Netopia 3347NWG with Remote Desktop and Remote Web Workplace

Discussion in 'Windows Small Business Server' started by Greg Kirkpatrick, May 14, 2008.

  1. I currently have a Netopia 3347NWG, using PPOE to connect to Deltacom (a
    local DSL), which is connected to the WAN Ethernet Adapter of an SBS 2003
    Premium R1 (ISA not installed). The LAN Ethernet Adapter (of the SBS) is set
    to and is connected to a switch into which is connected the rest
    of the office network.

    IP passthrough is enabled in the Netopia's Expert - Configuration section to
    User Configured PC, and the WAN Ethernet Adapter has the static IP address

    Despite that, external ping and RWW and RDP will not work.

    Internally, I can use Remote Desktop from a workstation to access the server
    (via Remote Desktop Connection). I can also ping the server, on either the
    WAN or LAN adapter.

    If I try to access RWW from the workstation via https://sbs2003/Remote, I
    get "Internet Explorer cannot display this webpage".

    If I try to access RWW from a workstation in the LAN via, I get "There is a problem with this website's
    security certificate", and if I then click "Continue to this website (not
    recommended)", I get "The page cannot be found" (HTTP error 404).

    In IIS Admin, Default Website is running and can be browsed; companyweb also
    is running and can be browsed.

    Remote Access directly into the Netopia setup works, via

    Obviously, this needs to be changed, but prior message strings refer to
    configuration settings which do not seem to be present on this Netopia model.

    There is a telnet access available to this Netopia, from a local
    workstation, which seems to provide a lot more options -- with little helpful
    instruction. The userguide for the 3300 series models refers to nice menus
    appearing in the telnet session, but all I see are line-by-line responses.
    Greg Kirkpatrick, May 14, 2008
    1. Advertisements

  2. Hi Greg,

    Any help here?

    Port Forwarding for the Netopia 3347NWG

    You will need to forward ports 443, 4125 (both relating to RWW) and 3389
    (for RDP use) to your SBS external NIC. Then re-run CEICW, enable the
    firewall, select your services, complete the Web Server Certificate screen
    and finish the rest of CEICW.

    IMO, discarding external ping (not being able to ping the router) is a good
    thing since it makes you a smaller target on the Internet.
    Merv Porter [SBS-MVP], May 14, 2008
    1. Advertisements

  3. I changed IP of the WAN Ethernet adapter in the SBS 2003 to, and
    set the Gateway to the Netopia's IP of I reran CEICW as
    suggested, including Web Server Certificate.

    I changed the Netopia 3347NWG, so IP Passthrough is disabled, and I rebooted
    it. I then defined these new services in the Netopia's Expert Mode /
    Configure / NAT -- SSL (port 443), Terminal Services (port 3389), and Remote
    Web Workplace (port 4125). I enabled each of these services there, pointing
    them to

    Remote Desktop Connection is now working to

    However, when I attempt externally to go to, I get "You are not authorized to view this
    page". Obviously, it is making a connection, but something is wrong for RWW
    in the server.

    Greg Kirkpatrick, May 14, 2008
  4. I have temporarily changed the IP address restrictions for Default WebSite in
    IIS Admin, so all are now Granted Access. It is now possible to navigate to
    http:\\, and the default website appears.

    However, companyweb (My internal website) goes to http:\\companyweb, which
    of course results in "Internet Explorer cannot display the webpage".

    All other links (Network Configuration Wizard, Remote Web Workplace, and
    Information and Answers) bring up "The page cannot be found".

