Results 1 to 4 of 4

Thread: Netopia 3347NWG with Remote Desktop and Remote Web Workplace

  1. #1
    Join Date
    Nov 2005
    Posts
    32

    Netopia 3347NWG with Remote Desktop and Remote Web Workplace

    I am having a Netopia 3347NWG router on the network. It is working with a dsl connection that is using PPOE. There is a WAN adapter to which it is connected. There are 6 workstation on the network among which one is Windows SBS 2003 server. Now everything is connected with each other on the network. The IP passthrough is enabled and there is no configuration error. When I checked in the configuration section I found a static ip address. So the settings are fine from my end. Now the problem lies with connectivity with RWW RDP. It is not working and there is no problem with the settings. But somehow there is a problem with RWW and RDP. They are simple not working. Any idea how to fix the same.

  2. #2
    Join Date
    Oct 2005
    Posts
    39
    The best thing for RWW RDP is to assign a port and add the same to the exclusion list of Firewall or Antivirus. A number of time even after proper configuration this kind of problem appears and cause the failure. The firewall or some kind of security application in the system cause the blockage of incoming and outgoing traffic. You must configure a separate port for the service and then check back. Port forwarding is one of the best way to deal with the issue.

  3. #3
    Join Date
    Oct 2004
    Posts
    39
    If you facing the connectivity failure issue then there is one more thing you can try. You can simply try to re-install remove web. That is one of the easiest way to fix the problem. If this component is re-installed there will be a number of issues that will fixed. The wizard mostly configure the settings on its own. You just need to add the required information and that's all. If you are finding it complicated then it is necessary that you must use the server tools to find out subcomponent and check out how it really works. Re-installing is one of the good way to deal with the issue.

  4. #4
    Merv Porter [SBS-MVP] Guest
    Correct -- the working-RWW server is named "win2003", but it is an SBS 2003
    Premium R2. The non-working-RWW server is named "sbs2003" and it is an SBS
    2003 Premium R1. Hopefully, that won't make any difference in RWw's setup.

    Your second link was the same as the first, perhaps you meant this one?
    Microsoft Exchange Best Practices Analyzer Web Update Pack
    http://www.microsoft.com/downloads/d...displaylang=en

    When I ran SBS 2003 Best Practices Analyzer, I got these 6 warnings:
    Network driver is more than a year old [I know this, but there doesn't
    appear to be an update, either from OEM, Tyan (most recent 2006/01/09) or
    from Vendor, nVidia (most recent 2006/07). ]
    EDNS is enabled [never heard of this, but I followed the steps to disable it]
    The OWA update is not installed [it is now]
    Reverse DNS zone does not allow for secure updates [so why wasn't this set
    automatically? it does now.]
    Windows Backup Wizard has not yet run [I know -- I was waiting to get this
    clean, but now's a good time, I think]
    Microsoft Outlook 2003 is missing [from the ClientApps folder--I hadn't
    installed Outlook 2003 or IE6, as all the workstations are on Office 2007 &
    IE7, but to keep BPA happy, I did so]

    The Reverse DNS message was a tad vague:
    You should configure Reverse Lookup Zone: 16.168.192.in-addr.arpa to allow
    only secure dynamic updates. To configure the Reverse Lookup Zone, click
    Start, point to Administrative Tools, and then click DNS. Right-click the
    Reverse Lookup Zone: 16.168.192.in-addr.arpa, and then click Properties.
    Select Secure only from the Dynamic Updates dropdown list.

    When I looked in DNS, the only entry under Reverse Lookup Zones was
    "192.168.16.x Subnet". I tried to create "16.168.192.in-addr.arpa" -- but
    then I was told that it already exists. So I went to "192.168.16.x Subnet"
    and right-clicked, and clicked on Properties, and on the General tab, I
    changed the Dynamic Updates drop-down from "non-secure and secure" to "Secure
    only". [Rhetorical question: why on earth is this option even necessary?
    would there ever be a reason to have this set to anything except "Secure
    only"? and if not, why doesn't Windows Update set this automatically?]

    None of those warnings would appear to have any effect on the non-working of
    RWW, and in fact, following the changes, RWW is still showing "You are not
    authorized to view this page" from external and internal workstations.





    "Merv Porter [SBS-MVP]" wrote:

    > "while on the working-RWW server (win2003)..."
    >
    > Wait a minute... RWW only comes with SBS 2003. I trust you really mean
    > that this is just another SBS 2003 server (that is functioning properly).
    >
    > At this point I would install adn run a scan with the SBS 2003 BPA:
    >
    > Microsoft Windows Small Business Server 2003 Best Practices Analyzer
    > http://207.46.19.190/downloads/detai...displaylang=en
    >
    > Small Business Server 2003 Best Practices Analyzer Updated
    > http://207.46.19.190/downloads/detai...displaylang=en
    >
    > How to Use the Windows SBS 2003 BPA
    > http://blogs.technet.com/sbs/archive...-2003-bpa.aspx
    >
    > --
    > Merv Porter [SBS-MVP]
    > ============================
    >
    > "Greg Kirkpatrick [SBSC,MCTS-Vista,MCITP]" <greg@no_spam_computermagic.cc>
    > wrote in message news:FA26C6AF-0C69-44E7-9127-73A09785D38E@microsoft.com...
    > >I have compared this SBS 2003 server with another one on which RWW is
    > >running
    > > fine.
    > > These are some of the differences:
    > >
    > > In the non-working-RWW server (sbs2003), in the properties of the Default
    > > Web Site, under Home Directory, the Execute Permissions were set to
    > > "Scripts
    > > only", while on the working-RWW server (win2003), it was set to "Scripts
    > > and
    > > Executables". On sbs2003, the Application Pool was set to StsAppPool1; on
    > > win2003, it is set to DefaultAppPool. On win2003, the Documents tab shows
    > > four items: Default.htm, Default.asp, index.htm, and iistart.htm. On
    > > sbs2003, there was a fifth (last) item: Default.aspx. On sbs2003, the
    > > ISAPI
    > > Filters tab shows SBSFLT with High Priority, followed by fpexedll.dll with
    > > Low Priority, and Owalogon with "Unknown" priority. On win2003, the same,
    > > except SBSFLT is not listed. On sbs2003, HTTP Headers tab has "Enable
    > > content expiration" checked, and "Expire after 30 days" selected. On
    > > win2003, that is not checked; and under Custom Web Header, win2003 has
    > > listed
    > > MicrosoftOfficeWebServer: 5.0_Pub and XP-Powered-By: ASP.NET. On sbs2003,
    > > only XP-Powered-By: ASP.NET is listed. On win2003, on the Server
    > > Extensions
    > > 2003 tab, it says "Microsoft SharePoint is installed on this site.
    > > Version
    > > 5.0.2.6790. On sbs2003, it says: This server has not been configured to
    > > use
    > > the server extensions.
    > >
    > > I configured the server extensions for the Default Web Site under sbs2003,
    > > and made changes to mimic the settings on win2003. However, I am still
    > > getting "you are not authorized to view this page" when I attempt to
    > > access
    > > https://sbs2003.domain.com/Remote.
    > >
    > >
    > >
    > > "Greg Kirkpatrick" wrote:
    > >
    > >> This is the pertintent text from KB925653:
    > >> --------------------------------------------------------------------------------
    > >> In this situation, the default.aspx page is not added to the list of
    > >> default
    > >> content pages for the remote virtual directory in IIS.
    > >>
    > >> RESOLUTION
    > >> To resolve this issue, follow these steps:
    > >> 1. Click Start, point to Administrative Tools, and then click Internet
    > >> Information Services (IIS) Manager.
    > >> 2. Under ComputerName (local computer), expand Web Sites, expand Default
    > >> Web
    > >> Site, right-click Remote, and then click Properties.
    > >> 3. In the Remote Properties dialog box, click the Documents tab, and then
    > >> click Add.
    > >> 4. In the Add Content Page dialog box, type default.aspx in the Default
    > >> content page box, and then click OK two times.
    > >> --------------------------------------------------------------------------------
    > >> APPLIES TO
    > >> . Microsoft Windows Small Business Server 2003 Premium Edition
    > >> . Microsoft Windows Small Business Server 2003 Standard Edition
    > >>
    > >> Keywords: kbtshoot kbprb KB925653
    > >> --------------------------------------------------------------------------------
    > >>
    > >> When I checked, there was a Default.aspx created in the Documents of the
    > >> Remote properties, but it was listed last. I deleted it, and recreated
    > >> it as
    > >> default.aspx, and moved it to the top of the list. However, when I
    > >> attempted
    > >> to access RWW via an external computer, I got the same "You are not
    > >> authorized to view this page".
    > >>
    > >> I then looked at this message:
    > >>
    > >> OWA and RWW not accessible.
    > >> http://groups.google.com/group/micro...e8e7fea60c5efc
    > >> --------------------------------------------------------------------------------
    > >> [quoting Robert Li of MSFT]:
    > >>
    > >> "All Windows Small Business Server Website and Virtual Directories work
    > >> only
    > >> with .Net Framework 1.1 and are no support with 2.0
    > >>
    > >> - Default website
    > >> - Exchange (OWA)
    > >> - Remote (RWW)
    > >> - ActiveSync
    > >> - OMA and all
    > >> - Companyweb
    > >> - SharePoint Central Administration
    > >> - Microsoft SharePoint Administration"
    > >>
    > >>
    > >> 1. Open Internet Information Services (IIS) Manager
    > >> 2. Expand to Server | Web Sites | Default Web Sites
    > >> 3. Right click the each web site and select Properties.
    > >> 4. On the ASP.NET tab, make sure the version is 1.1.4322.
    > >> --------------------------------------------------------------------------------
    > >>
    > >> I will not install .NET Framework 2.0 or 3.0 or 3.5 -- I don't want
    > >> companyweb and Monitoring to break again.
    > >>
    > >> However, when I checked the properties for Default Web Site, .NET
    > >> Framework
    > >> 2.0 was installed (the ASP.NET tab was there) -- something must done it.
    > >> ARGH! I have uninstalled .NET 2.0 Framework.
    > >>
    > >> Now, the ASP.NET tab is not present in the properties for Default Web
    > >> Site
    > >> or any virtual directories, so they have to be using 1.1.
    > >>
    > >> I found, in the messages you referenced, a mention of the ASP.NET IIS
    > >> Registration Tool (Aspnet_regiis.exe):
    > >> http://msdn.microsoft.com/en-us/library/k6h9cz8h.aspx
    > >>
    > >> This is a GREAT command-prompt tool, as it confirms exactly what is
    > >> mapped
    > >> to where instantly:
    > >> %WINDIR%\Microsoft.NET\Framework\v1.1.4322\Aspnet_regiis.exe -lk
    > >>
    > >> It also gives a way, via command-prompt commands, to change what is
    > >> needed.
    > >>
    > >> I think it is tragic that, as Robert Li of MSFT says:
    > >>
    > >> "When installing .NET Framework 2.0 on Windows Small Business Server,
    > >> all the websites are automatically switched to use .NET Framework 2.0
    > >> which
    > >> they are not intended to work with."
    > >>
    > >> This is a recipe for disaster!
    > >> Especially since so many other programs, including "WSUS 3.0", require
    > >> .NET
    > >> Framework 2.0.
    > >>
    > >> Why is there NO WARNING GIVEN when installing .NET Framework 2.0 (or 3.0
    > >> or
    > >> 3.5) on SBS 2003?
    > >> [This is a rhetorical question, as I don't expect you to answer it.]
    > >>
    > >> Some progress is being made, however:
    > >>
    > >> When I navigate to http://sbs2003.domain.com/ and see the Default Web
    > >> Site
    > >> (as permissions are still, temporarily, unrestricted), I can now click on
    > >> Information and Answers and see http://sbs2003.domain.com/ClientHelp and
    > >> its
    > >> sub-pages -- which previously gave me "The page cannot be found".
    > >>
    > >> Clicking on Network Configuration Wizard still gets
    > >> http://sbs2003.domain.com/ConnectComputer -- "The page cannot be found".
    > >>
    > >> Clicking on Remote Web Workplace still gets
    > >> http://sbs2003.domain.com/Remote
    > >> -- "You are not authorized to view this page". Changing that to
    > >> https://sbs2003.domain.com/Remote has the same result.
    > >>
    > >> Since some parts of an uninstall wait for a reboot, I rebooted the
    > >> server,
    > >> just to see whether that would make any difference. It didn't.
    > >>
    > >>
    > >>
    > >> "Merv Porter [SBS-MVP]" wrote:
    > >>
    > >> > What if you now go back to...
    > >> >
    > >> > Error message when you try to access the Remote Web Workplace in
    > >> > Windows
    > >> > Small Business Server 2003: "You are not authorized to view this page"
    > >> > http://support.microsoft.com/kb/925653
    > >> >
    > >> > Also. make sure the default web site and its vritual directories are
    > >> > set to
    > >> > use .Net Framework 1.1 (not 2.0)
    > >> >
    > >> > OWA and RWW not accessible.
    > >> > http://groups.google.com/group/micro...e8e7fea60c5efc
    > >> >
    > >> > --
    > >> > Merv Porter [SBS-MVP]
    > >> > ============================
    > >> > "Greg Kirkpatrick" <GregKirkpatrick@discussions.microsoft.com> wrote in
    > >> > message news:255EB5C7-DEF9-4EA0-B19D-6EB499A9969D@microsoft.com...
    > >> > >I follow these directions from that link:
    > >> > >
    > >> > > "If SBS is already installed then you should be able to go to
    > >> > > Start/Control
    > >> > > Panel/Add/Remove Programs and select Windows Small Business Server
    > >> > > 2003
    > >> > > then
    > >> > > click on the Change/Remove button.. then follow the setup wizard
    > >> > > screens
    > >> > > until you get to the Component Selection screen.. then select
    > >> > > Reinstall
    > >> > > for
    > >> > > the Server Tools option.. You can set the Server Tools subcomponents
    > >> > > to
    > >> > > None
    > >> > > (Installed) they should not need to be re-installed. RWW should be
    > >> > > re-installed by simply reinstalling the top level of the Server
    > >> > > Tools..
    > >> > > it's not listed as a seperated component like Intranet is (which
    > >> > > installs
    > >> > > Windows SharePoint Services and does the SBS provisioning) "
    > >> > >
    > >> > > ...and I got this error before it finished:
    > >> > > ---------------------------
    > >> > > .NET Framework 1.1 -- Device Update 2.0
    > >> > > ---------------------------
    > >> > > Command line option syntax error. Type Command /? for Help.
    > >> > > ---------------------------
    > >> > > OK
    > >> > > ---------------------------
    > >> > > However, it finished otherwise, and did not report any problem. It
    > >> > > brought
    > >> > > up a box that said the server had to reboot, but before I clicked OK,
    > >> > > I
    > >> > > checked in IIS Admin, and the "Remote" web site under Default Web
    > >> > > Site was
    > >> > > now listed.
    > >> > >
    > >> > > I then clicked OK, which rebooted the server.
    > >> > >
    > >> > > When it returned, I could right-click the "Remote" website under
    > >> > > Default
    > >> > > Web
    > >> > > Site, and "browse", and see the RWW login page.
    > >> > >
    > >> > > However, when I attempted to access it from an external computer
    > >> > > (after
    > >> > > logging out of RDC), I got "You are not authorized to view this
    > >> > > page".
    > >> > >
    > >> > >
    > >> > > "Merv Porter [SBS-MVP]" wrote:
    > >> > >
    > >> > >> Try this...
    > >> > >>
    > >> > >> Reinstall Remote Web
    > >> > >> http://groups.google.com/group/micro...0a07e39aca4540
    > >> > >>
    > >> > >> --
    > >> > >> Merv Porter [SBS-MVP]
    > >> > >> ============================
    > >> > >>
    > >> > >> "Greg Kirkpatrick" <GregKirkpatrick@discussions.microsoft.com> wrote
    > >> > >> in
    > >> > >> message news:465CE79D-647C-4E8F-826D-85C5765D89DB@microsoft.com...
    > >> > >> > Yes, that helped somewhat, as I found that the "Remote" Web Site
    > >> > >> > (under
    > >> > >> > Default Web Site) is missing. That might explain the "Page cannot
    > >> > >> > be
    > >> > >> > found"
    > >> > >> > errors. How can I get this created?
    > >> > >> >
    > >> > >> > "Merv Porter [SBS-MVP]" wrote:
    > >> > >> >
    > >> > >> >> Any help here?
    > >> > >> >>
    > >> > >> >> Error message when you try to access the Remote Web Workplace in
    > >> > >> >> Windows
    > >> > >> >> Small Business Server 2003: "You are not authorized to view this
    > >> > >> >> page"
    > >> > >> >> http://support.microsoft.com/kb/925653
    > >> > >> >>
    > >> > >> >> --
    > >> > >> >> Merv Porter [SBS-MVP]
    > >> > >> >> ============================
    > >> > >> >>
    > >> > >> >> "Greg Kirkpatrick" <GregKirkpatrick@discussions.microsoft.com>
    > >> > >> >> wrote
    > >> > >> >> in
    > >> > >> >> message
    > >> > >> >> news:79148A29-E272-4BA8-BE8E-EE0C09E9CA11@microsoft.com...
    > >> > >> >> > My server's FQDN (as stated on its Web Server Certificiate and
    > >> > >> >> > in



