SBS help in Wichita Kansas

Discussion in 'Windows Small Business Server' started by bob, May 18, 2004.

  1. bob

    bob Guest

    Is there someone for hire or willing to help me out to set up my serer and
    client so I can access my mail and files off site. I just can't get it to
    work and I really need to get this up and running. I'm not a full blown
    network tech but can follow instructions. I have the book but, not working
    out.

    Bob Allen
     
    bob, May 18, 2004
    #1
    1. Advertisements

  2. Bob
    You will find lots of offers to help here

    First, are you using SBS 2003?? Standard or Premium
    Second specifically what are you having trouble with
    Third be sure to copy and post any specific error messages you are getting

    Fourth and perhaps most important...how many nics in the server and what are
    they connected to??

    We can go from there
     
    Cris Hanna \(SBS-MVP\), May 18, 2004
    #2
    1. Advertisements

  3. bob

    bob Guest

    Two NIC's, one connected to a Linksys WRV54G router with DHCP disabled,
    static IP, second NIC to a switch where all the clients are connected. SBS
    2003 standard. I moved the sbs box to my new office after having it at
    home. I have three clients connected and working at the office. I'm trying
    to get the client at home that was connected to the box to connect using VPN
    or what ever will work. Since I moved the box, my client at home of course
    keeps telling me I'm not connected to the network. It had administrator
    rights and I was able to remotely work on the server from it then. I
    attempted to create a VPN connection last night using the instructions
    starting on page 384. I did everything to starting on page 382 on the box
    before leaving the office. I have all those ports forwarded to the external
    NIC I think. At this point I'm a little overwhelmed but I think I have it
    right, or I may not. I received an error on the home client after setting
    up the new connection, "Error 798 A certificate could not be found that
    could be used with this Extensible Authensible Authentication Protocol". I
    need to get my laptop setup and need to attempt this first. All computers
    connected and will be connected are on XP Pro with all updates. The laptop
    has yet to be joined to the network and I plan to join it this morning hard
    wired first. I can use the wireless to check the remote setup after that.
    I have read using RWW is better than VPN on this board. I'll do what ever
    it takes to get these two remote computers up and running, at this point,
    laptop first. Just what do I need to do to accomplish this? I have read
    posts on this board, bought the Microsoft book and getting pretty frustrated
    at this point. I can't find anyone in town that knows SBS 2003. Plenty of
    people that would like to play with it on my dime.

    Thanks in advance,

    Bob


    Bob
    You will find lots of offers to help here

    First, are you using SBS 2003?? Standard or Premium
    Second specifically what are you having trouble with
    Third be sure to copy and post any specific error messages you are getting

    Fourth and perhaps most important...how many nics in the server and what are
    they connected to??

    We can go from there
     
    bob, May 18, 2004
    #3
  4. bob

    Bob Guest

    Well, it looks as though I'm screwed. SBSers, thanks for the help given in
    the last few months but I just about have no choice but to wipe the server
    and install XP Pro and do my networking that way, go back to POP on each
    computer and web mail when I'm out of the office and shelf SBS 2003. Maybe
    some time next year I'll attempt SBS again. Oh well, it's only money I
    guess. Microsoft got me again.
     
    Bob, May 19, 2004
    #4
  5. Well Bob,
    I doubt you are screwed
    If the only problem you are having is getting into the server remotely I'm
    pretty sure we can resolve that

    What kind of IP scheme are you using at home??
    What OS are you running at home (XP Pro I hope)
    After you got the SBS to the office, did you by chance run the ICW again??
    When it ask you about creating the certificate, did you put in your .com
    domain or your .local domain information.

    You have a very very common situation that is perfect for SBS and there are
    thousands of installs out there doing what you're doing
    Give us a chance, and we'll help you but we all volunteer our time here

    Unless you wanna fly me to Wichita (from St Louis)...LOL
     
    Cris Hanna \(SBS-MVP\), May 19, 2004
    #5
  6. bob

    bob Guest

    IP at home is Cox dynamic behind a Linksys router, everything is XP Pro with
    all the latest updates and patches and Office 2003 products home and office.
    Yes, I did run ICW when I moved the box to the office. I created the
    certificate on the local domain on the initial install and have not changed
    it since then. I can RWW from the clients at the office connected hard
    wired with no problem. Ports, that's where I might be a little confused. I
    have a bunch forwarded to the internal NIC right now, perhaps to many, just
    trying everything. Could you be so kind and tell me just which ones I need
    to forward? I'm using POP with smarthost so I don't need to open for smtp.
    Am I right in thinking I forward the ports to the NIC that is used for
    connecting to the internet? The second NIC, for internal usage I have given
    an IP address that will not allow it to be forwarded, the router forwarding
    port setup only allows the last digits to be changed. Did I cover
    everything?

    Thank you so much for the help, I'm at wits end and unless I can get set up
    by tomorrow morning I'm going to have to shut down my email for a few days
    coming into the server and work through web mail as I'm going out of town on
    a business trip and must have access to my mail.

