RWW through server using site to site VPN to workstation

Discussion in 'Windows Small Business Server' started by Don Morton, Dec 30, 2005.

  1. Don Morton

    Don Morton Guest

    Hello All,

    I have an SBS 2003 Premium box behind a Netgear FVS318 v1 (No ISA) (I'll
    call it Site 1) and a second network in another city behind an FVS318 v3
    (Site 2).

    Users at Site 1 can use RWW without issue. Users from Site 2 cannot connect
    to their workstations. Both networks are connected with Netgear gateway to
    gateway VPN.

    Any help is appreciated!
     
    Don Morton, Dec 30, 2005
    #1
    1. Advertisements

  2. Hi,

    Thanks for posting here.

    I am sorry for the delayed response due to weekend and New Year holiday.
    Please understand that the newsgroups are staffed weekdays by Microsoft
    Support professionals to answer your systems and applications questions.
    Your understanding is greatly appreciated!

    From your description, I understand the issue to be: users in remote site
    can not connect to their workstations trough RWW site in site to site VPN
    environment. If I am off base, please don't hesitate to let me know.

    Before we go further, please kindly help me collect some information to
    isolate the issue:

    1. What is the accurate situation when users in site 2 access the RWW site?
    When they click the link "Connect to my computer at work", can they see
    their workstation list here? If yes, what is the accurate error message
    they received when they connected to their workstations?
    2. Please run the following command line on the server box, what is the
    output you received.
    "telnet workstationIP:3389"(no quotation marks)
    Note: please change the "workstationIP" to one workstation IP in site 2.

    3. Have you installed additional DC in site 2? How you join computers in
    site 2 to the SBS domain? Which OU the computer objects in site 2 locates?
    Can you find them in ADUC - >domainname -> MyBusiness -> Computers ->
    SBSComputers OU?

    4. Please collect your workstation IP reports respectively on the SBS
    server box, one workstation in site 1 and one workstation in site 2. please
    run command "ipconfig /all" (no quotation marks)

    I appreciate your time! I am happy to be assistance to you and look forward
    to your reply!

    Have a nice day!

    Sincerely,

    Jenny Wu
    Microsoft CSS Online Newsgroup Support
    Get Secure! - www.microsoft.com/security
    ======================================================
    This newsgroup only focuses on SBS technical issues. If you have issues
    regarding other Microsoft products, you'd better post in the corresponding
    newsgroups so that they can be resolved in an efficient and timely manner.
    You can locate the newsgroup here:
    http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

    When opening a new thread via the web interface, we recommend you check the
    "Notify me of replies" box to receive e-mail notifications when there are
    any updates in your thread. When responding to posts via your newsreader,
    please "Reply to Group" so that others may learn and benefit from your
    issue.

    Microsoft engineers can only focus on one issue per thread. Although we
    provide other information for your reference, we recommend you post
    different incidents in different threads to keep the thread clean. In doing
    so, it will ensure your issues are resolved in a timely manner.

    For urgent issues, you may want to contact Microsoft CSS directly. Please
    check http://support.microsoft.com for regional support phone numbers.

    Any input or comments in this thread are highly appreciated.
    ======================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.

    --------------------
     
    Jenny wu [MSFT], Jan 3, 2006
    #2
    1. Advertisements

  3. Don Morton

    Don Morton Guest

    1. Their workstations do appear in the RWW list.

    Error:
    The client could not establish a connection to the remote computer. The
    most likely causes for this error are:

    1) Remote connections might not be enabled at the remote computer.
    2) The maximum number of connections might be exceeded at the remote
    computer.
    3) A network error might have occurred while establishing the connection.
    4) The Remote Web Workplace designated port might be blocked by a firewall.

    I have also tried connecting to the workstation with Terminal Services
    through the "Manage Your Server> Client Computers" interface.
    Logging in as that workstation's user: "The system could not log you on.
    Make sure your User name and domain are correct, then type your password
    again. Letters in passwords must be typed using the correct case."

    Logging in as domain admin: "The local policy of this system does not
    permit you to logon interactively."

    2. Telnet to IP fails, but telnet to computername: "Connecting to
    computername:3389... Could not open connection to the host, on port 23:
    Connect failed"

    3. No additional DC at site 2. Users authenticate to the SBS 2003 DC over
    the VPN.

    4. I will run ipconfig /all >C:\site1.log and ipconfig /all >C:\site2.log
    when onsite and will post ASAP.
     
    Don Morton, Jan 4, 2006
    #3
  4. Hi,

    Thanks for your update.

    Now please perform the following tests to isolate the issue:

    I. Please logon one client computer in site 2, run command "telnet
    computerIP:3389" (no quotation marks) , can you connect to it successfully?