    That second link should be:

    Small Business Server 2003 Best Practices Analyzer Updated
    http://blogs.technet.com/sbs/archive...r-updated.aspx


    Also, let's look at IP restrictions (as in this thread):
    http://groups.google.com/group/micro...f2c2be383e1d30


    This issue can be caused by incorrect IP restriction settings. Let's try
    following steps to see if it works:

    1. Open Server Management and expand to Internet Information Services node.
    2. Open the Default Web Site's properties
    3. Click the Directory Security tab.
    4. Click the Edit button next to the IP Address and Domain Name Restrictions
    heading.
    5. Click to choose Granted Access and remove all the entries.
    6. Click OK.

    --
    Merv Porter [SBS-MVP]
    ============================

    "Greg Kirkpatrick [SBSC,MCTS-Vista,MCITP]" <greg@no_spam_computermagic.cc>
    wrote in message news:71331AC0-ADFC-44C4-B515-AB5FCC9FFB1A@microsoft.com...
    > Correct -- the working-RWW server is named "win2003", but it is an SBS
    > 2003
    > Premium R2. The non-working-RWW server is named "sbs2003" and it is an
    > SBS
    > 2003 Premium R1. Hopefully, that won't make any difference in RWw's
    > setup.
    >
    > Your second link was the same as the first, perhaps you meant this one?
    > Microsoft Exchange Best Practices Analyzer Web Update Pack
    > http://www.microsoft.com/downloads/d...displaylang=en
    >
    > When I ran SBS 2003 Best Practices Analyzer, I got these 6 warnings:
    > Network driver is more than a year old [I know this, but there doesn't
    > appear to be an update, either from OEM, Tyan (most recent 2006/01/09) or
    > from Vendor, nVidia (most recent 2006/07). ]
    > EDNS is enabled [never heard of this, but I followed the steps to disable
    > it]
    > The OWA update is not installed [it is now]
    > Reverse DNS zone does not allow for secure updates [so why wasn't this set
    > automatically? it does now.]
    > Windows Backup Wizard has not yet run [I know -- I was waiting to get this
    > clean, but now's a good time, I think]
    > Microsoft Outlook 2003 is missing [from the ClientApps folder--I hadn't
    > installed Outlook 2003 or IE6, as all the workstations are on Office 2007
    > &
    > IE7, but to keep BPA happy, I did so]
    >
    > The Reverse DNS message was a tad vague:
    > You should configure Reverse Lookup Zone: 16.168.192.in-addr.arpa to allow
    > only secure dynamic updates. To configure the Reverse Lookup Zone, click
    > Start, point to Administrative Tools, and then click DNS. Right-click the
    > Reverse Lookup Zone: 16.168.192.in-addr.arpa, and then click Properties.
    > Select Secure only from the Dynamic Updates dropdown list.
    >
    > When I looked in DNS, the only entry under Reverse Lookup Zones was
    > "192.168.16.x Subnet". I tried to create "16.168.192.in-addr.arpa" -- but
    > then I was told that it already exists. So I went to "192.168.16.x
    > Subnet"
    > and right-clicked, and clicked on Properties, and on the General tab, I
    > changed the Dynamic Updates drop-down from "non-secure and secure" to
    > "Secure
    > only". [Rhetorical question: why on earth is this option even necessary?
    > would there ever be a reason to have this set to anything except "Secure
    > only"? and if not, why doesn't Windows Update set this automatically?]
    >
    > None of those warnings would appear to have any effect on the non-working
    > of
    > RWW, and in fact, following the changes, RWW is still showing "You are not
    > authorized to view this page" from external and internal workstations.
    >
    >
    >
    >
    >
    > "Merv Porter [SBS-MVP]" wrote:
    >
    >> "while on the working-RWW server (win2003)..."
    >>
    >> Wait a minute... RWW only comes with SBS 2003. I trust you really mean
    >> that this is just another SBS 2003 server (that is functioning properly).
    >>
    >> At this point I would install adn run a scan with the SBS 2003 BPA:
    >>
    >> Microsoft Windows Small Business Server 2003 Best Practices Analyzer
    >> http://207.46.19.190/downloads/detai...displaylang=en
    >>
    >> Small Business Server 2003 Best Practices Analyzer Updated
    >> http://207.46.19.190/downloads/detai...displaylang=en
    >>
    >> How to Use the Windows SBS 2003 BPA
    >> http://blogs.technet.com/sbs/archive...-2003-bpa.aspx
    >>
    >> --
    >> Merv Porter [SBS-MVP]
    >> ============================
    >>
    >> "Greg Kirkpatrick [SBSC,MCTS-Vista,MCITP]"
    >> <greg@no_spam_computermagic.cc>
    >> wrote in message
    >> news:FA26C6AF-0C69-44E7-9127-73A09785D38E@microsoft.com...
    >> >I have compared this SBS 2003 server with another one on which RWW is
    >> >running
    >> > fine.
    >> > These are some of the differences:
    >> >
    >> > In the non-working-RWW server (sbs2003), in the properties of the
    >> > Default
    >> > Web Site, under Home Directory, the Execute Permissions were set to
    >> > "Scripts
    >> > only", while on the working-RWW server (win2003), it was set to
    >> > "Scripts
    >> > and
    >> > Executables". On sbs2003, the Application Pool was set to StsAppPool1;
    >> > on
    >> > win2003, it is set to DefaultAppPool. On win2003, the Documents tab
    >> > shows
    >> > four items: Default.htm, Default.asp, index.htm, and iistart.htm. On
    >> > sbs2003, there was a fifth (last) item: Default.aspx. On sbs2003, the
    >> > ISAPI
    >> > Filters tab shows SBSFLT with High Priority, followed by fpexedll.dll
    >> > with
    >> > Low Priority, and Owalogon with "Unknown" priority. On win2003, the
    >> > same,
    >> > except SBSFLT is not listed. On sbs2003, HTTP Headers tab has "Enable
    >> > content expiration" checked, and "Expire after 30 days" selected. On
    >> > win2003, that is not checked; and under Custom Web Header, win2003 has
    >> > listed
    >> > MicrosoftOfficeWebServer: 5.0_Pub and XP-Powered-By: ASP.NET. On
    >> > sbs2003,
    >> > only XP-Powered-By: ASP.NET is listed. On win2003, on the Server
    >> > Extensions
    >> > 2003 tab, it says "Microsoft SharePoint is installed on this site.
    >> > Version
    >> > 5.0.2.6790. On sbs2003, it says: This server has not been configured
    >> > to
    >> > use
    >> > the server extensions.
    >> >
    >> > I configured the server extensions for the Default Web Site under
    >> > sbs2003,
    >> > and made changes to mimic the settings on win2003. However, I am still
    >> > getting "you are not authorized to view this page" when I attempt to
    >> > access
    >> > https://sbs2003.domain.com/Remote.
    >> >
    >> >
    >> >
    >> > "Greg Kirkpatrick" wrote:
    >> >
    >> >> This is the pertintent text from KB925653:
    >> >> --------------------------------------------------------------------------------
    >> >> In this situation, the default.aspx page is not added to the list of
    >> >> default
    >> >> content pages for the remote virtual directory in IIS.
    >> >>
    >> >> RESOLUTION
    >> >> To resolve this issue, follow these steps:
    >> >> 1. Click Start, point to Administrative Tools, and then click Internet
    >> >> Information Services (IIS) Manager.
    >> >> 2. Under ComputerName (local computer), expand Web Sites, expand
    >> >> Default
    >> >> Web
    >> >> Site, right-click Remote, and then click Properties.
    >> >> 3. In the Remote Properties dialog box, click the Documents tab, and
    >> >> then
    >> >> click Add.
    >> >> 4. In the Add Content Page dialog box, type default.aspx in the
    >> >> Default
    >> >> content page box, and then click OK two times.
    >> >> --------------------------------------------------------------------------------
    >> >> APPLIES TO
    >> >> . Microsoft Windows Small Business Server 2003 Premium Edition
    >> >> . Microsoft Windows Small Business Server 2003 Standard Edition
    >> >>
    >> >> Keywords: kbtshoot kbprb KB925653
    >> >> --------------------------------------------------------------------------------
    >> >>
    >> >> When I checked, there was a Default.aspx created in the Documents of
    >> >> the
    >> >> Remote properties, but it was listed last. I deleted it, and
    >> >> recreated
    >> >> it as
    >> >> default.aspx, and moved it to the top of the list. However, when I
    >> >> attempted
    >> >> to access RWW via an external computer, I got the same "You are not
    >> >> authorized to view this page".
    >> >>
    >> >> I then looked at this message:
    >> >>
    >> >> OWA and RWW not accessible.
    >> >> http://groups.google.com/group/micro...e8e7fea60c5efc
    >> >> --------------------------------------------------------------------------------
    >> >> [quoting Robert Li of MSFT]:
    >> >>
    >> >> "All Windows Small Business Server Website and Virtual Directories
    >> >> work
    >> >> only
    >> >> with .Net Framework 1.1 and are no support with 2.0
    >> >>
    >> >> - Default website
    >> >> - Exchange (OWA)
    >> >> - Remote (RWW)
    >> >> - ActiveSync
    >> >> - OMA and all
    >> >> - Companyweb
    >> >> - SharePoint Central Administration
    >> >> - Microsoft SharePoint Administration"
    >> >>
    >> >>
    >> >> 1. Open Internet Information Services (IIS) Manager
    >> >> 2. Expand to Server | Web Sites | Default Web Sites
    >> >> 3. Right click the each web site and select Properties.
    >> >> 4. On the ASP.NET tab, make sure the version is 1.1.4322.
    >> >> --------------------------------------------------------------------------------
    >> >>
    >> >> I will not install .NET Framework 2.0 or 3.0 or 3.5 -- I don't want
    >> >> companyweb and Monitoring to break again.
    >> >>
    >> >> However, when I checked the properties for Default Web Site, .NET
    >> >> Framework
    >> >> 2.0 was installed (the ASP.NET tab was there) -- something must done
    >> >> it.
    >> >> ARGH! I have uninstalled .NET 2.0 Framework.
    >> >>
    >> >> Now, the ASP.NET tab is not present in the properties for Default Web
    >> >> Site
    >> >> or any virtual directories, so they have to be using 1.1.
    >> >>
    >> >> I found, in the messages you referenced, a mention of the ASP.NET IIS
    >> >> Registration Tool (Aspnet_regiis.exe):
    >> >> http://msdn.microsoft.com/en-us/library/k6h9cz8h.aspx
    >> >>
    >> >> This is a GREAT command-prompt tool, as it confirms exactly what is
    >> >> mapped
    >> >> to where instantly:
    >> >> %WINDIR%\Microsoft.NET\Framework\v1.1.4322\Aspnet_regiis.exe -lk
    >> >>
    >> >> It also gives a way, via command-prompt commands, to change what is
    >> >> needed.
    >> >>
    >> >> I think it is tragic that, as Robert Li of MSFT says:
    >> >>
    >> >> "When installing .NET Framework 2.0 on Windows Small Business Server,
    >> >> all the websites are automatically switched to use .NET Framework 2.0
    >> >> which
    >> >> they are not intended to work with."
    >> >>
    >> >> This is a recipe for disaster!
    >> >> Especially since so many other programs, including "WSUS 3.0", require
    >> >> .NET
    >> >> Framework 2.0.
    >> >>
    >> >> Why is there NO WARNING GIVEN when installing .NET Framework 2.0 (or
    >> >> 3.0
    >> >> or
    >> >> 3.5) on SBS 2003?
    >> >> [This is a rhetorical question, as I don't expect you to answer it.]
    >> >>
    >> >> Some progress is being made, however:
    >> >>
    >> >> When I navigate to http://sbs2003.domain.com/ and see the Default Web
    >> >> Site
    >> >> (as permissions are still, temporarily, unrestricted), I can now click
    >> >> on
    >> >> Information and Answers and see http://sbs2003.domain.com/ClientHelp
    >> >> and
    >> >> its
    >> >> sub-pages -- which previously gave me "The page cannot be found".
    >> >>
    >> >> Clicking on Network Configuration Wizard still gets
    >> >> http://sbs2003.domain.com/ConnectComputer -- "The page cannot be
    >> >> found".
    >> >>
    >> >> Clicking on Remote Web Workplace still gets
    >> >> http://sbs2003.domain.com/Remote
    >> >> -- "You are not authorized to view this page". Changing that to
    >> >> https://sbs2003.domain.com/Remote has the same result.
    >> >>
    >> >> Since some parts of an uninstall wait for a reboot, I rebooted the
    >> >> server,
    >> >> just to see whether that would make any difference. It didn't.
    >> >>
    >> >>
    >> >>
    >> >> "Merv Porter [SBS-MVP]" wrote:
    >> >>
    >> >> > What if you now go back to...
    >> >> >
    >> >> > Error message when you try to access the Remote Web Workplace in
    >> >> > Windows
    >> >> > Small Business Server 2003: "You are not authorized to view this
    >> >> > page"
    >> >> > http://support.microsoft.com/kb/925653
    >> >> >
    >> >> > Also. make sure the default web site and its vritual directories are
    >> >> > set to
    >> >> > use .Net Framework 1.1 (not 2.0)
    >> >> >
    >> >> > OWA and RWW not accessible.
    >> >> > http://groups.google.com/group/micro...e8e7fea60c5efc
    >> >> >
    >> >> > --
    >> >> > Merv Porter [SBS-MVP]
    >> >> > ============================
    >> >> > "Greg Kirkpatrick" <GregKirkpatrick@discussions.microsoft.com> wrote
    >> >> > in
    >> >> > message news:255EB5C7-DEF9-4EA0-B19D-6EB499A9969D@microsoft.com...
    >> >> > >I follow these directions from that link:
    >> >> > >
    >> >> > > "If SBS is already installed then you should be able to go to
    >> >> > > Start/Control
    >> >> > > Panel/Add/Remove Programs and select Windows Small Business Server
    >> >> > > 2003
    >> >> > > then
    >> >> > > click on the Change/Remove button.. then follow the setup wizard
    >> >> > > screens
    >> >> > > until you get to the Component Selection screen.. then select
    >> >> > > Reinstall
    >> >> > > for
    >> >> > > the Server Tools option.. You can set the Server Tools
    >> >> > > subcomponents
    >> >> > > to
    >> >> > > None
    >> >> > > (Installed) they should not need to be re-installed. RWW should
    >> >> > > be
    >> >> > > re-installed by simply reinstalling the top level of the Server
    >> >> > > Tools..
    >> >> > > it's not listed as a seperated component like Intranet is (which
    >> >> > > installs
    >> >> > > Windows SharePoint Services and does the SBS provisioning) "
    >> >> > >
    >> >> > > ...and I got this error before it finished:
    >> >> > > ---------------------------
    >> >> > > .NET Framework 1.1 -- Device Update 2.0
    >> >> > > ---------------------------
    >> >> > > Command line option syntax error. Type Command /? for Help.
    >> >> > > ---------------------------
    >> >> > > OK
    >> >> > > ---------------------------
    >> >> > > However, it finished otherwise, and did not report any problem.
    >> >> > > It
    >> >> > > brought
    >> >> > > up a box that said the server had to reboot, but before I clicked
    >> >> > > OK,
    >> >> > > I
    >> >> > > checked in IIS Admin, and the "Remote" web site under Default Web
    >> >> > > Site was
    >> >> > > now listed.
    >> >> > >
    >> >> > > I then clicked OK, which rebooted the server.
    >> >> > >
    >> >> > > When it returned, I could right-click the "Remote" website under
    >> >> > > Default
    >> >> > > Web
    >> >> > > Site, and "browse", and see the RWW login page.
    >> >> > >
    >> >> > > However, when I attempted to access it from an external computer
    >> >> > > (after
    >> >> > > logging out of RDC), I got "You are not authorized to view this
    >> >> > > page".
    >> >> > >
    >> >> > >
    >> >> > > "Merv Porter [SBS-MVP]" wrote:
    >> >> > >
    >> >> > >> Try this...
    >> >> > >>
    >> >> > >> Reinstall Remote Web
    >> >> > >> http://groups.google.com/group/micro...0a07e39aca4540
    >> >> > >>
    >> >> > >> --
    >> >> > >> Merv Porter [SBS-MVP]
    >> >> > >> ============================
    >> >> > >>
    >> >> > >> "Greg Kirkpatrick" <GregKirkpatrick@discussions.microsoft.com>
    >> >> > >> wrote
    >> >> > >> in
    >> >> > >> message
    >> >> > >> news:465CE79D-647C-4E8F-826D-85C5765D89DB@microsoft.com...
    >> >> > >> > Yes, that helped somewhat, as I found that the "Remote" Web
    >> >> > >> > Site
    >> >> > >> > (under
    >> >> > >> > Default Web Site) is missing. That might explain the "Page
    >> >> > >> > cannot
    >> >> > >> > be
    >> >> > >> > found"
    >> >> > >> > errors. How can I get this created?
    >> >> > >> >
    >> >> > >> > "Merv Porter [SBS-MVP]" wrote:
    >> >> > >> >
    >> >> > >> >> Any help here?
    >> >> > >> >>
    >> >> > >> >> Error message when you try to access the Remote Web Workplace
    >> >> > >> >> in
    >> >> > >> >> Windows
    >> >> > >> >> Small Business Server 2003: "You are not authorized to view
    >> >> > >> >> this
    >> >> > >> >> page"
    >> >> > >> >> http://support.microsoft.com/kb/925653
    >> >> > >> >>
    >> >> > >> >> --
    >> >> > >> >> Merv Porter [SBS-MVP]
    >> >> > >> >> ============================
    >> >> > >> >>
    >> >> > >> >> "Greg Kirkpatrick" <GregKirkpatrick@discussions.microsoft.com>
    >> >> > >> >> wrote
    >> >> > >> >> in
    >> >> > >> >> message
    >> >> > >> >> news:79148A29-E272-4BA8-BE8E-EE0C09E9CA11@microsoft.com...
    >> >> > >> >> > My server's FQDN (as stated on its Web Server Certificiate
    >> >> > >> >> > and
    >> >> > >> >> > in





