Re: RWW 403 forbidden error

No, I do not have Trend, but do have Panda Business Secure, both the
FileSecure and the ExchangeSecure modules installed.

The report "seems to" look at NetworkAdapter.DeviceID=1 thru 9 and then
says that there are three adapters which is an error and lists DeviceED=1, 8,
and 9. 8 and 9 are Panda NDIS IM Filter Miniports. I saw posts about the
Trend issue that just said they were ignored.

There is a good chance that the version of Panda I have installed at this
client is newer than any of my other clients. I will call Panda and see if
they have seen any issues with this.

In the mean time, I will appreciate any and all ideas.

--
Bob Showalter
Packer International


"SuperGumby [SBS MVP]" wrote:

got Trend on there? The Trend firewall devices confuse it.

"BobS" <BobS@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:FE14F943-B4F7-4C6E-9337-073A987A63FD@xxxxxxxxxxxxxxxx
Merv,

What a great tool. How is it that I have heard about Best Practices but
never heard of this analyzer. Thanks,

Anyway, I have not solved the problem, but I think the BPA may have
pointed
out the problem. One of the critical errors says that: "Three or more
network adapter cards were detected" and that this will cause the CEICW to
fail.

Now how do I correct this? I looked in device manager and there is only
one
network adapter there. Where do I look to seek and destroy the other 2
adapters (that really don't exist).

I exported the logs from SBS BPA, but have never had any luck trying to
attach a file here. Is there a way to do that or is there someplace else
I
could post them. I am just now trying to put up an ftp site on my server
and
I have posted them there if you can get to it: ftp://rww.packerintl.com.

Thanks; I anxiously await your instructions.
--
Bob Showalter
Packer International


"Merv Porter [SBS-MVP]" wrote:

https://mail.westernwaterandland.com/remote does not resolve te RWW
problem.
Using your WAN IP address in place also does not resolve the problem.

OK, let's try... Install and run a scan with the SBS 2003 BPA:

Microsoft Windows Small Business Server 2003 Best Practices Analyzer
http://207.46.19.190/downloads/details.aspx?familyid=3874527A-DE19-49BB-800F-352F3B6F2922&displaylang=en

Small Business Server 2003 Best Practices Analyzer Updated
http://blogs.technet.com/sbs/archive/2008/02/20/small-business-server-2003-best-practices-analyzer-updated.aspx

How to Use the Windows SBS 2003 BPA
http://blogs.technet.com/sbs/archive/2007/10/22/how-to-use-the-windows-sbs-2003-bpa.aspx


--
Merv Porter [SBS-MVP]
============================

"BobS" <BobS@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A3947259-5E40-4F6E-BB45-30EF110A997B@xxxxxxxxxxxxxxxx
My how I admire perserverance; and appreciate it for something like
this.

Response to all 3 of your posts are here:

1. Results of ipconfig /all


Windows IP Configuration

Host Name . . . . . . . . . . . . : hal
Primary Dns Suffix . . . . . . . : WesternWaterandLand.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : WesternWaterandLand.local

Ethernet adapter Server Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
Ethernet
Physical Address. . . . . . . . . : 00-21-9B-F9-AD-08
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.254.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.254.1
DNS Servers . . . . . . . . . . . : 192.168.254.2
Primary WINS Server . . . . . . . : 192.168.254.2

2. Yes, port 4125 is forwarded to the server nic (192.168.254.2), as
are
all of the other ports concerned with remote access of different types
(443,
444, 21, ...)

3. All of the settings for Directory Security for the "Remote" virtual
web
site are exactly as you have them below.

4. I also cleared out the W3SVC1 log for the day and then tried to log
in
to RWW. The contents of the log after the failed attempt are as
follows:
#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2008-09-04 05:11:29
#Fields: date time s-sitename s-computername s-ip cs-method cs-uri-stem
cs-uri-query s-port cs-username c-ip cs-version cs(User-Agent) cs-host
sc-status sc-substatus sc-win32-status
2008-09-04 05:11:29 W3SVC1 HAL 192.168.254.2 GET /remote - 80 -
216.52.47.231 HTTP/1.1
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+InfoPath.2)
rww.westernwaterandland.com 302 0 0
2008-09-04 05:11:35 W3SVC1 HAL 192.168.254.2 GET /remote - 80 -
216.52.47.231 HTTP/1.1
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+InfoPath.2)
rww.westernwaterandland.com 302 0 0
2008-09-04 05:11:35 W3SVC1 HAL 192.168.254.2 GET /remote - 443 -
216.52.47.231 HTTP/1.1
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+InfoPath.2)
rww.westernwaterandland.com 301 0 0
2008-09-04 05:11:35 W3SVC1 HAL 192.168.254.2 GET /remote/ - 443 -
216.52.47.231 HTTP/1.1
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+InfoPath.2)
rww.westernwaterandland.com 403 14 5

5. On your other post for the settings for Default Website and Remote
Virtual Website Directory Security; what I have is exactly as you have
it
specified.

Thanks again for your perserverance.

--
Bob Showalter
Packer International


"Merv Porter [SBS-MVP]" wrote:

And here's a list of all settings for the properties of the "Remote"
virtual
web site under the Default Web site in IIS...