    Bob


    Well Bob,
    I doubt you are screwed
    If the only problem you are having is getting into the server remotely I'm
    pretty sure we can resolve that

    What kind of IP scheme are you using at home??
    What OS are you running at home (XP Pro I hope)
    After you got the SBS to the office, did you by chance run the ICW again??
    When it ask you about creating the certificate, did you put in your .com
    domain or your .local domain information.

    You have a very very common situation that is perfect for SBS and there are
    thousands of installs out there doing what you're doing
    Give us a chance, and we'll help you but we all volunteer our time here

    Unless you wanna fly me to Wichita (from St Louis)...LOL
     
    bob, May 19, 2004
    #6
  7. Bob:

    If I understand your situation, you want to use RWW to access a WinXP Pro
    workstation at the office from a WinXP Pro workstation (or laptop) at home
    or on the road. You should only need to forward the following ports to the
    IP address of the second NIC on your SBS server (I'm assuming this is a
    static WAN IP address that has been assigned to you by your ISP):

    443 (https://)
    4125 (RWW)

    Ports that Enable Remote Access to SBS Services
    http://www.winnetmag.com/Files/40832/Table_01.html

    Wayne Small has published a good article on the basics of setting up RWW:
    http://www.sbsfaq.com/news/getArtic...479C5D360FB473600B0000000249E20000&path=News/

    Run CEICW and enable the Basic Firewall for RWW.
    The WINXP Pro LAN workstations need to be set up for Remote Desktop with the
    appropriate remote users given permissions to access each workstation.

    If you're not running Exchange with SMTP (you said you were using POP3), you
    can create the certificate using your static WAN IP address you got from
    your ISP; or, if you're ISP uses dynamic addressing, you can sign up with a
    DDNS (Dynamic DNS) service like TZO, DNS2GO or DYNDNS to track changes to
    your external IP address (WAN IP address). With DDNS you would set up the
    certificate using the domain name you create at the DDNS service provider's
    web site. For a quick setup (and assuming you have a dynamically assigned
    WAN IP address does not change very often), you could also set up the
    certificate using your dynamic WAN IP address. Just be aware that this WAN
    address is subject to change at any time (which is why you need a DDNS
    service in the long run).

    Also, let the SBS server handle all DHCP Service for your LAN (and turn off
    DHCP Service on the router). And to get your SBS up and running for now,
    just set up LAN workstations using wired connections (not wireless).

    I suggest doing the router setup (port forwarding) manually as sometimes
    UPNP does not work correctly.
     
    Merv Porter [SBS-MVP], May 19, 2004
    #7
  8. bob

    bob Guest

    I'm on a static IP at the office, that is where I'm trying to access. Am I
    understanding you correctly that RWW gets me to my desktop XP station? If I
    can get into the server that is. Does the desktop need to be on and
    running? As for forwarding ports to the second NIC, the configuration area
    on the router only allows me to change the last entry of the IP address,
    i.e.. 192.168.1.xxx, xxx being the changeable part. The second NIC that is
    used for internal has a different number than the 168. Is that where my
    problem might be? As for the certificate, perhaps I need to reissue it and
    from what I understand you saying, use the assigned static IP address by my
    ISP, correct? I have exchange installed and am using it for retrieving
    email, smarthost for sending using my ISP's smtp.

    Bob:

    If I understand your situation, you want to use RWW to access a WinXP Pro
    workstation at the office from a WinXP Pro workstation (or laptop) at home
    or on the road. You should only need to forward the following ports to the
    IP address of the second NIC on your SBS server (I'm assuming this is a
    static WAN IP address that has been assigned to you by your ISP):

    443 (https://)
    4125 (RWW)

    Ports that Enable Remote Access to SBS Services
    http://www.winnetmag.com/Files/40832/Table_01.html

    Wayne Small has published a good article on the basics of setting up RWW:
    http://www.sbsfaq.com/news/getArtic...479C5D360FB473600B0000000249E20000&path=News/

    Run CEICW and enable the Basic Firewall for RWW.
    The WINXP Pro LAN workstations need to be set up for Remote Desktop with the
    appropriate remote users given permissions to access each workstation.

    If you're not running Exchange with SMTP (you said you were using POP3), you
    can create the certificate using your static WAN IP address you got from
    your ISP; or, if you're ISP uses dynamic addressing, you can sign up with a
    DDNS (Dynamic DNS) service like TZO, DNS2GO or DYNDNS to track changes to
    your external IP address (WAN IP address). With DDNS you would set up the
    certificate using the domain name you create at the DDNS service provider's
    web site. For a quick setup (and assuming you have a dynamically assigned
    WAN IP address does not change very often), you could also set up the
    certificate using your dynamic WAN IP address. Just be aware that this WAN
    address is subject to change at any time (which is why you need a DDNS
    service in the long run).

    Also, let the SBS server handle all DHCP Service for your LAN (and turn off
    DHCP Service on the router). And to get your SBS up and running for now,
    just set up LAN workstations using wired connections (not wireless).