    Okay, while waiting, I ran the Exchange BPA anyway (after applying the
    Exchange BPA updates), and here are its results:

    Paging file larger than Physical Memory
    [this was not strictly correct, as the current paging file was 2048MB, and
    the Physical Memory is 3.50GB; however, the automatically-created settings
    had a custom size of 2048MB initial and 5348MB maximum, so perhaps it was
    this that triggered the error...no matter, it was a good time to reduce the
    paging file on the Windows drive to 200MB and create a static one of 3500MB
    on another drive.]

    RPC binding does not contain FQDN
    The 'ncacn_ip_tcp' binding for server SBS2003 does not contain a
    fully-qualified domain name.
    [fixed]

    Database backup critical
    Database 'Public Folder Store (SBS2003)' on server SBS2003 has never had a
    full online backup.
    [fixed]

    Network interface driver file is more than two years old
    [noted...there is no newer file available]

    Storage driver is more than two years old
    [noted...there is no newer file available]

    The 'fast message retrieval' option is not enabled on IMAP4
    [fixed]

    The Network News Transfer Protocol (NNTP) service is running on server sbs2003
    [now disabled and stopped]

    Application log size
    As a best practice, the size of the 'Application' log on server
    sbs2003.domain.local should be increased. The current size is 16MB. For
    servers running Microsoft Exchange, a size of 40MB or more is recommended.
    [fixed...set to 40960KB]

    Consider setting TarpitTime
    Recipient filtering is enabled on server sbs2003.domain.local. As a best
    practice, consider setting the 'TarpitTime' parameter as recommended in
    Microsoft Knowledge Base article 899492.
    [registry entry made, and request made for Hotfix from KB article 899492 via
    "Contact Us: Hotfix Request Web Submission Form"...which Microsoft seems to
    keep moving to try to hide, but is currently at:
    https://support.microsoft.com/contac...1414&WS=hotfix ]

    Enable automatic updates for message filtering
    Automatic update for the Intelligent Message Filter is not enabled on server
    SBS2003. To improve the effectiveness of the filter, follow the instructions
    outlined in Microsoft Knowledge Base article 907747.
    [why must this be a download-only .DOC file? First it says you should
    enable automatic updates for message filtering, then it says you should not
    have them automatically installed!! -- and this is only the tip of the
    Intelligent Message Filtering options. Done.]

    Crash upload logging disabled
    Exchange fatal error information on server sbs2003.domain.local is not
    automatically sent to Microsoft for analysis. It is recommended that you
    enable this feature through the Exchange System Manager.
    [now enabled]

    Sink registration not found Small Business Server Attachment Remover
    Transport event sink 'Small Business Server Attachment Remover' was found in
    the metabase for SMTP instance '1' on server sbs2003.domain.local but its
    registration could not be found. Registration expected in
    HKEY_CLASSES_ROOT\CLSID\.
    [this is one I'm going to need help with...the instructions on what to do to
    re-register the sink dll's are clear, but when I ran them as instructed from
    the \Program Files\Exchsrvr\Bin directory, I got errors for each one, all of
    them similar to this last one:
    ---------------------------
    RegSvr32
    ---------------------------
    msgfilter.dll was loaded, but the DllInstall entry point was not found.

    This file can not be registered.
    ---------------------------
    OK
    ---------------------------

    So much for Exchange Best Practices Analyzer.

    As for the Small Business Server 2003 Best Practices Analyzer, I was already
    automatically seeking and downloading updates, so I was using the latest
    version.

    I followed the steps to ascertain the "IP Address and Domain Name
    Restrictions" of the Default Web Site, and it was already set to Grant Access
    with nothing listed as exceptions. Knowing how these settings can sometimes
    be entered in the Registry incorrectly, I reset this to Deny Access (applied
    to all) and clicked OK and APPLY and OK, then repeated the steps to change it
    back to Grant Access.

    One thing I did notice, is that for anonymous access to the Default Web
    Site, it is checking the password for IUSR_SBS2003, and perhaps the problem
    is there. I reset the password for this user in AD, and changed it for
    Default Web Site and the other Virtual Directories in IIS Admin, as well as
    for each of the Web Sites under the Virtual Directories that had anonymous
    access checked.

    In the message thread you mentioned, there was a mention of an ISAPI Filter
    sbssft.dll for Default Web Site. It was not there, and I have added it.
    However, I question whether it is indeed necessary, since a working-RRW SBS
    server does not have this entry.

    Having rebooted the server, it appears I have done something wrong, as the
    Exchange Best Practices Analzyer now cannot connect to the first
    administration group under the SERVER -- there is an orange circle with a
    white X next to it.

    However, I just tested from an external connection, and REMOTE WEB WORKPLACE
    IS NOW WORKING !!!

    Huzzah, Merv! Thank you.

    That fixes both RWW and RDC, so I think I'll stop this thread, and start a
    new one in the Exchange newsgroup.


