Re: Unable to access server resources via vpn

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Hi Terence

Please see inline;

"Terence Liu [MSFT]" <v-terliu@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:h8CwLxk7IHA.1620@xxxxxxxxxxxxxxxxxxxxxxxxx
Hi John,

Thank you for your update.

Since this is a intermittently issue, I suggest you check the following
things:

1. Please contact your ISP, to ensure your Internet connection is stable.
2. Please update your SBS NIC driver, ensure you install the latest driver
of your NIC.
3. Check your router before SBS, or try to replace it with another one for
test. As I know, some un-qualify router will cause this issue.
4. Please install the last service pack of SBS:

**** All is OK. It seems access is only a problem internally that is
accessing rww internally and ping to server once dialup is connected. Access
via rww from outside is fine. Windows Mobile devices also connect fine
remotely.

Downloading and Installing Windows Small Business Server 2003 Service Pack
1
http://download.microsoft.com/download/e/0/f/e0fee8ce-768d-41c0-8871-9bc48e0
b3fc3/ToDownLoadFilesandReadInstructions.htm

Windows Server 2003 Service Pack 2 (32-bit x86)
http://www.microsoft.com/downloads/details.aspx?FamilyID=95ac1610-c232-4644-
b828-c55eec605d55&DisplayLang=en

**** Done, and all updates from Windows Update.

In regards to OWA and RWW access issue, this is mostly a ISA settings
issue. I suggest you perform the following steps:

1. Open ISA server 2004, select Firewall Policy
2. Select Toolbox tab at right pane
3. Select Network Objects -> Web Listeners
4. Double click SBS Web listener
5. Select Preferences tab, click Authentication button.
6. Uncheck Require all users to authenticate, and ensure only tick
Integrated in the list.
7. Click OK twice.
8. Repeat step 4 to 7 on SBS CompanyWeb listener.
9. Click Apply button.

**** Unfortunately ISA is still at 2000. One peculiar thing is that under
'Site and Content Rule' there is no 'Allow Rule'. Adding 'Allow Rule'
manually allows access to RWW internally but running ICW get rids of 'Allow
Rule' again.

If we cannot resolve the issue after we perform the steps above, please
help me collect some information for further investigation:

1. Please help to gather the ISA Info:

1) Download the file from the following URL:

http://www.isatools.org/tools/isainfo.zip

2) Extract all files to a folder on ISA server.

3) Double click Isainfo.js. This will generate 2 files
ISAInfo2004-<computer-name>.log and ISAInfo2004-<computer-name>.xml in the
current folder.

4) Please send these files to me at v-terliu@xxxxxxxxxxxxx

**** Isainfo.js does not work with ISA 2000.

2. Please also help to gather the ISA logs:

1) Schedule a down time.

2) Open ISA 2004 management console.

3) Expand the server node and highlight 'Monitoring'.

4) In the right pane, switch to the 'Logging' tab, make sure the 'Task
Pane' is showed there.

5) In the 'Task Pane', click 'Configure Firewall Logging' under 'Logging
Tasks', and then switch the 'log storage format' from 'MSDE database'
(default) to 'File'.

6) Switch to the 'Fields' tab, click 'Select All', and then click OK.

7) In the 'Task Pane', click 'Configure Web Proxy Logging' under 'Logging
Tasks', and then switch the 'log storage format' from 'MSDE database'
(default) to 'File'.

8) Switch to the 'Fields' tab, click 'Select All', and then click OK.

9) Click 'Apply' to save changes and update the configuration.

10) Temporarily disable the Firewall service. To do that, please click
Monitoring | Services tab, and then right click 'Microsoft Firewall' to
choose 'Stop'.

11) Clear the current existing W3C logs. To do that, go to the log saving
directory and clean any existing .W3C logs. By default, the logs will be
saved to 'C:\Program Files\Microsoft ISA Server\ISALogs'. (Some MDF may
not
be able to deleted, that's normal.) You may backup them first and then
delete them.

12) Go back to the ISA 2004 management console, and then Start the stopped
'Microsoft Firewall' service.

13) Reproduce the problem, stop the service, and then gather the resulting
W3C files to me for analysis.

14) Please also let me know the IP address of the testing clients so that
I
can filter the data.

Log file sent separately.

Thanks



Regards


.

Relevant Pages

  • Re: Cannot connect through ISA Server to www.microsoft.com, but can connect via IP address
    ... I got some improvement by enabling Flow Control on the switch ... So what happens when the server and the workstations are on the same ... Les Connor [SBS MVP] ... PMTU that ISA Server installation disabled. ...
    (microsoft.public.windows.server.sbs)
  • Re: Unable to access server resources via vpn
    ... Windows Server 2003 Ipnat.sys driver drops VPN packets that it receives. ... Windows Server 2003 Service Pack 1 on a computer that is running ISA Server ... Since you had applied the Windows Server 2003 Service Pack 2 on your SBS, ... Select Preferences tab, click Authentication button. ...
    (microsoft.public.windows.server.sbs)
  • Re: ISA Server 2000 on SBS 2003
    ... Dave Nickason [SBS MVP] wrote: ... most of us use ISA, and there are some true ISA gurus who post here ... heard of it, Smart Filter, which requires a proxy server. ... SBS Server 2003 - also connects to the switch, only 1 NIC, DHCP Server, ...
    (microsoft.public.windows.server.sbs)
  • Re: Firewall Client disconnects?
    ... Extract all files to a folder on ISA server. ... In the right pane, switch to the 'Logging' tab, make sure the 'Task ... Switch to the 'Fields' tab, click 'Select All', and then click OK. ... Clear the current existing W3C logs. ...
    (microsoft.public.windows.server.sbs)
  • Re: Serveranschluß
    ... Am Switch sind die 4 Clients angeschlossen. ... > einen zweiten Server mit ISA aufstellen. ... Oder geht es Dir um zusaetzliche Sicherheit, den ISA vom SBS zu trennen? ... "Internet" und die andere NIC an den Switch, an dem auch Deine Clients ...
    (microsoft.public.de.german.isaserver)