    Directly going to now results in "The page
    cannot be found" instead of the previous "You are not authorized to view this

    Greg Kirkpatrick, May 14, 2008
  5. You should not have to play with the IP address restrictions for Default
    WebSite. You need to forward the proper ports in the router to your
    external SBS NIC. The access RWW via


    Merv Porter [SBS-MVP]

    Merv Porter [SBS-MVP], May 14, 2008
  6. My server's FQDN (as stated on its Web Server Certificiate and in the A
    record of the hosting company's DNS entries) is, so the address that I have been
    using to try to get to RWW is However, if the IP
    address restriction for the Default Website is changed back to normal, when
    trying to use RWW, I get "You are not authorized to view this page"; with the
    restrictions lifted, I get "Page cannot be found". Pinging
    "" results in the static IP assigned
    by the ISP,, and (JUST AS A TEMPORARY TEST) with the
    permission restrictions lifted on Default Website, brings up the Default Website
    externally. This proves that the issue is not DNS related.

    These ports are properly forwarded to the server's External (WAN) Ethernet
    adapter ( 443, 444, 3389, and 4125. Per Susan Bradley's blog,
    443 and 4125 are needed for RWW, 444 allows Sharepoint (companyweb) to be
    reached externally, and 3389 allows Terminal Services (Remote Desktop
    Connection) externally. As soon as I forwarded 3389, RDC started working to
    that server from my office laptop.

    From an internal (LAN) workstation, when trying to go to
    https://sbs2003/remote, I also get the same results; and on that workstation,
    while http://companyweb will appear, clicking "Remote Server Management also
    results in "Page cannot be found". Pinging "sbs2003" from the workstation
    provides responses from -- the server's LAN address. Opening
    http://companyweb on the server itself gives the same results.

    Greg Kirkpatrick, May 15, 2008
  7. Any help here?

    Error message when you try to access the Remote Web Workplace in Windows
    Small Business Server 2003: "You are not authorized to view this page"

    Merv Porter [SBS-MVP]

    Merv Porter [SBS-MVP], May 15, 2008
  8. Yes, that helped somewhat, as I found that the "Remote" Web Site (under
    Default Web Site) is missing. That might explain the "Page cannot be found"
    errors. How can I get this created?

    Greg Kirkpatrick, May 15, 2008
  9. Try this...

    Reinstall Remote Web

    Merv Porter [SBS-MVP]

    Merv Porter [SBS-MVP], May 15, 2008
  10. I follow these directions from that link:

    "If SBS is already installed then you should be able to go to Start/Control
    Panel/Add/Remove Programs and select Windows Small Business Server 2003 then
    click on the Change/Remove button.. then follow the setup wizard screens
    until you get to the Component Selection screen.. then select Reinstall for
    the Server Tools option.. You can set the Server Tools subcomponents to None
    (Installed) they should not need to be re-installed. RWW should be
    re-installed by simply reinstalling the top level of the Server Tools..
    it's not listed as a seperated component like Intranet is (which installs
    Windows SharePoint Services and does the SBS provisioning) "

    ....and I got this error before it finished:
    ..NET Framework 1.1 -- Device Update 2.0
    Command line option syntax error. Type Command /? for Help.
    However, it finished otherwise, and did not report any problem. It brought
    up a box that said the server had to reboot, but before I clicked OK, I
    checked in IIS Admin, and the "Remote" web site under Default Web Site was
    now listed.

    I then clicked OK, which rebooted the server.

    When it returned, I could right-click the "Remote" website under Default Web
    Site, and "browse", and see the RWW login page.

    However, when I attempted to access it from an external computer (after
    logging out of RDC), I got "You are not authorized to view this page".

    Greg Kirkpatrick, May 16, 2008
  11. What if you now go back to...

    Error message when you try to access the Remote Web Workplace in Windows
    Small Business Server 2003: "You are not authorized to view this page"

    Also. make sure the default web site and its vritual directories are set to
    use .Net Framework 1.1 (not 2.0)

    OWA and RWW not accessible.

    Merv Porter [SBS-MVP]
    Merv Porter [SBS-MVP], May 16, 2008
  12. This is the pertintent text from KB925653
    In this situation, the default.aspx page is not added to the list of default
    content pages for the remote virtual directory in IIS.