    "Merv Porter [SBS-MVP]" wrote:

    > That second link should be:
    >
    > Small Business Server 2003 Best Practices Analyzer Updated
    > http://blogs.technet.com/sbs/archive...r-updated.aspx
    >
    >
    > Also, let's look at IP restrictions (as in this thread):
    > http://groups.google.com/group/micro...f2c2be383e1d30
    >
    >
    > This issue can be caused by incorrect IP restriction settings. Let's try
    > following steps to see if it works:
    >
    > 1. Open Server Management and expand to Internet Information Services node.
    > 2. Open the Default Web Site's properties
    > 3. Click the Directory Security tab.
    > 4. Click the Edit button next to the IP Address and Domain Name Restrictions
    > heading.
    > 5. Click to choose Granted Access and remove all the entries.
    > 6. Click OK.
    >
    > --
    > Merv Porter [SBS-MVP]
    > ============================
    >
    > "Greg Kirkpatrick [SBSC,MCTS-Vista,MCITP]" <greg@no_spam_computermagic.cc>
    > wrote in message news:71331AC0-ADFC-44C4-B515-AB5FCC9FFB1A@microsoft.com...
    > > Correct -- the working-RWW server is named "win2003", but it is an SBS
    > > 2003
    > > Premium R2. The non-working-RWW server is named "sbs2003" and it is an
    > > SBS
    > > 2003 Premium R1. Hopefully, that won't make any difference in RWw's
    > > setup.
    > >
    > > Your second link was the same as the first, perhaps you meant this one?
    > > Microsoft Exchange Best Practices Analyzer Web Update Pack
    > > http://www.microsoft.com/downloads/d...displaylang=en
    > >
    > > When I ran SBS 2003 Best Practices Analyzer, I got these 6 warnings:
    > > Network driver is more than a year old [I know this, but there doesn't
    > > appear to be an update, either from OEM, Tyan (most recent 2006/01/09) or
    > > from Vendor, nVidia (most recent 2006/07). ]
    > > EDNS is enabled [never heard of this, but I followed the steps to disable
    > > it]
    > > The OWA update is not installed [it is now]
    > > Reverse DNS zone does not allow for secure updates [so why wasn't this set
    > > automatically? it does now.]
    > > Windows Backup Wizard has not yet run [I know -- I was waiting to get this
    > > clean, but now's a good time, I think]
    > > Microsoft Outlook 2003 is missing [from the ClientApps folder--I hadn't
    > > installed Outlook 2003 or IE6, as all the workstations are on Office 2007
    > > &
    > > IE7, but to keep BPA happy, I did so]
    > >
    > > The Reverse DNS message was a tad vague:
    > > You should configure Reverse Lookup Zone: 16.168.192.in-addr.arpa to allow
    > > only secure dynamic updates. To configure the Reverse Lookup Zone, click
    > > Start, point to Administrative Tools, and then click DNS. Right-click the
    > > Reverse Lookup Zone: 16.168.192.in-addr.arpa, and then click Properties.
    > > Select Secure only from the Dynamic Updates dropdown list.
    > >
    > > When I looked in DNS, the only entry under Reverse Lookup Zones was
    > > "192.168.16.x Subnet". I tried to create "16.168.192.in-addr.arpa" -- but
    > > then I was told that it already exists. So I went to "192.168.16.x
    > > Subnet"
    > > and right-clicked, and clicked on Properties, and on the General tab, I
    > > changed the Dynamic Updates drop-down from "non-secure and secure" to
    > > "Secure
    > > only". [Rhetorical question: why on earth is this option even necessary?
    > > would there ever be a reason to have this set to anything except "Secure
    > > only"? and if not, why doesn't Windows Update set this automatically?]
    > >
    > > None of those warnings would appear to have any effect on the non-working
    > > of
    > > RWW, and in fact, following the changes, RWW is still showing "You are not
    > > authorized to view this page" from external and internal workstations.
    > >
    > >
    > >
    > >
    > >
    > > "Merv Porter [SBS-MVP]" wrote:
    > >
    > >> "while on the working-RWW server (win2003)..."
    > >>
    > >> Wait a minute... RWW only comes with SBS 2003. I trust you really mean
    > >> that this is just another SBS 2003 server (that is functioning properly).
    > >>
    > >> At this point I would install adn run a scan with the SBS 2003 BPA:
    > >>
    > >> Microsoft Windows Small Business Server 2003 Best Practices Analyzer
    > >> http://207.46.19.190/downloads/detai...displaylang=en
    > >>
    > >> Small Business Server 2003 Best Practices Analyzer Updated
    > >> http://207.46.19.190/downloads/detai...displaylang=en
    > >>
    > >> How to Use the Windows SBS 2003 BPA
    > >> http://blogs.technet.com/sbs/archive...-2003-bpa.aspx
    > >>
    > >> --
    > >> Merv Porter [SBS-MVP]
    > >> ============================
    > >>
    > >> "Greg Kirkpatrick [SBSC,MCTS-Vista,MCITP]"
    > >> <greg@no_spam_computermagic.cc>
    > >> wrote in message
    > >> news:FA26C6AF-0C69-44E7-9127-73A09785D38E@microsoft.com...
    > >> >I have compared this SBS 2003 server with another one on which RWW is
    > >> >running
    > >> > fine.
    > >> > These are some of the differences:
    > >> >
    > >> > In the non-working-RWW server (sbs2003), in the properties of the
    > >> > Default
    > >> > Web Site, under Home Directory, the Execute Permissions were set to
    > >> > "Scripts
    > >> > only", while on the working-RWW server (win2003), it was set to
    > >> > "Scripts
    > >> > and
    > >> > Executables". On sbs2003, the Application Pool was set to StsAppPool1;
    > >> > on
    > >> > win2003, it is set to DefaultAppPool. On win2003, the Documents tab
    > >> > shows
    > >> > four items: Default.htm, Default.asp, index.htm, and iistart.htm. On
    > >> > sbs2003, there was a fifth (last) item: Default.aspx. On sbs2003, the
    > >> > ISAPI
    > >> > Filters tab shows SBSFLT with High Priority, followed by fpexedll.dll
    > >> > with
    > >> > Low Priority, and Owalogon with "Unknown" priority. On win2003, the
    > >> > same,
    > >> > except SBSFLT is not listed. On sbs2003, HTTP Headers tab has "Enable
    > >> > content expiration" checked, and "Expire after 30 days" selected. On
    > >> > win2003, that is not checked; and under Custom Web Header, win2003 has
    > >> > listed
    > >> > MicrosoftOfficeWebServer: 5.0_Pub and XP-Powered-By: ASP.NET. On
    > >> > sbs2003,
    > >> > only XP-Powered-By: ASP.NET is listed. On win2003, on the Server
    > >> > Extensions
    > >> > 2003 tab, it says "Microsoft SharePoint is installed on this site.
    > >> > Version
    > >> > 5.0.2.6790. On sbs2003, it says: This server has not been configured
    > >> > to
    > >> > use
    > >> > the server extensions.
    > >> >
    > >> > I configured the server extensions for the Default Web Site under
    > >> > sbs2003,
    > >> > and made changes to mimic the settings on win2003. However, I am still
    > >> > getting "you are not authorized to view this page" when I attempt to
    > >> > access
    > >> > https://sbs2003.domain.com/Remote.
    > >> >
    > >> >
    > >> >
    > >> > "Greg Kirkpatrick" wrote:
    > >> >
    > >> >> This is the pertintent text from KB925653:
    > >> >> --------------------------------------------------------------------------------
    > >> >> In this situation, the default.aspx page is not added to the list of
    > >> >> default
    > >> >> content pages for the remote virtual directory in IIS.
    > >> >>
    > >> >> RESOLUTION
    > >> >> To resolve this issue, follow these steps:
    > >> >> 1. Click Start, point to Administrative Tools, and then click Internet
    > >> >> Information Services (IIS) Manager.
    > >> >> 2. Under ComputerName (local computer), expand Web Sites, expand
    > >> >> Default
    > >> >> Web
    > >> >> Site, right-click Remote, and then click Properties.
    > >> >> 3. In the Remote Properties dialog box, click the Documents tab, and
    > >> >> then
    > >> >> click Add.
    > >> >> 4. In the Add Content Page dialog box, type default.aspx in the
    > >> >> Default
    > >> >> content page box, and then click OK two times.
    > >> >> --------------------------------------------------------------------------------
    > >> >> APPLIES TO
    > >> >> . Microsoft Windows Small Business Server 2003 Premium Edition
    > >> >> . Microsoft Windows Small Business Server 2003 Standard Edition
    > >> >>
    > >> >> Keywords: kbtshoot kbprb KB925653
    > >> >> --------------------------------------------------------------------------------
    > >> >>
    > >> >> When I checked, there was a Default.aspx created in the Documents of
    > >> >> the
    > >> >> Remote properties, but it was listed last. I deleted it, and
    > >> >> recreated
    > >> >> it as
    > >> >> default.aspx, and moved it to the top of the list. However, when I
    > >> >> attempted
    > >> >> to access RWW via an external computer, I got the same "You are not
    > >> >> authorized to view this page".
    > >> >>
    > >> >> I then looked at this message:
    > >> >>
    > >> >> OWA and RWW not accessible.
    > >> >> http://groups.google.com/group/micro...e8e7fea60c5efc
    > >> >> --------------------------------------------------------------------------------
    > >> >> [quoting Robert Li of MSFT]:
    > >> >>
    > >> >> "All Windows Small Business Server Website and Virtual Directories
    > >> >> work
    > >> >> only
    > >> >> with .Net Framework 1.1 and are no support with 2.0
    > >> >>
    > >> >> - Default website
    > >> >> - Exchange (OWA)
    > >> >> - Remote (RWW)
    > >> >> - ActiveSync
    > >> >> - OMA and all
    > >> >> - Companyweb
    > >> >> - SharePoint Central Administration
    > >> >> - Microsoft SharePoint Administration"
    > >> >>
    > >> >>
    > >> >> 1. Open Internet Information Services (IIS) Manager
    > >> >> 2. Expand to Server | Web Sites | Default Web Sites
    > >> >> 3. Right click the each web site and select Properties.
    > >> >> 4. On the ASP.NET tab, make sure the version is 1.1.4322.
    > >> >> --------------------------------------------------------------------------------
    > >> >>
    > >> >> I will not install .NET Framework 2.0 or 3.0 or 3.5 -- I don't want
    > >> >> companyweb and Monitoring to break again.
    > >> >>
    > >> >> However, when I checked the properties for Default Web Site, .NET
    > >> >> Framework
    > >> >> 2.0 was installed (the ASP.NET tab was there) -- something must done
    > >> >> it.
    > >> >> ARGH! I have uninstalled .NET 2.0 Framework.
    > >> >>
    > >> >> Now, the ASP.NET tab is not present in the properties for Default Web
    > >> >> Site
    > >> >> or any virtual directories, so they have to be using 1.1.
    > >> >>
    > >> >> I found, in the messages you referenced, a mention of the ASP.NET IIS
    > >> >> Registration Tool (Aspnet_regiis.exe):
    > >> >> http://msdn.microsoft.com/en-us/library/k6h9cz8h.aspx
    > >> >>
    > >> >> This is a GREAT command-prompt tool, as it confirms exactly what is
    > >> >> mapped
    > >> >> to where instantly:
    > >> >> %WINDIR%\Microsoft.NET\Framework\v1.1.4322\Aspnet_regiis.exe -lk
    > >> >>
    > >> >> It also gives a way, via command-prompt commands, to change what is
    > >> >> needed.
    > >> >>
    > >> >> I think it is tragic that, as Robert Li of MSFT says:
    > >> >>
    > >> >> "When installing .NET Framework 2.0 on Windows Small Business Server,
    > >> >> all the websites are automatically switched to use .NET Framework 2.0
    > >> >> which
    > >> >> they are not intended to work with."
    > >> >>
    > >> >> This is a recipe for disaster!
    > >> >> Especially since so many other programs, including "WSUS 3.0", require
    > >> >> .NET
    > >> >> Framework 2.0.
    > >> >>
    > >> >> Why is there NO WARNING GIVEN when installing .NET Framework 2.0 (or
    > >> >> 3.0
    > >> >> or
    > >> >> 3.5) on SBS 2003?
    > >> >> [This is a rhetorical question, as I don't expect you to answer it.]
    > >> >>
    > >> >> Some progress is being made, however:
    > >> >>
    > >> >> When I navigate to http://sbs2003.domain.com/ and see the Default Web
    > >> >> Site
    > >> >> (as permissions are still, temporarily, unrestricted), I can now click
    > >> >> on
    > >> >> Information and Answers and see http://sbs2003.domain.com/ClientHelp
    > >> >> and
    > >> >> its
    > >> >> sub-pages -- which previously gave me "The page cannot be found".
    > >> >>
    > >> >> Clicking on Network Configuration Wizard still gets
    > >> >> http://sbs2003.domain.com/ConnectComputer -- "The page cannot be
    > >> >> found".
    > >> >>
    > >> >> Clicking on Remote Web Workplace still gets
    > >> >> http://sbs2003.domain.com/Remote
    > >> >> -- "You are not authorized to view this page". Changing that to
    > >> >> https://sbs2003.domain.com/Remote has the same result.
    > >> >>
    > >> >> Since some parts of an uninstall wait for a reboot, I rebooted the
    > >> >> server,
    > >> >> just to see whether that would make any difference. It didn't.
    > >> >>
    > >> >>
    > >> >>
    > >> >> "Merv Porter [SBS-MVP]" wrote:
    > >> >>
    > >> >> > What if you now go back to...
    > >> >> >
    > >> >> > Error message when you try to access the Remote Web Workplace in
    > >> >> > Windows
    > >> >> > Small Business Server 2003: "You are not authorized to view this
    > >> >> > page"
    > >> >> > http://support.microsoft.com/kb/925653



    Again, Merv, thank you for your help!