For RWW:

1. Open IIS snap-in.
2. Go to Default Web Site/Remote.
3. Right click Remote and click Properties.
4. Click Directory Security tab.
5. Click Edit under "Authentication and access control".
6. Make sure that only the "Enable anonymous access" and "Integrated
Windows Authentication" have been checked.
7. Click Edit under "IP address and domain name restriction".
8. Make sure that "Granted access" has been selected.
9. Click Edit under "Secure communications".
10. Make sure that "Require secure channel (SSL)" and "Require 128-bit
encryption" have been checked.


--
Merv Porter [SBS-MVP]
============================

"Merv Porter [SBS-MVP]" <mwport@xxxxxxxxxxxxxxxxxxx> wrote in message
news:OU27$KhDJHA.1184@xxxxxxxxxxxxxxxxxxxxxxx
Is port 4125 corrected forwarded in the router to the IP address of
the
SBS NIC?

--
Merv Porter [SBS-MVP]
============================

"BobS" <BobS@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:6B023657-EAF6-4E91-9C1F-182E999B4CCD@xxxxxxxxxxxxxxxx
Thanks Merv,

Those are the settings I have. It is a single NIC system.
--
Bob Showalter
Packer International


"Merv Porter [SBS-MVP]" wrote:

Directory Security settings... (on a two NIC system, if that
matters)

IIS | <yourserver> | Web Sites | Default Web Site | Properties |
Directory
Security | IP Address and Domain Name Restrictions | Edit...

Settings should be Denied Access;
Except the Following: Granted 192.168.16.2 (255.255.255.0)
Except the Following: Granted 127.0.0.1

IIS | <yourserver> | Web Sites | Default Web Site | Remote|
Properties |
Directory Security | IP Address and Domain Name Restrictions |
Edit...

Granted Access

--
Merv Porter [SBS-MVP]
============================

"BobS" <BobS@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:350FE9EE-EC90-4F57-87AB-45BE4B72CB2B@xxxxxxxxxxxxxxxx
Merv, thanks for continuing to try. No luck yet. Here is what
I
did
with
your last set of suggestions:
1. I reran CEICW removing RWW (and all other website services,
OWA
and
SharePoint). Rebooted. Ran it again enabling those 3
sdervices.
Rebooted.
It made no difference. You mentioned enabling the firewall, but
with
only
one NIC, firewal is external. However, when it rebuilt, in
going
through
the
steps, when it came to "Configuring the firewall" it said that
it
failed,
even though it gave the normal warning that with only one NIC it
could
not
install a firewall. I ran it a second time and it did not give
that
warning
and went right past the firewall stage with a green check.
Still
though
no
access through RWW.

2. Checked Issue 6 of the referenced BLOG which seemed to be a
lesser
reiteration of step one above so didn't try it again.

3. The RWW virtual directory seems to be installed under the
default
website in ISS Mgr if it is the one called "Remote" (we are
getting
dangerously close to the limits of my knowledge here). I
couldn't
say
if
it
is all in tact. What I did check was that if I looked at the
Directory
Security and it is set to Grant Access to all IP's. I did take
notice
that
during step one above, that security changed to deny all except
the
server
IP. When I wen back to enabling RWW it changed to Grant Access.

4. Using https://.... makes no difference.

5. Not really sure where to check the binding of the NICs. I
remember
that
from NT, but haven't had the need to look at it since.

I will give one other piece of history on the issue. When the
problem
was
first brought to my attention a few days after the migration was
"complete",
I spent several days trying things. I managed to get the server
to
the
point
that the network did not work at all, and people could not log
on
or
connect
to shared drives. I could not seem to get things back to
working,
so
put
in
the SBS DVD, and either reinstalled all features except
Excfthange
(or
uninstalled and installed, I can't remember which). After that,
I
was
back
to the place I am now with everything working on the system
except
RWW.

.

Relevant Pages

  • Re: ipconfig and network connections empty - Device Manager okay
    ... adapter when the problem occurred. ... degree that in KB825826 the network connections _are_ working and just ... local area connection in the Network and Dial-up Connections folder. ... Trying to install a connection gets one to a screen where one can ...
    (microsoft.public.windowsxp.network_web)
  • Re: Vista cant see the network
    ... I went into the Task manager and saw that there was no Explorer process, so I started it and al was well. ... The Vista installation would not see anything out there, I tinkered and managed to get a message that said that there was "limited connectivity available". ... It was the MS 6to 4 Adapter and there was anexclamation point next to it. ... In the morning there was a message indicating that the upgrade had failed and that the previous install would be restored. ...
    (microsoft.public.windows.vista.general)
  • Re: ipconfig and network connections empty - Device Manager okay
    ... adapter when the problem occurred. ... degree that in KB825826 the network connections _are_ working and just ... local area connection in the Network and Dial-up Connections folder. ... Trying to install a connection gets one to a screen where one can ...
    (microsoft.public.windowsxp.network_web)
  • Re: Problems after SP2
    ... For RWW, I'm assuming you've checked the basics? ... It's enabled on the SBS, the account you're logging in with has the appropriate rights, nothing noteworthy in the logs? ... Since it failed to install last time we tried it I think I'll just skip it and forge ahead with the Swing Migration to the new server. ...
    (microsoft.public.windows.server.sbs)
  • Re: Linksys Wireless G USB Adapter issue..
    ... I once again install the adapter with the install CD... ... Windows does the "installing device driver' and gave me the same driver as before. ... I plug the adapter in and windows update goes to work. ...
    (microsoft.public.windows.vista.networking_sharing)
Loading