    To resolve this issue, follow these steps:
    1. Click Start, point to Administrative Tools, and then click Internet
    Information Services (IIS) Manager.
    2. Under ComputerName (local computer), expand Web Sites, expand Default Web
    Site, right-click Remote, and then click Properties.
    3. In the Remote Properties dialog box, click the Documents tab, and then
    click Add.
    4. In the Add Content Page dialog box, type default.aspx in the Default
    content page box, and then click OK two times.
    • Microsoft Windows Small Business Server 2003 Premium Edition
    • Microsoft Windows Small Business Server 2003 Standard Edition

    Keywords: kbtshoot kbprb KB925653

    When I checked, there was a Default.aspx created in the Documents of the
    Remote properties, but it was listed last. I deleted it, and recreated it as
    default.aspx, and moved it to the top of the list. However, when I attempted
    to access RWW via an external computer, I got the same "You are not
    authorized to view this page".

    I then looked at this message:

    OWA and RWW not accessible
    [quoting Robert Li of MSFT]:

    "All Windows Small Business Server Website and Virtual Directories work only
    with .Net Framework 1.1 and are no support with 2.0

    - Default website
    - Exchange (OWA)
    - Remote (RWW)
    - ActiveSync
    - OMA and all
    - Companyweb
    - SharePoint Central Administration
    - Microsoft SharePoint Administration"

    1. Open Internet Information Services (IIS) Manager
    2. Expand to Server | Web Sites | Default Web Sites
    3. Right click the each web site and select Properties.
    4. On the ASP.NET tab, make sure the version is 1.1.4322.

    I will not install .NET Framework 2.0 or 3.0 or 3.5 -- I don't want
    companyweb and Monitoring to break again.

    However, when I checked the properties for Default Web Site, .NET Framework
    2.0 was installed (the ASP.NET tab was there) -- something must done it.
    ARGH! I have uninstalled .NET 2.0 Framework.

    Now, the ASP.NET tab is not present in the properties for Default Web Site
    or any virtual directories, so they have to be using 1.1.

    I found, in the messages you referenced, a mention of the ASP.NET IIS
    Registration Tool (Aspnet_regiis.exe):

    This is a GREAT command-prompt tool, as it confirms exactly what is mapped
    to where instantly:
    %WINDIR%\Microsoft.NET\Framework\v1.1.4322\Aspnet_regiis.exe -lk

    It also gives a way, via command-prompt commands, to change what is needed.

    I think it is tragic that, as Robert Li of MSFT says:

    "When installing .NET Framework 2.0 on Windows Small Business Server,
    all the websites are automatically switched to use .NET Framework 2.0 which
    they are not intended to work with."

    This is a recipe for disaster!
    Especially since so many other programs, including "WSUS 3.0", require .NET
    Framework 2.0.

    Why is there NO WARNING GIVEN when installing .NET Framework 2.0 (or 3.0 or
    3.5) on SBS 2003?
    [This is a rhetorical question, as I don't expect you to answer it.]

    Some progress is being made, however:

    When I navigate to and see the Default Web Site
    (as permissions are still, temporarily, unrestricted), I can now click on
    Information and Answers and see and its
    sub-pages -- which previously gave me "The page cannot be found".

    Clicking on Network Configuration Wizard still gets -- "The page cannot be found".

    Clicking on Remote Web Workplace still gets
    -- "You are not authorized to view this page". Changing that to has the same result.

    Since some parts of an uninstall wait for a reboot, I rebooted the server,
    just to see whether that would make any difference. It didn't.

    Greg Kirkpatrick, May 16, 2008
  13. I beg your pardon.

