External RWW to XP Client Error

Hi all,

I am having the error "The client could not establish a connection to
the remote computer. The most likely causes for this error are:..." come
up during an attempt to connect to an XP domain member client via RWW
using an external source via ISA.

I have searched high and low, and tried others suggestions. This
includes:

- Disabling the firewall completely on the client
- Adding 4125 to the firewall on the client
- Connecting to the client via RWW using the ISA servers IE explorer*
(this works fine with both ISA proxy enabled and disabled in IE
options)*
- Fiddling with SSL certs (I have a GeoTrust SSL installed)
- Making a temp SMTP virtual server on 4125 and using telnet from an
external source to access it. This works. I get an Exchange banner.
- Rerunning CECIW wizard, making sure OWA, RWW and Outlook via Internet
are ticked

Outlook OWA works fine
RWW from an external source will let me login, but I cannot connect to
server or client desktops. I can if I login to RWW from inside the
network.

Server is SBS Server 2003 Premium. ISA, Exchange, DHCP, DNS, RRAS
installed.
Client is XP SP3.

Any help would be appreciated!


--
baldwb
------------------------------------------------------------------------
baldwb's Profile: http://forums.techarena.in/members/156228.htm
View this thread: http://forums.techarena.in/server-networking/1273031.htm

http://forums.techarena.in

After accessing RWW, can you ping the server by IP?

After accessing RWW, can you ping the server by IP?

--
Bob Lin, Microsoft-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com

Hi Bob,I am unsure as to what you mean with this.

Hi Bob,

I am unsure as to what you mean with this. I cannot open a command prompt
within RWW, so I cannot ping the server nor the client.

If you are referring to pinging the server from an external source,
then no, ISA is configured to not answer ping requests.

I am led to believe this is an ISA configuration error, as previously
said, I can access RWW by using http://localhost/remote on the SBS
server/ISA server, and I can connect to the client that way. If I choose
to access RWW using the FQDN that would normally be used for external
users (as using the FQDN makes the traffic go external then come back in
on the external interface) (e.g. https://server.domain.com/remote,
either on the SBS server/ISA server or using an external client, I get
the error.

Hope this helps a bit.

Cheers :)


--
baldwb
------------------------------------------------------------------------
baldwb's Profile: http://forums.techarena.in/members/156228.htm
View this thread: http://forums.techarena.in/server-networking/1273031.htm

http://forums.techarena.in

If you can access RWW internally but externally, I would check the

If you can access RWW internally but externally, I would check the IA
configuration first.  For the troubleshooting, you may want to create a new
rule in the top and allow all traffics.

--
Bob Lin, Microsoft-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com

Did you publish the Company Web site in ISA?

Did you publish the Company Web site in ISA?

Also, I would highly suggest to post this to the SBS newsgroup for specific
help from the SBS folks that may have other suggestions. I cross-posted this
for your convenience. Just check back here for responses.


--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA
2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.

Have you opened TCP 4125 on your firewall to the SBS server?How about in ISA?

Have you opened TCP 4125 on your firewall to the SBS server?
How about in ISA?
Is Remote Desktop enabled on the machine you are trying to connect to?

Note, even though I cross-posted my previous post, for some reason I had to
add the SBS newsgroup to the To: list when posting this post, otherwise the
SBS newsgroup folks, which can really better help with this issue than
myself, are not seeing your responses.

I think you are probably not able to do that since you are using Techarena.
Techarena is not the best resource to use when posting questions for help.
Reason is Techarena PULLS and PUSHES posts from the actual Microsoft Public
Free Newsgroups. Yep, the MIcrosoft groups are FREE.

You can use Outlook Express (XP or older) or Windows Mail (Vista or 7),
setup a news account, and select news.microsoft.com as the newsgroup server.
There is no logging on required, it is free, you do not have to sign up, you
can remain anonymous, etc. You can post to multiple groups, watch your
subscribed groups, etc. Techarena does not give you that, and you have to
create an account, etc.

I know Techarena folks do not like to hear that, but I thought to post it so
everyone is informed on how the whole thing works and to give you options to
expand your resources.


Ace

There already an RWW rule present.