    Note: please change the "computerIP" to the valid computer IP address in
    the site 2. Also please ensure you have input correct command as I
    provided.

    The symptom of "Could not open connection to the host, on port 23: Connect
    failed" indicates the command has been input incorrectly.

    II. Please check the following settings on computers in site 2:

    A. Right-click My Computer and click Properties.
    B. On the Remote tab, is the "Allow users to connect remotely to this
    computer" checked?
    C. Click Select Remote Users, check if the domain user is in the users list.

    If the checkbox of "Allow users to connect remotely to this computer" is
    NOT checked, please check it and then run command "gpupdate /force" (no
    quotation marks) on the computer and then logoff and logon the computer.
    Then please try to setup RDP connection to the computer (mstsc), how about
    the result?

    Refer to the following Knowledge Base article for more information:

    315328 How to Use the Remote Desktop Feature of Windows XP Professional
    http://support.microsoft.com/?id=315328

    Additionally have you installed any software firewall or hardware firewall
    on the site 2? If yes, please ensure that you have opened 3389 port on the
    software firewall or hardware firewall.

    Can you find any error events in Event Viewer on the SBS server box? If
    yes, please tell me the detail error information in the newsgroup or mal me
    the error log for further analyze.

    To save a text copy of Application /System log:

    A. Open Event Viewer: Start -> All Programs -> Administrative Tools ->
    Event Viewer.
    B. Right-click on Application/System log and select "Save Log File As?".
    Please send the log files to my mailbox:

    I appreciate your time!

    Have a nice day!

    Sincerely,

    Jenny Wu
    Microsoft CSS Online Newsgroup Support
    Get Secure! - www.microsoft.com/security
    ======================================================
    This newsgroup only focuses on SBS technical issues. If you have issues
    regarding other Microsoft products, you'd better post in the corresponding
    newsgroups so that they can be resolved in an efficient and timely manner.
    You can locate the newsgroup here:
    http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

    When opening a new thread via the web interface, we recommend you check the
    "Notify me of replies" box to receive e-mail notifications when there are
    any updates in your thread. When responding to posts via your newsreader,
    please "Reply to Group" so that others may learn and benefit from your
    issue.

    Microsoft engineers can only focus on one issue per thread. Although we
    provide other information for your reference, we recommend you post
    different incidents in different threads to keep the thread clean. In doing
    so, it will ensure your issues are resolved in a timely manner.

    For urgent issues, you may want to contact Microsoft CSS directly. Please
    check http://support.microsoft.com for regional support phone numbers.

    Any input or comments in this thread are highly appreciated.
    ======================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.

    --------------------
     
    Jenny wu [MSFT], Jan 5, 2006
    #4
  5. Don Morton

    Don Morton Guest

    I found that the source of our problem lies within IIS permissions:
    http://www.adminlife.com/247reference/msgs/34/170818.aspx

    "the other option you have is to Internet Services Manager, right click the
    web site you want to access, and choose properties. Then click on the
    directory security tab, then click the edit button next to "IP address and
    domain name restrictions". Select the option "granted access". Click OK, then
    restart the web site. you should be able to access the web site from your
    internet client."
     
    Don Morton, Jan 16, 2006
    #5
  6. Hi,

    Thanks for your update. I am glad to know that things are getting fine now.
    Thanks so much for your knowledge sharing-)!

    Please feel free to post back when you need further assistance on this
    issue and you are always welcome!

    Have a nice day!

    Sincerely,

    Jenny Wu
    Microsoft CSS Online Newsgroup Support
    Get Secure! - www.microsoft.com/security
    ======================================================
    This newsgroup only focuses on SBS technical issues. If you have issues
    regarding other Microsoft products, you'd better post in the corresponding
    newsgroups so that they can be resolved in an efficient and timely manner.
    You can locate the newsgroup here:
    http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

    When opening a new thread via the web interface, we recommend you check the
    "Notify me of replies" box to receive e-mail notifications when there are
    any updates in your thread. When responding to posts via your newsreader,
    please "Reply to Group" so that others may learn and benefit from your
    issue.

    Microsoft engineers can only focus on one issue per thread. Although we
    provide other information for your reference, we recommend you post
    different incidents in different threads to keep the thread clean. In doing
    so, it will ensure your issues are resolved in a timely manner.

    For urgent issues, you may want to contact Microsoft CSS directly. Please
    check http://support.microsoft.com for regional support phone numbers.

    Any input or comments in this thread are highly appreciated.
    ======================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.

    --------------------
     
    Jenny wu [MSFT], Jan 17, 2006
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.