.server.sbs
NNTP-Posting-Host: 78.147.98.33
Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP04.phx.gbl
Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:116640
X-Tomcat-NG: microsoft.public.windows.server.sbs

Hi Terence

Many thanks. Required files sent separately.

The client pc is able to vpn successfully to several other sbs2003 server
so
client pc is probably not at fault.

Running ICW and Remote Access Wizards now intermittently (mostly not)
allows
remote desktop to connect using server ip 192.168.16.2. Files are also
accessible intermittently using \\192.168.16.2\MyFileShare etc. Ping is
never successful.

However I have noticed a peculiar thing on this server. When trying to
connect to local sites via 192.168.16.2 , 192.168.16.2/Remote or
192.168.16.2/Exchange, no login web page is displayed instead a windows
login box appears asking for username and password. After having entered
admin username/password three times, login fails with an error web page as
below;

The page cannot be displayed

HTTP 407 Proxy Authentication Required - The ISA Server requires
authorization to fulfill the request. Access to the Web Proxy service is
denied. (12209)

Many thanks again.

Regards

"Terence Liu [MSFT]" <v-terliu@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:jfMPufL7IHA.1624@xxxxxxxxxxxxxxxxxxxxxxxxx
Hello John,

Thank you for posting here. Let's also thank Cliff and Eric for the
input.

According to your description, I understand that you unable to access any
resource on SBS after the VPN connection is established. If I have
misunderstood the problem, please don't hesitate to let me know.

Based on my research, I suggest we try the following steps to see if we
can
resolve this issue:

I suggest we try the following steps to reconfigure the VPN on SBS and
remote clients to see if we can resolve this issue:

1) Disable RRAS

a. Schedule a network down time.

b. Please open Routing and Remote Access console on SBS thru run command
"rrasmgmt.msc"

c. Right click the SBSname (local), select Disable Routing and Remote
Access console

2) Run CEICW on SBS

You have to rerun the CEICW to make sure your SBS 2003 server have right
network configuration. Go through the follow KB and Rerun CEICW again
carefully.

How to configure Internet access in Windows Small Business Server 2003
http://support.microsoft.com/kb/825763/en-us

3) Run Remote Access wizard

a. On the Small Business Server 2003-based server, click To Do List in
the
left pane of the Server Management console.

b. Under Network Tasks, click Configure Remote Access.

c. Click Next, click Enable Remote Access, click to select the VPN Access
check box, and then click Next.

d. Type the fully qualified public domain name (your public DNS name) of
your server, click Next, and then click Finish.

e. When the wizard is completed, click Close.

4) Then you can access RWW to download Connection Manager or copy the
file
from SBS server c:\ClientApps\Connection Manager\SBSPackage.exe. Please
save the sbspackage.exe file in VPN client computer. Then double-click
SBSPackage.exe to run it. After this file run the "connect to small
business server" will be created and you can use it to connect VPN to
your
SBS server.

If we cannot resolve the issue after we perform the above steps, please
help me collect some information for further investigation:

1. Once the VPN connection is established, run command "ipconfig /all >
c:\ipconfig_sbs.txt" and "route print > c:\route_sbs.txt" on SBS, send
the
files c:\ipconfig_sbs.txt and c:\route_sbs.txt to me at
v-terliu@xxxxxxxxxxxxx

2. Once the VPN connection is established, run command "ipconfig /all >
c:\ipconfig_client.txt" and "route print > c:\route_client.txt" on
problematic VPN client, send the files c:\ipconfig_client.txt and
c:\route_client.txt to me at v-terliu@xxxxxxxxxxxxx

3. Gather MPS network report on SBS:

a. Download MPSrepot_network from

http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0bd9
15706/MPSRPT_NETWORK.EXE

b. Run MPSRPT_NETWORK.exe on the server box.

c. The tool will automatically collect the information. This procedure
will
take 10~15 minutes.

d. Open Windows Explorer, navigate to the folder:
%SystemRoot%\MPSReports\Network\Reports\Cab\

e. Send the .cab file directly to me at v-terliu@xxxxxxxxxxxxx

I hope these steps will give you some help.

Thanks and have a nice day!

Best regards,

Terence Liu (MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the
corresponding
newsgroups so that they can be resolved in an efficient and timely
manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check
the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In
doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no
rights.

--------------------
Reply-To: "John" <info@xxxxxxxxxxxxxxxxxxxx>
From: "John" <info@xxxxxxxxxxxxxxxxxxxx>
References: <ODlGdj75IHA.1428@xxxxxxxxxxxxxxxxxxxx>
<F2D6E32F-71A6-44BD-8FB8-A49A78A1EC76@xxxxxxxxxxxxx>
Subject: Re: Unable to access server resources via vpn
Date: Tue, 22 Jul 2008 09:58:09 +0100
Lines: 19
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.5512
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512
X-RFC2646: Format=Flowed; Response
Message-ID: <OP7dRk96IHA.5276@xxxxxxxxxxxxxxxxxxxx>
Newsgroups: microsoft.public.windows.server.sbs
NNTP-Posting-Host: 78.147.153.237
Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP05.phx.gbl
Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:116200
X-Tomcat-NG: microsoft.public.windows.server.sbs

1) How have you set up the VPN? PPTP? IPSec? Client and server?
third
party tools?

PPTP, Server=sbs2003 remote access works OK via RWW, client=winxp dialup

2) Are you running SBS 2000, 2003, 2003 R2, Standard, Premium?

sbs 2003 premium

3) Are you running a firewall between your server and the internet?
ISA
(SBS Premium) or third party firewall?

ISA but it is configured for remote access

Thanks

Regards








.