    Further testing reveals that the command example I provided will only work
    if nothing higher than .NET Framework 1.1 is installed on your computer. If
    2.0 or higher are installed, then aspnet_regiis.exe might be located in
    another directory. Here is a better way to find it:

    cd /d %WINDIR%\Microsoft.NET\Framework
    dir aspnet_regiis.exe /s

    then change to the directory in which it's located:
    cd v2.0.50727

    then run this command:
    aspnet_regiis.exe -lk

    This will give you a report listing all the programs using .NET Framework,
    and which version.
    Greg Kirkpatrick [SBSC,MCTS-Vista,MCITP], May 16, 2008
  14. I have compared this SBS 2003 server with another one on which RWW is running
    These are some of the differences:

    In the non-working-RWW server (sbs2003), in the properties of the Default
    Web Site, under Home Directory, the Execute Permissions were set to "Scripts
    only", while on the working-RWW server (win2003), it was set to "Scripts and
    Executables". On sbs2003, the Application Pool was set to StsAppPool1; on
    win2003, it is set to DefaultAppPool. On win2003, the Documents tab shows
    four items: Default.htm, Default.asp, index.htm, and iistart.htm. On
    sbs2003, there was a fifth (last) item: Default.aspx. On sbs2003, the ISAPI
    Filters tab shows SBSFLT with High Priority, followed by fpexedll.dll with
    Low Priority, and Owalogon with "Unknown" priority. On win2003, the same,
    except SBSFLT is not listed. On sbs2003, HTTP Headers tab has "Enable
    content expiration" checked, and "Expire after 30 days" selected. On
    win2003, that is not checked; and under Custom Web Header, win2003 has listed
    MicrosoftOfficeWebServer: 5.0_Pub and XP-Powered-By: ASP.NET. On sbs2003,
    only XP-Powered-By: ASP.NET is listed. On win2003, on the Server Extensions
    2003 tab, it says "Microsoft SharePoint is installed on this site. Version On sbs2003, it says: This server has not been configured to use
    the server extensions.

    I configured the server extensions for the Default Web Site under sbs2003,
    and made changes to mimic the settings on win2003. However, I am still
    getting "you are not authorized to view this page" when I attempt to access

    Greg Kirkpatrick [SBSC,MCTS-Vista,MCITP], May 17, 2008
  15. "while on the working-RWW server (win2003)..."

    Wait a minute... RWW only comes with SBS 2003. I trust you really mean
    that this is just another SBS 2003 server (that is functioning properly).

    At this point I would install adn run a scan with the SBS 2003 BPA:

    Microsoft Windows Small Business Server 2003 Best Practices Analyzer

    Small Business Server 2003 Best Practices Analyzer Updated

    How to Use the Windows SBS 2003 BPA

    Merv Porter [SBS-MVP]

    Merv Porter [SBS-MVP], May 17, 2008
  16. Correct -- the working-RWW server is named "win2003", but it is an SBS 2003
    Premium R2. The non-working-RWW server is named "sbs2003" and it is an SBS
    2003 Premium R1. Hopefully, that won't make any difference in RWw's setup.

    Your second link was the same as the first, perhaps you meant this one?
    Microsoft Exchange Best Practices Analyzer Web Update Pac

    When I ran SBS 2003 Best Practices Analyzer, I got these 6 warnings:
    Network driver is more than a year old [I know this, but there doesn't
    appear to be an update, either from OEM, Tyan (most recent 2006/01/09) or
    from Vendor, nVidia (most recent 2006/07). ]
    EDNS is enabled [never heard of this, but I followed the steps to disable it]
    The OWA update is not installed [it is now]
    Reverse DNS zone does not allow for secure updates [so why wasn't this set
    automatically? it does now.]
    Windows Backup Wizard has not yet run [I know -- I was waiting to get this
    clean, but now's a good time, I think]
    Microsoft Outlook 2003 is missing [from the ClientApps folder--I hadn't
    installed Outlook 2003 or IE6, as all the workstations are on Office 2007 &
    IE7, but to keep BPA happy, I did so]

    The Reverse DNS message was a tad vague:
    You should configure Reverse Lookup Zone: to allow
    only secure dynamic updates. To configure the Reverse Lookup Zone, click
    Start, point to Administrative Tools, and then click DNS. Right-click the
    Reverse Lookup Zone:, and then click Properties.
    Select Secure only from the Dynamic Updates dropdown list.

