RWW via VPN only partially working

Discussion in 'Windows Small Business Server' started by Mitch Reno, Jun 4, 2008.

  1. Mitch Reno

    Mitch Reno Guest

    I have an SBS2003 network with three workstations running Vista Business.
    Before I changed out the network workstations to new machines running Vista
    Business, I could connect via VPN and use RWW to access my old networked XP
    desktops. NOW I can connect via VPN to the SBS server and get to the RWW
    screen from my laptop at home (which is running Vista Home Premium). I can
    access the help desk screen. I can use Outlook web access. But I can't get
    to the main objects I need; which are the desktops. I keep getting the
    message that the computer to which I am trying to connect - must be turned
    off.

    Any suggestions would be appreciated.
     
    Mitch Reno, Jun 4, 2008
    #1
    1. Advertisements

  2. Mitch Reno

    Colin Guest

    Hi Mitch,

    Why are you trying to use RWW via VPN ? You can do away with the VPN and use
    RWW on it's own. Much more secure and also faster. Were the Vista PC's
    connected to the domain via CEICW ? If so, make sure ports 443 and 4125 are
    forwarded from your firewall to your server and you should be good to go.

    Regards Colin.
     
    Colin, Jun 4, 2008
    #2
    1. Advertisements

  3. Mitch Reno

    Mitch Reno Guest

    Maybe I'm misunderstanding something, but our Server's URL ends with a
    ..local. I thought to access RWW directly I needed a publicly available URL.
    Or do I get to it just using the external IP address?

    Thanks for your help.
     
    Mitch Reno, Jun 4, 2008
    #3
  4. Mitch Reno

    SteveB Guest

    Do you have a registered domain name? If so you can use something like
    https://remote.domain.com/remote with the proper externally hosted DNS
    records and rerunning the CEICW. Otherwise you can use the external address.
    As Colin says there's no need for the extra configuration of VPN and
    potential security risks.

     
    SteveB, Jun 4, 2008
    #4
  5. Susan Bradley, Jun 4, 2008
    #5
  6. Mitch Reno

    Joe Guest

    Can you connect to those workstations using RDP from another LAN
    workstation?

    RWW uses RDP to reach the workstations, you connect using port 4125 and
    SBS redirects this to 3389 on the workstation you requested. Unless the
    workstation has been set up for RDP, it won't work. Connectcomputer
    should have organised this, if you didn't join the machine to the domain
    that way you need to do it manually. RDP itself has to be enabled and
    also particular users need to be authorised. The easiest way to do the
    latter is to add the domain security group RWW Users to the users
    permitted to connect to the workstation.

    Remote connection properties are under Control Panel, System somewhere.
    I don't have a running Vista B machine at hand.
     
    Joe, Jun 4, 2008
    #6
  7. Mitch Reno

    Mitch Reno Guest

    When I try to do this I get the message that Internet Explorer cannot display
    the webpage.
     
    Mitch Reno, Jun 4, 2008
    #7
  8. Mitch Reno

    Mitch Reno Guest

    I don't have a registered domain name. The domain we use ends with .local .
    The ip address doesn't get me through either. In fact less connectivity than
    if I use the VPN that has been created.
     
    Mitch Reno, Jun 4, 2008
    #8
  9. Mitch Reno

    Mitch Reno Guest

    I believe I picked an IP address since my dns name isn't publicly registered.
     
    Mitch Reno, Jun 4, 2008
    #9
  10. Hi Mitch,

    While VPN is one way to access your server, it can be a path for malware and
    viruses. RWW or a straight RDC session (without connecting the hard drives
    of the remote machine and the server/workstation) is generally a better way.
    VPN also exacts some additional connection "overhead", which can affect the
    end user experience (i.e., slow performance).

    Make sure ports 4125 and 443 are forwarded to your SBS NIC (or your SBS
    external NIC if you have 2 NICs in the SBS server).

    Then, as Jim said, re-run CEICW, enable the firewall, select the services
    you want, create the Web Server Certificate with your WAN IP address (the
    one given you by your ISP) and then complete the rest of CEICW. Then, RWW
    directly using: https://<WANIPAddress>/remote

    CEICW Walkthrough
    (for two SBS NICs but most screen will alos work for single SBS NIC)
    http://www.sbs-rocks.com/sbs2k3/sbs2k3-n2.htm

    What is my IP address
    http://whatismyip.com/

    If you have a dynamic (not static) WAN IP address assigned by your ISP, it
    may change over time. You will need a (free) service like www.dyndns.com to
    keep track of these changes so you can always have access to your server and
    workstations. This will also give you a hosyname like:
    yourcompany.dyndns.org that will be constantly mapped to your (potentially
    changing) WAN IP address. When you get this set up with www.dyndns.com,
    re-run CEICW and recreate the Web Server Certificate using your new hostname
    (yourcompany.dyndns.org). From that point, you can access RWW with:
    https://yourcompany.dyndns.org/remote

    More info on how to set up SBS 2003 using a dynamic WAN IP address:

    SBS 2003 DDNS and Email Setup Procedure
    (includes RWW info)
    http://groups.google.com/group/microsoft.public.windows.server.sbs/msg/be1d68ee2e0ba0d4?hl=en


    --
    Merv Porter [SBS-MVP]
    ============================

     
    Merv Porter [SBS-MVP], Jun 4, 2008
    #10
  11. First, let me say that I agree with others that RWW is really designed to
    allow access without falling back to VPN. If you have a VPN, might as well
    use RDP instead of RWW. But hey, you have a system that worked for
    you...why complicate things? ;)

    So with that out of the way, Vista's firewall is a little more aggressive
    than XP's. You'll have to use the GPMC in Vista (or the downloadable one
    for Vista SP1) and use the advanced firewall snap-in to open your RWW ports
    already mentioned in this thread. That'll get you back up and running in
    your current config.

    -Cliff

     
    Cliff Galiher, Jun 5, 2008
    #11
  12. Mitch Reno

    Mitch Reno Guest

    I'm clear on everything you wrote except " create the Web Server
    Certificate". Where do I look for that item. Thanks

    Mitch


     
    Mitch Reno, Jun 5, 2008
    #12
  13. Mitch Reno

    Mitch Reno Guest

    What is the GPMC, where do I look.

    Thanks
     
    Mitch Reno, Jun 5, 2008
    #13
  14. See the "CEICW Walkthrough" link I posted:

    CEICW Walkthrough
    http://www.sbs-rocks.com/sbs2k3/sbs2k3-n2.htm

    It will show you the screen for Web Server Certificate creation. (about half
    way down the page; the screen shot is for the Web Server Certificate page in
    CEICW)

    --
    Merv Porter [SBS-MVP]
    ============================


     
    Merv Porter [SBS-MVP], Jun 5, 2008
    #14
  15. Group Policy Management Console. On Vista RTM, just type gpmc.msc in the
    search start bar.

    Vista SP1 uninstalls this utility (understandably) because it is really a
    management tool and shouldn't be on client PC's. But you can get an updated
    version with the RSAT (remote server administration tools) pack. This is a
    package of tools for remotely administering a server, including a Vista
    compatible version of DNS, ADUC, DHCP, and GPMC. I'd post a link, but there
    are different versions for different variants of the OS. A quick technet
    search will help you.

    Good luck!

    -Cliff
     
    Cliff Galiher, Jun 5, 2008
    #15
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.