There already an RWW rule present. I can login to RWW, I get a choice of
either server or desktop desktops, but trying either one results in an
error coming up.


--
baldwb
------------------------------------------------------------------------
baldwb's Profile: http://forums.techarena.in/members/156228.htm
View this thread: http://forums.techarena.in/server-networking/1273031.htm

http://forums.techarena.in

Hi Ace,Thanks for that.

Hi Ace,

Thanks for that. All the publishing rules I currently have in ISA have
been created in ISA by the CECIW wizard.

I can access OWA (as I set in the CECIW wizard) and *I can access and
login to RWW fine*, I just cannot connect to a server or client computer
desktop after selecting it from the list. I get the error shown in the
attachment.


+-------------------------------------------------------------------+
|Filename: Capture.PNG                                              |
|Download: http://forums.techarena.in/attachment.php?attachmentid=10354|
+-------------------------------------------------------------------+

--
baldwb
------------------------------------------------------------------------
baldwb's Profile: http://forums.techarena.in/members/156228.htm
View this thread: http://forums.techarena.in/server-networking/1273031.htm

http://forums.techarena.in

Wait, just so I understand you correctly, reading back to your originalpost,

Wait, just so I understand you correctly, reading back to your original
post, you created an SMTP VS using port 4125? Maybe I missed something as to
why you did that, or I no one else asked. Why did you choose that port for
SMTP?? That is the port SBS RWW uses and needs to be opened to the SBS
server. That may be the cause of the whole issue.

And curious, why did you need an additional SMTP VS? Reading the original
post, I could not figure that out.

And once again, I cross-posted this to the SBS group. Are you able to
cross-post using Techarena?

Ace

I feel I am going around in circles.

I feel I am going around in circles. I have previously mentioned that I
have created an SMTP virtual server, on 4125, and I could successfully
Telnet to it from an external source.

The SBS server and the ISA server are both the same server. it is SBS
Premium.

Yes, Remote Desktop is enabled on the client, as I can access the
client by using RWW on the SBS/ISA server (keeping it internal). If I
attempt to connect to RWW from an external source, I can login to RWW,
but I get the attached error when attempting to connect to either a
server or client desktop. This is even the case if I try using RWW by
http://fqdn.domain.com/remote. If I use http://localhost/remote or
http://servername/remote, it will connect fine.


--
baldwb
------------------------------------------------------------------------
baldwb's Profile: http://forums.techarena.in/members/156228.htm
View this thread: http://forums.techarena.in/server-networking/1273031.htm

http://forums.techarena.in

Ok, so 4125 works, and you have removed the SMTP VS and restarted SMTP.

Ok, so 4125 works, and you have removed the SMTP VS and restarted SMTP. There
are no firewall blocks on the server or client side, and the firewall
settings in the GPO are allowing Remote Desktop from the SBS. I also assume
that you ran the http://connect method to join the machines to the domain.

You will NEED specific SBS help. The
microsoft.public.windows.server.networking that you are posting to through
Techarena is not the best place for SBS help. I think Techarena is also
removing my comments regarind cross-posting, because you have not responded
or commented on them.

I suggest either to post directly to the SBS group using an actual
newsreader, such as Outlook Express or WIndows Mail, or directly post to the
Microsoft SBS newsgroup.

Run Outlook Express or Windows Mail. Configure a new news account. For the
servername, type in news.microsoft.com, configure your name, etc, and you
can rename anonymous, if you like. When you hit Ok, a list of newsgroups pop
up. Choose "microsoft.public.windows.server.sbs."

You will be in good hands. Good luck!

Ace

The SMTP VS on port 4125 was created only to test if the port was openthrough

The SMTP VS on port 4125 was created only to test if the port was open
through ISA server. It was open. I could telnet to it and get an
Exchange banner. The SMTP VS was also deleted immediately afterwards and
the default SBS SMTP VS on 25 was restarted.


--
baldwb
------------------------------------------------------------------------
baldwb's Profile: http://forums.techarena.in/members/156228.htm
View this thread: http://forums.techarena.in/server-networking/1273031.htm

http://forums.techarena.in