    I figured out the reason Exchange Best Practices Analyzer could not connect
    to the server -- a mistyping in the previous entry was the culprit. It's
    working fine now, with (almost) no issues, and certainly no critical ones.

    While Remote Web Workplace is working, and Remote Desktop Connection will
    connect directly with the server (port 3389 is forwarded to 192.168.2.10, the
    WAN Ethernet adapter of the server), I cannot Connect to Server Desktops or
    Connect to Client Desktops from Remote Web Workplace. I have seen this
    problem in newsgroups previously, so perhaps I can find the solution.



    "Greg Kirkpatrick [SBSC,MCTS-Vista,MCITP]" wrote:

    > Okay, while waiting, I ran the Exchange BPA anyway (after applying the
    > Exchange BPA updates), and here are its results:
    >
    > Paging file larger than Physical Memory
    > [this was not strictly correct, as the current paging file was 2048MB, and
    > the Physical Memory is 3.50GB; however, the automatically-created settings
    > had a custom size of 2048MB initial and 5348MB maximum, so perhaps it was
    > this that triggered the error...no matter, it was a good time to reduce the
    > paging file on the Windows drive to 200MB and create a static one of 3500MB
    > on another drive.]
    >
    > RPC binding does not contain FQDN
    > The 'ncacn_ip_tcp' binding for server SBS2003 does not contain a
    > fully-qualified domain name.
    > [fixed]
    >
    > Database backup critical
    > Database 'Public Folder Store (SBS2003)' on server SBS2003 has never had a
    > full online backup.
    > [fixed]
    >
    > Network interface driver file is more than two years old
    > [noted...there is no newer file available]
    >
    > Storage driver is more than two years old
    > [noted...there is no newer file available]
    >
    > The 'fast message retrieval' option is not enabled on IMAP4
    > [fixed]
    >
    > The Network News Transfer Protocol (NNTP) service is running on server sbs2003
    > [now disabled and stopped]
    >
    > Application log size
    > As a best practice, the size of the 'Application' log on server
    > sbs2003.domain.local should be increased. The current size is 16MB. For
    > servers running Microsoft Exchange, a size of 40MB or more is recommended.
    > [fixed...set to 40960KB]
    >
    > Consider setting TarpitTime
    > Recipient filtering is enabled on server sbs2003.domain.local. As a best
    > practice, consider setting the 'TarpitTime' parameter as recommended in
    > Microsoft Knowledge Base article 899492.
    > [registry entry made, and request made for Hotfix from KB article 899492 via
    > "Contact Us: Hotfix Request Web Submission Form"...which Microsoft seems to
    > keep moving to try to hide, but is currently at:
    > https://support.microsoft.com/contac...1414&WS=hotfix ]
    >
    > Enable automatic updates for message filtering
    > Automatic update for the Intelligent Message Filter is not enabled on server
    > SBS2003. To improve the effectiveness of the filter, follow the instructions
    > outlined in Microsoft Knowledge Base article 907747.
    > [why must this be a download-only .DOC file? First it says you should
    > enable automatic updates for message filtering, then it says you should not
    > have them automatically installed!! -- and this is only the tip of the
    > Intelligent Message Filtering options. Done.]
    >
    > Crash upload logging disabled
    > Exchange fatal error information on server sbs2003.domain.local is not
    > automatically sent to Microsoft for analysis. It is recommended that you
    > enable this feature through the Exchange System Manager.
    > [now enabled]
    >
    > Sink registration not found Small Business Server Attachment Remover
    > Transport event sink 'Small Business Server Attachment Remover' was found in
    > the metabase for SMTP instance '1' on server sbs2003.domain.local but its
    > registration could not be found. Registration expected in
    > HKEY_CLASSES_ROOT\CLSID\.
    > [this is one I'm going to need help with...the instructions on what to do to
    > re-register the sink dll's are clear, but when I ran them as instructed from
    > the \Program Files\Exchsrvr\Bin directory, I got errors for each one, all of
    > them similar to this last one:
    > ---------------------------
    > RegSvr32
    > ---------------------------
    > msgfilter.dll was loaded, but the DllInstall entry point was not found.
    >
    > This file can not be registered.
    > ---------------------------
    > OK
    > ---------------------------
    >
    > So much for Exchange Best Practices Analyzer.
    >
    > As for the Small Business Server 2003 Best Practices Analyzer, I was already
    > automatically seeking and downloading updates, so I was using the latest
    > version.
    >
    > I followed the steps to ascertain the "IP Address and Domain Name
    > Restrictions" of the Default Web Site, and it was already set to Grant Access
    > with nothing listed as exceptions. Knowing how these settings can sometimes
    > be entered in the Registry incorrectly, I reset this to Deny Access (applied
    > to all) and clicked OK and APPLY and OK, then repeated the steps to change it
    > back to Grant Access.
    >
    > One thing I did notice, is that for anonymous access to the Default Web
    > Site, it is checking the password for IUSR_SBS2003, and perhaps the problem
    > is there. I reset the password for this user in AD, and changed it for
    > Default Web Site and the other Virtual Directories in IIS Admin, as well as
    > for each of the Web Sites under the Virtual Directories that had anonymous
    > access checked.
    >
    > In the message thread you mentioned, there was a mention of an ISAPI Filter
    > sbssft.dll for Default Web Site. It was not there, and I have added it.
    > However, I question whether it is indeed necessary, since a working-RRW SBS
    > server does not have this entry.
    >
    > Having rebooted the server, it appears I have done something wrong, as the
    > Exchange Best Practices Analzyer now cannot connect to the first
    > administration group under the SERVER -- there is an orange circle with a
    > white X next to it.
    >
    > However, I just tested from an external connection, and REMOTE WEB WORKPLACE
    > IS NOW WORKING !!!
    >
    > Huzzah, Merv! Thank you.
    >
    > That fixes both RWW and RDC, so I think I'll stop this thread, and start a
    > new one in the Exchange newsgroup.
    >
    >
    > "Merv Porter [SBS-MVP]" wrote:
    >
    > > That second link should be:
    > >
    > > Small Business Server 2003 Best Practices Analyzer Updated
    > > http://blogs.technet.com/sbs/archive...r-updated.aspx
    > >
    > >
    > > Also, let's look at IP restrictions (as in this thread):
    > > http://groups.google.com/group/micro...f2c2be383e1d30
    > >
    > >
    > > This issue can be caused by incorrect IP restriction settings. Let's try
    > > following steps to see if it works:
    > >
    > > 1. Open Server Management and expand to Internet Information Services node.
    > > 2. Open the Default Web Site's properties
    > > 3. Click the Directory Security tab.
    > > 4. Click the Edit button next to the IP Address and Domain Name Restrictions
    > > heading.
    > > 5. Click to choose Granted Access and remove all the entries.
    > > 6. Click OK.
    > >
    > > --
    > > Merv Porter [SBS-MVP]
    > > ============================
    > >
    > > "Greg Kirkpatrick [SBSC,MCTS-Vista,MCITP]" <greg@no_spam_computermagic.cc>
    > > wrote in message news:71331AC0-ADFC-44C4-B515-AB5FCC9FFB1A@microsoft.com...
    > > > Correct -- the working-RWW server is named "win2003", but it is an SBS
    > > > 2003
    > > > Premium R2. The non-working-RWW server is named "sbs2003" and it is an
    > > > SBS
    > > > 2003 Premium R1. Hopefully, that won't make any difference in RWw's
    > > > setup.
    > > >
    > > > Your second link was the same as the first, perhaps you meant this one?
    > > > Microsoft Exchange Best Practices Analyzer Web Update Pack
    > > > http://www.microsoft.com/downloads/d...displaylang=en
    > > >
    > > > When I ran SBS 2003 Best Practices Analyzer, I got these 6 warnings:
    > > > Network driver is more than a year old [I know this, but there doesn't
    > > > appear to be an update, either from OEM, Tyan (most recent 2006/01/09) or
    > > > from Vendor, nVidia (most recent 2006/07). ]
    > > > EDNS is enabled [never heard of this, but I followed the steps to disable
    > > > it]
    > > > The OWA update is not installed [it is now]
    > > > Reverse DNS zone does not allow for secure updates [so why wasn't this set
    > > > automatically? it does now.]
    > > > Windows Backup Wizard has not yet run [I know -- I was waiting to get this
    > > > clean, but now's a good time, I think]
    > > > Microsoft Outlook 2003 is missing [from the ClientApps folder--I hadn't
    > > > installed Outlook 2003 or IE6, as all the workstations are on Office 2007
    > > > &
    > > > IE7, but to keep BPA happy, I did so]
    > > >
    > > > The Reverse DNS message was a tad vague:
    > > > You should configure Reverse Lookup Zone: 16.168.192.in-addr.arpa to allow
    > > > only secure dynamic updates. To configure the Reverse Lookup Zone, click
    > > > Start, point to Administrative Tools, and then click DNS. Right-click the
    > > > Reverse Lookup Zone: 16.168.192.in-addr.arpa, and then click Properties.
    > > > Select Secure only from the Dynamic Updates dropdown list.
    > > >
    > > > When I looked in DNS, the only entry under Reverse Lookup Zones was
    > > > "192.168.16.x Subnet". I tried to create "16.168.192.in-addr.arpa" -- but
    > > > then I was told that it already exists. So I went to "192.168.16.x
    > > > Subnet"
    > > > and right-clicked, and clicked on Properties, and on the General tab, I
    > > > changed the Dynamic Updates drop-down from "non-secure and secure" to
    > > > "Secure
    > > > only". [Rhetorical question: why on earth is this option even necessary?
    > > > would there ever be a reason to have this set to anything except "Secure
    > > > only"? and if not, why doesn't Windows Update set this automatically?]
    > > >
    > > > None of those warnings would appear to have any effect on the non-working
    > > > of
    > > > RWW, and in fact, following the changes, RWW is still showing "You are not
    > > > authorized to view this page" from external and internal workstations.
    > > >
    > > >
    > > >
    > > >
    > > >
    > > > "Merv Porter [SBS-MVP]" wrote:
    > > >
    > > >> "while on the working-RWW server (win2003)..."
    > > >>
    > > >> Wait a minute... RWW only comes with SBS 2003. I trust you really mean
    > > >> that this is just another SBS 2003 server (that is functioning properly).
    > > >>
    > > >> At this point I would install adn run a scan with the SBS 2003 BPA:
    > > >>
    > > >> Microsoft Windows Small Business Server 2003 Best Practices Analyzer
    > > >> http://207.46.19.190/downloads/detai...displaylang=en
    > > >>
    > > >> Small Business Server 2003 Best Practices Analyzer Updated
    > > >> http://207.46.19.190/downloads/detai...displaylang=en
    > > >>
    > > >> How to Use the Windows SBS 2003 BPA
    > > >> http://blogs.technet.com/sbs/archive...-2003-bpa.aspx
    > > >>
    > > >> --
    > > >> Merv Porter [SBS-MVP]
    > > >> ============================
    > > >>
    > > >> "Greg Kirkpatrick [SBSC,MCTS-Vista,MCITP]"
    > > >> <greg@no_spam_computermagic.cc>
    > > >> wrote in message
    > > >> news:FA26C6AF-0C69-44E7-9127-73A09785D38E@microsoft.com...
    > > >> >I have compared this SBS 2003 server with another one on which RWW is
    > > >> >running
    > > >> > fine.
    > > >> > These are some of the differences:
    > > >> >
    > > >> > In the non-working-RWW server (sbs2003), in the properties of the
    > > >> > Default
    > > >> > Web Site, under Home Directory, the Execute Permissions were set to
    > > >> > "Scripts
    > > >> > only", while on the working-RWW server (win2003), it was set to
    > > >> > "Scripts
    > > >> > and
    > > >> > Executables". On sbs2003, the Application Pool was set to StsAppPool1;
    > > >> > on
    > > >> > win2003, it is set to DefaultAppPool. On win2003, the Documents tab
    > > >> > shows
    > > >> > four items: Default.htm, Default.asp, index.htm, and iistart.htm. On
    > > >> > sbs2003, there was a fifth (last) item: Default.aspx. On sbs2003, the
    > > >> > ISAPI
    > > >> > Filters tab shows SBSFLT with High Priority, followed by fpexedll.dll
    > > >> > with
    > > >> > Low Priority, and Owalogon with "Unknown" priority. On win2003, the
    > > >> > same,
    > > >> > except SBSFLT is not listed. On sbs2003, HTTP Headers tab has "Enable
    > > >> > content expiration" checked, and "Expire after 30 days" selected. On
    > > >> > win2003, that is not checked; and under Custom Web Header, win2003 has
    > > >> > listed
    > > >> > MicrosoftOfficeWebServer: 5.0_Pub and XP-Powered-By: ASP.NET. On
    > > >> > sbs2003,
    > > >> > only XP-Powered-By: ASP.NET is listed. On win2003, on the Server
    > > >> > Extensions
    > > >> > 2003 tab, it says "Microsoft SharePoint is installed on this site.
    > > >> > Version
    > > >> > 5.0.2.6790. On sbs2003, it says: This server has not been configured
    > > >> > to
    > > >> > use
    > > >> > the server extensions.
    > > >> >
    > > >> > I configured the server extensions for the Default Web Site under
    > > >> > sbs2003,
    > > >> > and made changes to mimic the settings on win2003. However, I am still
    > > >> > getting "you are not authorized to view this page" when I attempt to
    > > >> > access
    > > >> > https://sbs2003.domain.com/Remote.
    > > >> >
    > > >> >
    > > >> >
    > > >> > "Greg Kirkpatrick" wrote:
    > > >> >
    > > >> >> This is the pertintent text from KB925653:
    > > >> >> --------------------------------------------------------------------------------
    > > >> >> In this situation, the default.aspx page is not added to the list of
    > > >> >> default
    > > >> >> content pages for the remote virtual directory in IIS.
    > > >> >>
    > > >> >> RESOLUTION
    > > >> >> To resolve this issue, follow these steps:
    > > >> >> 1. Click Start, point to Administrative Tools, and then click Internet
    > > >> >> Information Services (IIS) Manager.
    > > >> >> 2. Under ComputerName (local computer), expand Web Sites, expand
    > > >> >> Default
    > > >> >> Web
    > > >> >> Site, right-click Remote, and then click Properties.
    > > >> >> 3. In the Remote Properties dialog box, click the Documents tab, and
    > > >> >> then
    > > >> >> click Add.
    > > >> >> 4. In the Add Content Page dialog box, type default.aspx in the
    > > >> >> Default
    > > >> >> content page box, and then click OK two times.
    > > >> >> --------------------------------------------------------------------------------



    Sounds like you're getting closer Greg. :-)

    What error message are you getting when you try to access a workstation via
    RWW? In your router, are you sure you have port 4125 forwarded to your
    external NIC (192.168.2.10)?