    When I looked in DNS, the only entry under Reverse Lookup Zones was
    "192.168.16.x Subnet". I tried to create "" -- but
    then I was told that it already exists. So I went to "192.168.16.x Subnet"
    and right-clicked, and clicked on Properties, and on the General tab, I
    changed the Dynamic Updates drop-down from "non-secure and secure" to "Secure
    only". [Rhetorical question: why on earth is this option even necessary?
    would there ever be a reason to have this set to anything except "Secure
    only"? and if not, why doesn't Windows Update set this automatically?]

    None of those warnings would appear to have any effect on the non-working of
    RWW, and in fact, following the changes, RWW is still showing "You are not
    authorized to view this page" from external and internal workstations.

    Greg Kirkpatrick [SBSC,MCTS-Vista,MCITP], May 17, 2008
  17. That second link should be:

    Small Business Server 2003 Best Practices Analyzer Updated

    Also, let's look at IP restrictions (as in this thread):

    This issue can be caused by incorrect IP restriction settings. Let's try
    following steps to see if it works:

    1. Open Server Management and expand to Internet Information Services node.
    2. Open the Default Web Site's properties
    3. Click the Directory Security tab.
    4. Click the Edit button next to the IP Address and Domain Name Restrictions
    5. Click to choose Granted Access and remove all the entries.
    6. Click OK.

    Merv Porter [SBS-MVP]

    Merv Porter [SBS-MVP], May 17, 2008
  18. Okay, while waiting, I ran the Exchange BPA anyway (after applying the
    Exchange BPA updates), and here are its results:

    Paging file larger than Physical Memory
    [this was not strictly correct, as the current paging file was 2048MB, and
    the Physical Memory is 3.50GB; however, the automatically-created settings
    had a custom size of 2048MB initial and 5348MB maximum, so perhaps it was
    this that triggered the matter, it was a good time to reduce the
    paging file on the Windows drive to 200MB and create a static one of 3500MB
    on another drive.]

    RPC binding does not contain FQDN
    The 'ncacn_ip_tcp' binding for server SBS2003 does not contain a
    fully-qualified domain name.

    Database backup critical
    Database 'Public Folder Store (SBS2003)' on server SBS2003 has never had a
    full online backup.

    Network interface driver file is more than two years old
    [noted...there is no newer file available]

    Storage driver is more than two years old
    [noted...there is no newer file available]

    The 'fast message retrieval' option is not enabled on IMAP4

    The Network News Transfer Protocol (NNTP) service is running on server sbs2003
    [now disabled and stopped]

    Application log size
    As a best practice, the size of the 'Application' log on server
    sbs2003.domain.local should be increased. The current size is 16MB. For
    servers running Microsoft Exchange, a size of 40MB or more is recommended.
    [fixed...set to 40960KB]

    Consider setting TarpitTime
    Recipient filtering is enabled on server sbs2003.domain.local. As a best
    practice, consider setting the 'TarpitTime' parameter as recommended in
    Microsoft Knowledge Base article 899492.
    [registry entry made, and request made for Hotfix from KB article 899492 via
    "Contact Us: Hotfix Request Web Submission Form"...which Microsoft seems to
    keep moving to try to hide, but is currently at:;en;1414&WS=hotfix ]

    Enable automatic updates for message filtering
    Automatic update for the Intelligent Message Filter is not enabled on server
    SBS2003. To improve the effectiveness of the filter, follow the instructions
    outlined in Microsoft Knowledge Base article 907747.
    [why must this be a download-only .DOC file? First it says you should
    enable automatic updates for message filtering, then it says you should not
    have them automatically installed!! -- and this is only the tip of the
    Intelligent Message Filtering options. Done.]