    I suggest doing the router setup (port forwarding) manually as sometimes
    UPNP does not work correctly.
     
    bob, May 19, 2004
    #8
  9. Yes, RWW will allow you to remotely control your LAN WinXP Pro workstation
    from another computer with Internet access (at home, on the road or even on
    the LAN). The computer doing the controlling only needs to be Win9x or
    above. The "controlled" computer on the LAN needs to be WinXP Pro. It must
    be turned on at all times to be accessible via RWW. Basically, you are
    authenticating to the SBS server and then on to the WinXP Pro LAN
    workstation. The faster the Internet connection at both ends, the better
    the user "experience" is in remote controlling the LAN workstation.

    Ignoring references to ISA, the SBS network should be generally configured
    as found at: (see the diagram)
    http://www.smallbizserver.net/DesktopDefault.aspx?tabid=111

    Your "internal" NIC (LAN NIC) will probably have an IP range of
    192.168.16.2, which is the default for SBS. All LAN workstations will have
    local IPs in the range 192.168.16.x and should be connected to a hub or
    switch along with the SBS internal NIC. Your "external" NIC would have an
    IP in the same range as the router's LAN address. So, if your router LAN
    address is 192.168.1.1, then your external NIC would be something like
    192.168.1.2 (or anything in the 192.168.1.x range). As you've speculated,
    the external NIC must be in the same IP range as the LAN side of the router.

    You can use the static WAN IP for the certificate if you don't have a FQDN
    established yet (Fully Qualified Domain Name; like "yourcompanyname.com") or
    if you don't have Exchange MX & A records established (i.e., an Exchange
    domain name like "mail.yourcompany.com"). There may be some minor issues
    with using the WAN IP address but to get you up and running in the shortest
    time, that is what I would use.

    --
    Merv Porter [SBS MVP]
    ===================================
     
    Merv Porter [SBS-MVP], May 19, 2004
    #9
  10. bob

    Bob Allen Guest

    OK, so say I have this set up correctly. What do I type into my browser to
    access the RWW? https://myserver.name.local Or do I type this in an open
    dos window? http with or without the "s"?

     
    Bob Allen, May 19, 2004
    #10
  11. bob

    Bob Allen Guest

    OK, so say I have this set up correctly. What do I type into my browser to
    access the RWW? https://myserver.name.local Or do I type this in an open
    dos window? http with or without the "s"?

     
    Bob Allen, May 19, 2004
    #11
  12. Hi Bob:

    From your remote (home) computer, open Internet Explorer and type:
    https://myservername.mycompanyname.com/remote
    or
    https://xxx.xxx.xxx.xxx/remote
    (if you created the certificate with the WAN IP address).

    This should pop-up a window that requires you to install the certificate on
    your remote (home) computer. After that, you'll be presented with the RWW
    login screen and then the RWW main screen.

    --
    Merv Porter [SBS MVP]
    ===================================
     
    Merv Porter [SBS-MVP], May 20, 2004
    #12
  13. BTW... you can download a sample chapter (.pdf format) of Harry Brelsford
    Windows Small Business Server 2003 Best Practices at:
    http://www.nwlink.com/~harryb/sbs/

    This sample chapter (chapter 8) covers setup and use of RWW. :)

    --
    Merv Porter [SBS MVP]
    ===================================

     
    Merv Porter [SBS-MVP], May 20, 2004
    #13
  14. bob

    bob Guest

    Thanks for the help, I attempted the instructions on the link and apparently
    the Linksys decided to go toast during the process. Ended up resetting the
    internal NIC to static IP configurations to get back on line. Yes, I did
    reset the router, I even attempted to ping it and received four hardware
    failure replies. Now I'm out of time and without a hardware firewall, only
    using the SBS FW after running ICW and unchecking everything. I hope this
    gives me some kind of security until I can get a REAL firewall and try this
    again with all the pointers from everyone. Before leaving town I'll have to
    shut down exchange from downloading my email and use my webmail. Of course
    this means I'll have to wade through a hundred spam messages to get my stuff
    because of the spam parasites.

    I would almost do time if I could get my hands on a person who is a big
    spammer.

    Any firewall recommendations?????

    Thanks,

    Bob


    BTW... you can download a sample chapter (.pdf format) of Harry Brelsford
    Windows Small Business Server 2003 Best Practices at:
    http://www.nwlink.com/~harryb/sbs/

    This sample chapter (chapter 8) covers setup and use of RWW. :)

    --
    Merv Porter [SBS MVP]
    ===================================

     
    bob, May 20, 2004
    #14
  15. Hardware firewall depends on your budget and level of risk. The higher end
    ones (Sonicwall, Cisco, Watchguard or equivalent) can set you back $2000 or
    more. These have features comparable to using ISA (found in SBS 2003
    Premium) and are considered "industrial strength". They can monitor ingress
    and egress traffic from your LAN, provide extensive monitoring and reporting
    while protecting against higher level attacks like denial of service. At
    the low end, a cheap router firewall for about $50 (DLink DI-604) can
    provide basic firewall protection, especially when coupled with the Basic
    Firewall included with SBS 2003 Standard. They also provide some of the
    port forwarding and set up features of the more expensive models.

    --
    Merv Porter [SBS MVP]
    ===================================

     
    Merv Porter [SBS-MVP], May 20, 2004
    #15
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.