    You can take the router out of the equation by connecting a spare
    workstation or laptop to a port onthe router, putting it in a workgroup,
    giving it an IP address in the same range as the LAN side of the router
    (192.168.2.x) and giving it a gateway of the router IP address
    (192.168.2.10). Then try to RWW into the server and workstations. If you
    still can't, then their is a configuration or software issue with the SBS
    server.

    --
    Merv Porter [SBS-MVP]
    ============================


    "Greg Kirkpatrick [SBSC,MCTS-Vista,MCITP]" <greg@no_spam_computermagic.cc>
    wrote in message news:1FDE6D63-94B1-4631-913A-49F23E1DA198@microsoft.com...
    > Again, Merv, thank you for your help!
    >
    > I figured out the reason Exchange Best Practices Analyzer could not
    > connect
    > to the server -- a mistyping in the previous entry was the culprit. It's
    > working fine now, with (almost) no issues, and certainly no c ritical ones.
    >
    > While Remote Web Workplace is working, and Remote Desktop Connection will
    > connect directly with the server (port 3389 is forwarded to 192.168.2.10,
    > the
    > WAN Ethernet adapter of the server), I cannot Connect to Server Desktops
    > or
    > Connect to Client Desktops from Remote Web Workplace. I have seen this
    > problem in newsgroups previously, so perhaps I can find the solution.
    >
    >
    >
    > "Greg Kirkpatrick [SBSC,MCTS-Vista,MCITP]" wrote:
    >
    >> Okay, while waiting, I ran the Exchange BPA anyway (after applying the
    >> Exchange BPA updates), and here are its results:
    >>
    >> Paging file larger than Physical Memory
    >> [this was not strictly correct, as the current paging file was 2048MB,
    >> and
    >> the Physical Memory is 3.50GB; however, the automatically-created
    >> settings
    >> had a custom size of 2048MB initial and 5348MB maximum, so perhaps it was
    >> this that triggered the error...no matter, it was a good time to reduce
    >> the
    >> paging file on the Windows drive to 200MB and create a static one of
    >> 3500MB
    >> on another drive.]
    >>
    >> RPC binding does not contain FQDN
    >> The 'ncacn_ip_tcp' binding for server SBS2003 does not contain a
    >> fully-qualified domain name.
    >> [fixed]
    >>
    >> Database backup critical
    >> Database 'Public Folder Store (SBS2003)' on server SBS2003 has never had
    >> a
    >> full online backup.
    >> [fixed]
    >>
    >> Network interface driver file is more than two years old
    >> [noted...there is no newer file available]
    >>
    >> Storage driver is more than two years old
    >> [noted...there is no newer file available]
    >>
    >> The 'fast message retrieval' option is not enabled on IMAP4
    >> [fixed]
    >>
    >> The Network News Transfer Protocol (NNTP) service is running on server
    >> sbs2003
    >> [now disabled and stopped]
    >>
    >> Application log size
    >> As a best practice, the size of the 'Application' log on server
    >> sbs2003.domain.local should be increased. The current size is 16MB. For
    >> servers running Microsoft Exchange, a size of 40MB or more is
    >> recommended.
    >> [fixed...set to 40960KB]
    >>
    >> Consider setting TarpitTime
    >> Recipient filtering is enabled on server sbs2003.domain.local. As a best
    >> practice, consider setting the 'TarpitTime' parameter as recommended in
    >> Microsoft Knowledge Base article 899492.
    >> [registry entry made, and request made for Hotfix from KB article 899492
    >> via
    >> "Contact Us: Hotfix Request Web Submission Form"...which Microsoft seems
    >> to
    >> keep moving to try to hide, but is currently at:
    >> https://support.microsoft.com/contac...1414&WS=hotfix ]
    >>
    >> Enable automatic updates for message filtering
    >> Automatic update for the Intelligent Message Filter is not enabled on
    >> server
    >> SBS2003. To improve the effectiveness of the filter, follow the
    >> instructions
    >> outlined in Microsoft Knowledge Base article 907747.
    >> [why must this be a download-only .DOC file? First it says you should
    >> enable automatic updates for message filtering, then it says you should
    >> not
    >> have them automatically installed!! -- and this is only the tip of the
    >> Intelligent Message Filtering options. Done.]
    >>
    >> Crash upload logging disabled
    >> Exchange fatal error information on server sbs2003.domain.local is not
    >> automatically sent to Microsoft for analysis. It is recommended that you
    >> enable this feature through the Exchange System Manager.
    >> [now enabled]
    >>
    >> Sink registration not found Small Business Server Attachment Remover
    >> Transport event sink 'Small Business Server Attachment Remover' was found
    >> in
    >> the metabase for SMTP instance '1' on server sbs2003.domain.local but its
    >> registration could not be found. Registration expected in
    >> HKEY_CLASSES_ROOT\CLSID\.
    >> [this is one I'm going to need help with...the instructions on what to do
    >> to
    >> re-register the sink dll's are clear, but when I ran them as instructed
    >> from
    >> the \Program Files\Exchsrvr\Bin directory, I got errors for each one, all
    >> of
    >> them similar to this last one:
    >> ---------------------------
    >> RegSvr32
    >> ---------------------------
    >> msgfilter.dll was loaded, but the DllInstall entry point was not found.
    >>
    >> This file can not be registered.
    >> ---------------------------
    >> OK
    >> ---------------------------
    >>
    >> So much for Exchange Best Practices Analyzer.
    >>
    >> As for the Small Business Server 2003 Best Practices Analyzer, I was
    >> already
    >> automatically seeking and downloading updates, so I was using the latest
    >> version.
    >>
    >> I followed the steps to ascertain the "IP Address and Domain Name
    >> Restrictions" of the Default Web Site, and it was already set to Grant
    >> Access
    >> with nothing listed as exceptions. Knowing how these settings can
    >> sometimes
    >> be entered in the Registry incorrectly, I reset this to Deny Access
    >> (applied
    >> to all) and clicked OK and APPLY and OK, then repeated the steps to
    >> change it
    >> back to Grant Access.
    >>
    >> One thing I did notice, is that for anonymous access to the Default Web
    >> Site, it is checking the password for IUSR_SBS2003, and perhaps the
    >> problem
    >> is there. I reset the password for this user in AD, and changed it for
    >> Default Web Site and the other Virtual Directories in IIS Admin, as well
    >> as
    >> for each of the Web Sites under the Virtual Directories that had
    >> anonymous
    >> access checked.
    >>
    >> In the message thread you mentioned, there was a mention of an ISAPI
    >> Filter
    >> sbssft.dll for Default Web Site. It was not there, and I have added it.
    >> However, I question whether it is indeed necessary, since a working-RRW
    >> SBS
    >> server does not have this entry.
    >>
    >> Having rebooted the server, it appears I have done something wrong, as
    >> the
    >> Exchange Best Practices Analzyer now cannot connect to the first
    >> administration group under the SERVER -- there is an orange circle with a
    >> white X next to it.
    >>
    >> However, I just tested from an external connection, and REMOTE WEB
    >> WORKPLACE
    >> IS NOW WORKING !!!
    >>
    >> Huzzah, Merv! Thank you.
    >>
    >> That fixes both RWW and RDC, so I think I'll stop this thread, and start
    >> a
    >> new one in the Exchange newsgroup.
    >>
    >>
    >> "Merv Porter [SBS-MVP]" wrote:
    >>
    >> > That second link should be:
    >> >
    >> > Small Business Server 2003 Best Practices Analyzer Updated
    >> > http://blogs.technet.com/sbs/archive...r-updated.aspx
    >> >
    >> >
    >> > Also, let's look at IP restrictions (as in this thread):
    >> > http://groups.google.com/group/micro...f2c2be383e1d30
    >> >
    >> >
    >> > This issue can be caused by incorrect IP restriction settings. Let's
    >> > try
    >> > following steps to see if it works:
    >> >
    >> > 1. Open Server Management and expand to Internet Information Services
    >> > node.
    >> > 2. Open the Default Web Site's properties
    >> > 3. Click the Directory Security tab.
    >> > 4. Click the Edit button next to the IP Address and Domain Name
    >> > Restrictions
    >> > heading.
    >> > 5. Click to choose Granted Access and remove all the entries.
    >> > 6. Click OK.
    >> >
    >> > --
    >> > Merv Porter [SBS-MVP]
    >> > ============================
    >> >
    >> > "Greg Kirkpatrick [SBSC,MCTS-Vista,MCITP]"
    >> > <greg@no_spam_computermagic.cc>
    >> > wrote in message
    >> > news:71331AC0-ADFC-44C4-B515-AB5FCC9FFB1A@microsoft.com...
    >> > > Correct -- the working-RWW server is named "win2003", but it is an
    >> > > SBS
    >> > > 2003
    >> > > Premium R2. The non-working-RWW server is named "sbs2003" and it is
    >> > > an
    >> > > SBS
    >> > > 2003 Premium R1. Hopefully, that won't make any difference in RWw's
    >> > > setup.
    >> > >
    >> > > Your second link was the same as the first, perhaps you meant this
    >> > > one?
    >> > > Microsoft Exchange Best Practices Analyzer Web Update Pack
    >> > > http://www.microsoft.com/downloads/d...displaylang=en
    >> > >
    >> > > When I ran SBS 2003 Best Practices Analyzer, I got these 6 warnings:
    >> > > Network driver is more than a year old [I know this, but there
    >> > > doesn't
    >> > > appear to be an update, either from OEM, Tyan (most recent
    >> > > 2006/01/09) or
    >> > > from Vendor, nVidia (most recent 2006/07). ]
    >> > > EDNS is enabled [never heard of this, but I followed the steps to
    >> > > disable
    >> > > it]
    >> > > The OWA update is not installed [it is now]
    >> > > Reverse DNS zone does not allow for secure updates [so why wasn't
    >> > > this set
    >> > > automatically? it does now.]
    >> > > Windows Backup Wizard has not yet run [I know -- I was waiting to get
    >> > > this
    >> > > clean, but now's a good time, I think]
    >> > > Microsoft Outlook 2003 is missing [from the ClientApps folder--I
    >> > > hadn't
    >> > > installed Outlook 2003 or IE6, as all the workstations are on Office
    >> > > 2007
    >> > > &
    >> > > IE7, but to keep BPA happy, I did so]
    >> > >
    >> > > The Reverse DNS message was a tad vague:
    >> > > You should configure Reverse Lookup Zone: 16.168.192.in-addr.arpa to
    >> > > allow
    >> > > only secure dynamic updates. To configure the Reverse Lookup Zone,
    >> > > click
    >> > > Start, point to Administrative Tools, and then click DNS. Right-click
    >> > > the
    >> > > Reverse Lookup Zone: 16.168.192.in-addr.arpa, and then click
    >> > > Properties.
    >> > > Select Secure only from the Dynamic Updates dropdown list.
    >> > >
    >> > > When I looked in DNS, the only entry under Reverse Lookup Zones was
    >> > > "192.168.16.x Subnet". I tried to create
    >> > > "16.168.192.in-addr.arpa" -- but
    >> > > then I was told that it already exists. So I went to "192.168.16.x
    >> > > Subnet"
    >> > > and right-clicked, and clicked on Properties, and on the General tab,
    >> > > I
    >> > > changed the Dynamic Updates drop-down from "non-secure and secure" to
    >> > > "Secure
    >> > > only". [Rhetorical question: why on earth is this option even
    >> > > necessary?
    >> > > would there ever be a reason to have this set to anything except
    >> > > "Secure
    >> > > only"? and if not, why doesn't Windows Update set this
    >> > > automatically?]
    >> > >
    >> > > None of those warnings would appear to have any effect on the
    >> > > non-working
    >> > > of
    >> > > RWW, and in fact, following the changes, RWW is still showing "You
    >> > > are not
    >> > > authorized to view this page" from external and internal
    >> > > workstations.
    >> > >
    >> > >
    >> > >
    >> > >
    >> > >
    >> > > "Merv Porter [SBS-MVP]" wrote:
    >> > >
    >> > >> "while on the working-RWW server (win2003)..."
    >> > >>
    >> > >> Wait a minute... RWW only comes with SBS 2003. I trust you really
    >> > >> mean
    >> > >> that this is just another SBS 2003 server (that is functioning
    >> > >> properly).
    >> > >>
    >> > >> At this point I would install adn run a scan with the SBS 2003 BPA:
    >> > >>
    >> > >> Microsoft Windows Small Business Server 2003 Best Practices Analyzer
    >> > >> http://207.46.19.190/downloads/detai...displaylang=en
    >> > >>
    >> > >> Small Business Server 2003 Best Practices Analyzer Updated
    >> > >> http://207.46.19.190/downloads/detai...displaylang=en
    >> > >>
    >> > >> How to Use the Windows SBS 2003 BPA
    >> > >> http://blogs.technet.com/sbs/archive...-2003-bpa.aspx
    >> > >>
    >> > >> --
    >> > >> Merv Porter [SBS-MVP]
    >> > >> ============================
    >> > >>
    >> > >> "Greg Kirkpatrick [SBSC,MCTS-Vista,MCITP]"
    >> > >> <greg@no_spam_computermagic.cc>
    >> > >> wrote in message
    >> > >> news:FA26C6AF-0C69-44E7-9127-73A09785D38E@microsoft.com...
    >> > >> >I have compared this SBS 2003 server with another one on which RWW
    >> > >> >is
    >> > >> >running
    >> > >> > fine.
    >> > >> > These are some of the differences:
    >> > >> >
    >> > >> > In the non-working-RWW server (sbs2003), in the properties of the
    >> > >> > Default
    >> > >> > Web Site, under Home Directory, the Execute Permissions were set
    >> > >> > to
    >> > >> > "Scripts
    >> > >> > only", while on the working-RWW server (win2003), it was set to
    >> > >> > "Scripts
    >> > >> > and
    >> > >> > Executables". On sbs2003, the Application Pool was set to
    >> > >> > StsAppPool1;
    >> > >> > on
    >> > >> > win2003, it is set to DefaultAppPool. On win2003, the Documents
    >> > >> > tab
    >> > >> > shows
    >> > >> > four items: Default.htm, Default.asp, index.htm, and iistart.htm.
    >> > >> > On
    >> > >> > sbs2003, there was a fifth (last) item: Default.aspx. On sbs2003,
    >> > >> > the
    >> > >> > ISAPI
    >> > >> > Filters tab shows SBSFLT with High Priority, followed by
    >> > >> > fpexedll.dll
    >> > >> > with
    >> > >> > Low Priority, and Owalogon with "Unknown" priority. On win2003,
    >> > >> > the
    >> > >> > same,
    >> > >> > except SBSFLT is not listed. On sbs2003, HTTP Headers tab has
    >> > >> > "Enable
    >> > >> > content expiration" checked, and "Expire after 30 days" selected.
    >> > >> > On
    >> > >> > win2003, that is not checked; and under Custom Web Header, win2003
    >> > >> > has
    >> > >> > listed
    >> > >> > MicrosoftOfficeWebServer: 5.0_Pub and XP-Powered-By: ASP.NET. On
    >> > >> > sbs2003,
    >> > >> > only XP-Powered-By: ASP.NET is listed. On win2003, on the Server
    >> > >> > Extensions
    >> > >> > 2003 tab, it says "Microsoft SharePoint is installed on this site.
    >> > >> > Version
    >> > >> > 5.0.2.6790. On sbs2003, it says: This server has not been
    >> > >> > configured
    >> > >> > to
    >> > >> > use
    >> > >> > the server extensions.
    >> > >> >
    >> > >> > I configured the server extensions for the Default Web Site under
    >> > >> > sbs2003,
    >> > >> > and made changes to mimic the settings on win2003. However, I am
    >> > >> > still
    >> > >> > getting "you are not authorized to view this page" when I attempt
    >> > >> > to
    >> > >> > access
    >> > >> > https://sbs2003.domain.com/Remote.
    >> > >> >
    >> > >> >
    >> > >> >
    >> > >> > "Greg Kirkpatrick" wrote:
    >> > >> >
    >> > >> >> This is the pertintent text from KB925653:
    >> > >> >> --------------------------------------------------------------------------------
    >> > >> >> In this situation, the default.aspx page is not added to the list
    >> > >> >> of
    >> > >> >> default
    >> > >> >> content pages for the remote virtual directory in IIS.
    >> > >> >>
    >> > >> >> RESOLUTION
    >> > >> >> To resolve this issue, follow these steps:
    >> > >> >> 1. Click Start, point to Administrative Tools, and then click
    >> > >> >> Internet
    >> > >> >> Information Services (IIS) Manager.
    >> > >> >> 2. Under ComputerName (local computer), expand Web Sites, expand
    >> > >> >> Default
    >> > >> >> Web
    >> > >> >> Site, right-click Remote, and then click Properties.
    >> > >> >> 3. In the Remote Properties dialog box, click the Documents tab,
    >> > >> >> and
    >> > >> >> then
    >> > >> >> click Add.
    >> > >> >> 4. In the Add Content Page dialog box, type default.aspx in the
    >> > >> >> Default
    >> > >> >> content page box, and then click OK two times.
    >> > >> >> --------------------------------------------------------------------------------