    Crash upload logging disabled
    Exchange fatal error information on server sbs2003.domain.local is not
    automatically sent to Microsoft for analysis. It is recommended that you
    enable this feature through the Exchange System Manager.
    [now enabled]

    Sink registration not found Small Business Server Attachment Remover
    Transport event sink 'Small Business Server Attachment Remover' was found in
    the metabase for SMTP instance '1' on server sbs2003.domain.local but its
    registration could not be found. Registration expected in
    [this is one I'm going to need help with...the instructions on what to do to
    re-register the sink dll's are clear, but when I ran them as instructed from
    the \Program Files\Exchsrvr\Bin directory, I got errors for each one, all of
    them similar to this last one:
    msgfilter.dll was loaded, but the DllInstall entry point was not found.

    This file can not be registered.

    So much for Exchange Best Practices Analyzer.

    As for the Small Business Server 2003 Best Practices Analyzer, I was already
    automatically seeking and downloading updates, so I was using the latest

    I followed the steps to ascertain the "IP Address and Domain Name
    Restrictions" of the Default Web Site, and it was already set to Grant Access
    with nothing listed as exceptions. Knowing how these settings can sometimes
    be entered in the Registry incorrectly, I reset this to Deny Access (applied
    to all) and clicked OK and APPLY and OK, then repeated the steps to change it
    back to Grant Access.

    One thing I did notice, is that for anonymous access to the Default Web
    Site, it is checking the password for IUSR_SBS2003, and perhaps the problem
    is there. I reset the password for this user in AD, and changed it for
    Default Web Site and the other Virtual Directories in IIS Admin, as well as
    for each of the Web Sites under the Virtual Directories that had anonymous
    access checked.

    In the message thread you mentioned, there was a mention of an ISAPI Filter
    sbssft.dll for Default Web Site. It was not there, and I have added it.
    However, I question whether it is indeed necessary, since a working-RRW SBS
    server does not have this entry.

    Having rebooted the server, it appears I have done something wrong, as the
    Exchange Best Practices Analzyer now cannot connect to the first
    administration group under the SERVER -- there is an orange circle with a
    white X next to it.

    However, I just tested from an external connection, and REMOTE WEB WORKPLACE

    Huzzah, Merv! Thank you.

    That fixes both RWW and RDC, so I think I'll stop this thread, and start a
    new one in the Exchange newsgroup.

    Greg Kirkpatrick [SBSC,MCTS-Vista,MCITP], May 18, 2008
  19. Again, Merv, thank you for your help!

    I figured out the reason Exchange Best Practices Analyzer could not connect
    to the server -- a mistyping in the previous entry was the culprit. It's
    working fine now, with (almost) no issues, and certainly no critical ones.

    While Remote Web Workplace is working, and Remote Desktop Connection will
    connect directly with the server (port 3389 is forwarded to, the
    WAN Ethernet adapter of the server), I cannot Connect to Server Desktops or
    Connect to Client Desktops from Remote Web Workplace. I have seen this
    problem in newsgroups previously, so perhaps I can find the solution.

    Greg Kirkpatrick [SBSC,MCTS-Vista,MCITP], May 19, 2008
  20. Sounds like you're getting closer Greg. :)

    What error message are you getting when you try to access a workstation via
    RWW? In your router, are you sure you have port 4125 forwarded to your
    external NIC (

    You can take the router out of the equation by connecting a spare
    workstation or laptop to a port onthe router, putting it in a workgroup,
    giving it an IP address in the same range as the LAN side of the router
    (192.168.2.x) and giving it a gateway of the router IP address
    ( Then try to RWW into the server and workstations. If you
    still can't, then their is a configuration or software issue with the SBS

    Merv Porter [SBS-MVP]

    Merv Porter [SBS-MVP], May 19, 2008
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.