    And maybe...

    Users cannot connect to remote desktops by using the Windows Small Business
    Server 2003 Remote Web Workplace
    http://support.microsoft.com/kb/886209

    --
    Merv Porter [SBS-MVP]
    ============================

    "Merv Porter [SBS-MVP]" <mwport@no_spam_hotmail.com> wrote in message
    news:OOPnL5TuIHA.5832@TK2MSFTNGP02.phx.gbl...
    > Sounds like you're getting closer Greg. :-)
    >
    > What error message are you getting when you try to access a workstation
    > via
    > RWW? In your router, are you sure you have port 4125 forwarded to your
    > external NIC (192.168.2.10)?
    >
    > You can take the router out of the equation by connecting a spare
    > workstation or laptop to a port onthe router, putting it in a workgroup,
    > giving it an IP address in the same range as the LAN side of the router
    > (192.168.2.x) and giving it a gateway of the router IP address
    > (192.168.2.10). Then try to RWW into the server and workstations. If you
    > still can't, then their is a configuration or software issue with the SBS
    > server.
    >
    > --
    > Merv Porter [SBS-MVP]
    > ============================
    >
    >
    > "Greg Kirkpatrick [SBSC,MCTS-Vista,MCITP]" <greg@no_spam_computermagic.cc>
    > wrote in message
    > news:1FDE6D63-94B1-4631-913A-49F23E1DA198@microsoft.com...
    >> Again, Merv, thank you for your help!
    >>
    >> I figured out the reason Exchange Best Practices Analyzer could not
    >> connect
    >> to the server -- a mistyping in the previous entry was the culprit. It's
    >> working fine now, with (almost) no issues, and certainly no critical
    >> ones.
    >>
    >> While Remote Web Workplace is working, and Remote Desktop Connection will
    >> connect directly with the server (port 3389 is forwarded to 192.168.2.10,
    >> the
    >> WAN Ethernet adapter of the server), I cannot Connect to Server Desktops
    >> or
    >> Connect to Client Desktops from Remote Web Workplace. I have seen this
    >> problem in newsgroups previously, so perhaps I can find the solution.
    >>
    >>
    >>
    >> "Greg Kirkpatrick [SBSC,MCTS-Vista,MCITP]" wrote:
    >>
    >>> Okay, while waiting, I ran the Exchange BPA anyway (after applying the
    >>> Exchange BPA updates), and here are its results:
    >>>
    >>> Paging file larger than Physical Memory
    >>> [this was not strictly correct, as the current paging file was 2048MB,
    >>> and
    >>> the Physical Memory is 3.50GB; however, the automatically-created
    >>> settings
    >>> had a custom size of 2048MB initial and 5348MB maximum, so perhaps it
    >>> was
    >>> this that triggered the error...no matter, it was a good time to reduce
    >>> the
    >>> paging file on the Windows drive to 200MB and create a static one of
    >>> 3500MB
    >>> on another drive.]
    >>>
    >>> RPC binding does not contain FQDN
    >>> The 'ncacn_ip_tcp' binding for server SBS2003 does not contain a
    >>> fully-qualified domain name.
    >>> [fixed]
    >>>
    >>> Database backup critical
    >>> Database 'Public Folder Store (SBS2003)' on server SBS2003 has never had
    >>> a
    >>> full online backup.
    >>> [fixed]
    >>>
    >>> Network interface driver file is more than two years old
    >>> [noted...there is no newer file available]
    >>>
    >>> Storage driver is more than two years old
    >>> [noted...there is no newer file available]
    >>>
    >>> The 'fast message retrieval' option is not enabled on IMAP4
    >>> [fixed]
    >>>
    >>> The Network News Transfer Protocol (NNTP) service is running on server
    >>> sbs2003
    >>> [now disabled and stopped]
    >>>
    >>> Application log size
    >>> As a best practice, the size of the 'Application' log on server
    >>> sbs2003.domain.local should be increased. The current size is 16MB. For
    >>> servers running Microsoft Exchange, a size of 40MB or more is
    >>> recommended.
    >>> [fixed...set to 40960KB]
    >>>
    >>> Consider setting TarpitTime
    >>> Recipient filtering is enabled on server sbs2003.domain.local. As a best
    >>> practice, consider setting the 'TarpitTime' parameter as recommended in
    >>> Microsoft Knowledge Base article 899492.
    >>> [registry entry made, and request made for Hotfix from KB article 899492
    >>> via
    >>> "Contact Us: Hotfix Request Web Submission Form"...which Microsoft seems
    >>> to
    >>> keep moving to try to hide, but is currently at:
    >>> https://support.microsoft.com/contac...1414&WS=hotfix ]
    >>>
    >>> Enable automatic updates for message filtering
    >>> Automatic update for the Intelligent Message Filter is not enabled on
    >>> server
    >>> SBS2003. To improve the effectiveness of the filter, follow the
    >>> instructions
    >>> outlined in Microsoft Knowledge Base article 907747.
    >>> [why must this be a download-only .DOC file? First it says you should
    >>> enable automatic updates for message filtering, then it says you should
    >>> not
    >>> have them automatically installed!! -- and this is only the tip of the
    >>> Intelligent Message Filtering options. Done.]
    >>>
    >>> Crash upload logging disabled
    >>> Exchange fatal error information on server sbs2003.domain.local is not
    >>> automatically sent to Microsoft for analysis. It is recommended that you
    >>> enable this feature through the Exchange System Manager.
    >>> [now enabled]
    >>>
    >>> Sink registration not found Small Business Server Attachment Remover
    >>> Transport event sink 'Small Business Server Attachment Remover' was
    >>> found
    >>> in
    >>> the metabase for SMTP instance '1' on server sbs2003.domain.local but
    >>> its
    >>> registration could not be found. Registration expected in
    >>> HKEY_CLASSES_ROOT\CLSID\.
    >>> [this is one I'm going to need help with...the instructions on what to
    >>> do
    >>> to
    >>> re-register the sink dll's are clear, but when I ran them as instructed
    >>> from
    >>> the \Program Files\Exchsrvr\Bin directory, I got errors for each one,
    >>> all
    >>> of
    >>> them similar to this last one:
    >>> ---------------------------
    >>> RegSvr32
    >>> ---------------------------
    >>> msgfilter.dll was loaded, but the DllInstall entry point was not found.
    >>>
    >>> This file can not be registered.
    >>> ---------------------------
    >>> OK
    >>> ---------------------------
    >>>
    >>> So much for Exchange Best Practices Analyzer.
    >>>
    >>> As for the Small Business Server 2003 Best Practices Analyzer, I was
    >>> already
    >>> automatically seeking and downloading updates, so I was using the latest
    >>> version.
    >>>
    >>> I followed the steps to ascertain the "IP Address and Domain Name
    >>> Restrictions" of the Default Web Site, and it was already set to Grant
    >>> Access
    >>> with nothing listed as exceptions. Knowing how these settings can
    >>> sometimes
    >>> be entered in the Registry incorrectly, I reset this to Deny Access
    >>> (applied
    >>> to all) and clicked OK and APPLY and OK, then repeated the steps to
    >>> change it
    >>> back to Grant Access.
    >>>
    >>> One thing I did notice, is that for anonymous access to the Default Web
    >>> Site, it is checking the password for IUSR_SBS2003, and perhaps the
    >>> problem
    >>> is there. I reset the password for this user in AD, and changed it for
    >>> Default Web Site and the other Virtual Directories in IIS Admin, as well
    >>> as
    >>> for each of the Web Sites under the Virtual Directories that had
    >>> anonymous
    >>> access checked.
    >>>
    >>> In the message thread you mentioned, there was a mention of an ISAPI
    >>> Filter
    >>> sbssft.dll for Default Web Site. It was not there, and I have added
    >>> it.
    >>> However, I question whether it is indeed necessary, since a working-RRW
    >>> SBS
    >>> server does not have this entry.
    >>>
    >>> Having rebooted the server, it appears I have done something wrong, as
    >>> the
    >>> Exchange Best Practices Analzyer now cannot connect to the first
    >>> administration group under the SERVER -- there is an orange circle with
    >>> a
    >>> white X next to it.
    >>>
    >>> However, I just tested from an external connection, and REMOTE WEB
    >>> WORKPLACE
    >>> IS NOW WORKING !!!
    >>>
    >>> Huzzah, Merv! Thank you.
    >>>
    >>> That fixes both RWW and RDC, so I think I'll stop this thread, and start
    >>> a
    >>> new one in the Exchange newsgroup.
    >>>
    >>>
    >>> "Merv Porter [SBS-MVP]" wrote:
    >>>
    >>> > That second link should be:
    >>> >
    >>> > Small Business Server 2003 Best Practices Analyzer Updated
    >>> > http://blogs.technet.com/sbs/archive...r-updated.aspx
    >>> >
    >>> >
    >>> > Also, let's look at IP restrictions (as in this thread):
    >>> > http://groups.google.com/group/micro...f2c2be383e1d30
    >>> >
    >>> >
    >>> > This issue can be caused by incorrect IP restriction settings. Let's
    >>> > try
    >>> > following steps to see if it works:
    >>> >
    >>> > 1. Open Server Management and expand to Internet Information Services
    >>> > node.
    >>> > 2. Open the Default Web Site's properties
    >>> > 3. Click the Directory Security tab.
    >>> > 4. Click the Edit button next to the IP Address and Domain Name
    >>> > Restrictions
    >>> > heading.
    >>> > 5. Click to choose Granted Access and remove all the entries.
    >>> > 6. Click OK.
    >>> >
    >>> > --
    >>> > Merv Porter [SBS-MVP]
    >>> > ============================
    >>> >
    >>> > "Greg Kirkpatrick [SBSC,MCTS-Vista,MCITP]"
    >>> > <greg@no_spam_computermagic.cc>
    >>> > wrote in message
    >>> > news:71331AC0-ADFC-44C4-B515-AB5FCC9FFB1A@microsoft.com...
    >>> > > Correct -- the working-RWW server is named "win2003", but it is an
    >>> > > SBS
    >>> > > 2003
    >>> > > Premium R2. The non-working-RWW server is named "sbs2003" and it is
    >>> > > an
    >>> > > SBS
    >>> > > 2003 Premium R1. Hopefully, that won't make any difference in RWw's
    >>> > > setup.
    >>> > >
    >>> > > Your second link was the same as the first, perhaps you meant this
    >>> > > one?
    >>> > > Microsoft Exchange Best Practices Analyzer Web Update Pack
    >>> > > http://www.microsoft.com/downloads/d...displaylang=en
    >>> > >
    >>> > > When I ran SBS 2003 Best Practices Analyzer, I got these 6 warnings:
    >>> > > Network driver is more than a year old [I know this, but there
    >>> > > doesn't
    >>> > > appear to be an update, either from OEM, Tyan (most recent
    >>> > > 2006/01/09) or
    >>> > > from Vendor, nVidia (most recent 2006/07). ]
    >>> > > EDNS is enabled [never heard of this, but I followed the steps to
    >>> > > disable
    >>> > > it]
    >>> > > The OWA update is not installed [it is now]
    >>> > > Reverse DNS zone does not allow for secure updates [so why wasn't
    >>> > > this set
    >>> > > automatically? it does now.]
    >>> > > Windows Backup Wizard has not yet run [I know -- I was waiting to
    >>> > > get
    >>> > > this
    >>> > > clean, but now's a good time, I think]
    >>> > > Microsoft Outlook 2003 is missing [from the ClientApps folder--I
    >>> > > hadn't
    >>> > > installed Outlook 2003 or IE6, as all the workstations are on Office
    >>> > > 2007
    >>> > > &
    >>> > > IE7, but to keep BPA happy, I did so]
    >>> > >
    >>> > > The Reverse DNS message was a tad vague:
    >>> > > You should configure Reverse Lookup Zone: 16.168.192.in-addr.arpa to
    >>> > > allow
    >>> > > only secure dynamic updates. To configure the Reverse Lookup Zone,
    >>> > > click
    >>> > > Start, point to Administrative Tools, and then click DNS.
    >>> > > Right-click
    >>> > > the
    >>> > > Reverse Lookup Zone: 16.168.192.in-addr.arpa, and then click
    >>> > > Properties.
    >>> > > Select Secure only from the Dynamic Updates dropdown list.
    >>> > >
    >>> > > When I looked in DNS, the only entry under Reverse Lookup Zones was
    >>> > > "192.168.16.x Subnet". I tried to create
    >>> > > "16.168.192.in-addr.arpa" -- but
    >>> > > then I was told that it already exists. So I went to "192.168.16.x
    >>> > > Subnet"
    >>> > > and right-clicked, and clicked on Properties, and on the General
    >>> > > tab,
    >>> > > I
    >>> > > changed the Dynamic Updates drop-down from "non-secure and secure"
    >>> > > to
    >>> > > "Secure
    >>> > > only". [Rhetorical question: why on earth is this option even
    >>> > > necessary?
    >>> > > would there ever be a reason to have this set to anything except
    >>> > > "Secure
    >>> > > only"? and if not, why doesn't Windows Update set this
    >>> > > automatically?]
    >>> > >
    >>> > > None of those warnings would appear to have any effect on the
    >>> > > non-working
    >>> > > of
    >>> > > RWW, and in fact, following the changes, RWW is still showing "You
    >>> > > are not
    >>> > > authorized to view this page" from external and internal
    >>> > > workstations.
    >>> > >
    >>> > >
    >>> > >
    >>> > >
    >>> > >
    >>> > > "Merv Porter [SBS-MVP]" wrote:
    >>> > >
    >>> > >> "while on the working-RWW server (win2003)..."
    >>> > >>
    >>> > >> Wait a minute... RWW only comes with SBS 2003. I trust you really
    >>> > >> mean
    >>> > >> that this is just another SBS 2003 server (that is functioning
    >>> > >> properly).
    >>> > >>
    >>> > >> At this point I would install adn run a scan with the SBS 2003 BPA:
    >>> > >>
    >>> > >> Microsoft Windows Small Business Server 2003 Best Practices
    >>> > >> Analyzer
    >>> > >> http://207.46.19.190/downloads/detai...displaylang=en
    >>> > >>
    >>> > >> Small Business Server 2003 Best Practices Analyzer Updated
    >>> > >> http://207.46.19.190/downloads/detai...displaylang=en
    >>> > >>
    >>> > >> How to Use the Windows SBS 2003 BPA
    >>> > >> http://blogs.technet.com/sbs/archive...-2003-bpa.aspx
    >>> > >>
    >>> > >> --
    >>> > >> Merv Porter [SBS-MVP]
    >>> > >> ============================
    >>> > >>
    >>> > >> "Greg Kirkpatrick [SBSC,MCTS-Vista,MCITP]"
    >>> > >> <greg@no_spam_computermagic.cc>
    >>> > >> wrote in message
    >>> > >> news:FA26C6AF-0C69-44E7-9127-73A09785D38E@microsoft.com...
    >>> > >> >I have compared this SBS 2003 server with another one on which RWW
    >>> > >> >is
    >>> > >> >running
    >>> > >> > fine.
    >>> > >> > These are some of the differences:
    >>> > >> >
    >>> > >> > In the non-working-RWW server (sbs2003), in the properties of the
    >>> > >> > Default
    >>> > >> > Web Site, under Home Directory, the Execute Permissions were set
    >>> > >> > to
    >>> > >> > "Scripts
    >>> > >> > only", while on the working-RWW server (win2003), it was set to
    >>> > >> > "Scripts
    >>> > >> > and
    >>> > >> > Executables". On sbs2003, the Application Pool was set to
    >>> > >> > StsAppPool1;
    >>> > >> > on
    >>> > >> > win2003, it is set to DefaultAppPool. On win2003, the Documents
    >>> > >> > tab
    >>> > >> > shows
    >>> > >> > four items: Default.htm, Default.asp, index.htm, and iistart.htm.
    >>> > >> > On
    >>> > >> > sbs2003, there was a fifth (last) item: Default.aspx. On
    >>> > >> > sbs2003,
    >>> > >> > the
    >>> > >> > ISAPI
    >>> > >> > Filters tab shows SBSFLT with High Priority, followed by
    >>> > >> > fpexedll.dll
    >>> > >> > with
    >>> > >> > Low Priority, and Owalogon with "Unknown" priority. On win2003,
    >>> > >> > the
    >>> > >> > same,
    >>> > >> > except SBSFLT is not listed. On sbs2003, HTTP Headers tab has
    >>> > >> > "Enable
    >>> > >> > content expiration" checked, and "Expire after 30 days" selected.
    >>> > >> > On
    >>> > >> > win2003, that is not checked; and under Custom Web Header,
    >>> > >> > win2003
    >>> > >> > has
    >>> > >> > listed
    >>> > >> > MicrosoftOfficeWebServer: 5.0_Pub and XP-Powered-By: ASP.NET. On
    >>> > >> > sbs2003,
    >>> > >> > only XP-Powered-By: ASP.NET is listed. On win2003, on the Server
    >>> > >> > Extensions
    >>> > >> > 2003 tab, it says "Microsoft SharePoint is installed on this
    >>> > >> > site.
    >>> > >> > Version
    >>> > >> > 5.0.2.6790. On sbs2003, it says: This server has not been
    >>> > >> > configured
    >>> > >> > to
    >>> > >> > use
    >>> > >> > the server extensions.
    >>> > >> >
    >>> > >> > I configured the server extensions for the Default Web Site under
    >>> > >> > sbs2003,
    >>> > >> > and made changes to mimic the settings on win2003. However, I am
    >>> > >> > still
    >>> > >> > getting "you are not authorized to view this page" when I attempt
    >>> > >> > to
    >>> > >> > access
    >>> > >> > https://sbs2003.domain.com/Remote.
    >>> > >> >
    >>> > >> >
    >>> > >> >
    >>> > >> > "Greg Kirkpatrick" wrote:
    >>> > >> >
    >>> > >> >> This is the pertintent text from KB925653:
    >>> > >> >> --------------------------------------------------------------------------------
    >>> > >> >> In this situation, the default.aspx page is not added to the
    >>> > >> >> list
    >>> > >> >> of
    >>> > >> >> default
    >>> > >> >> content pages for the remote virtual directory in IIS.
    >>> > >> >>
    >>> > >> >> RESOLUTION
    >>> > >> >> To resolve this issue, follow these steps:
    >>> > >> >> 1. Click Start, point to Administrative Tools, and then click
    >>> > >> >> Internet
    >>> > >> >> Information Services (IIS) Manager.
    >>> > >> >> 2. Under ComputerName (local computer), expand Web Sites, expand
    >>> > >> >> Default
    >>> > >> >> Web
    >>> > >> >> Site, right-click Remote, and then click Properties.
    >>> > >> >> 3. In the Remote Properties dialog box, click the Documents tab,
    >>> > >> >> and
    >>> > >> >> then
    >>> > >> >> click Add.
    >>> > >> >> 4. In the Add Content Page dialog box, type default.aspx in the
    >>> > >> >> Default
    >>> > >> >> content page box, and then click OK two times.
    >>> > >> >> --------------------------------------------------------------------------------

    >
    >





    Yes, I am getting closer.

    Yes, I am absolutely certain that port 4125 (and 3389, and 443, and 444) are
    forwarded to the server (192.168.2.10).

    The exact message I am getting, when trying Connect to Client Desktop (or
    Server Desktop) is:
    VBScript: Remote Desktop Disconnected
    The client could not connect to the remote computer. Remote connections
    might not be enabled or the computer might be too
    busy to accept new connections. It is also possible that network problems
    are preventing your connection. Please try
    connecting again later. If the problem continues to occur, contact your
    administrator.

    This is definitely a firewall issue, because if I turn off the Routing and
    Remote Access service (on the server, connecting via Remote Desktop
    Connection), then when I connect via RWW, and try to Connect to Client
    Desktop or Connect to Server Desktop, it works. Of course, at that point,
    the client workstations cannot then connect to the Internet. So I have to
    have RRAS on, it is just a matter of how to configure it to allow RDC/RDP.


    "Merv Porter [SBS-MVP]" wrote:

    > Sounds like you're getting closer Greg. :-)
    >
    > What error message are you getting when you try to access a workstation via
    > RWW? In your router, are you sure you have port 4125 forwarded to your
    > external NIC (192.168.2.10)?
    >
    > You can take the router out of the equation by connecting a spare
    > workstation or laptop to a port onthe router, putting it in a workgroup,
    > giving it an IP address in the same range as the LAN side of the router
    > (192.168.2.x) and giving it a gateway of the router IP address
    > (192.168.2.10). Then try to RWW into the server and workstations. If you
    > still can't, then their is a configuration or software issue with the SBS
    > server.
    >
    > --
    > Merv Porter [SBS-MVP]
    > ============================
    >
    >
    > "Greg Kirkpatrick [SBSC,MCTS-Vista,MCITP]" <greg@no_spam_computermagic.cc>
    > wrote in message news:1FDE6D63-94B1-4631-913A-49F23E1DA198@microsoft.com...
    > > Again, Merv, thank you for your help!
    > >
    > > I figured out the reason Exchange Best Practices Analyzer could not
    > > connect
    > > to the server -- a mistyping in the previous entry was the culprit. It's
    > > working fine now, with (almost) no issues, and certainly no critical ones.
    > >
    > > While Remote Web Workplace is working, and Remote Desktop Connection will
    > > connect directly with the server (port 3389 is forwarded to 192.168.2.10,
    > > the
    > > WAN Ethernet adapter of the server), I cannot Connect to Server Desktops
    > > or
    > > Connect to Client Desktops from Remote Web Workplace. I have seen this
    > > problem in newsgroups previously, so perhaps I can find the solution.
    > >
    > >
    > >
    > > "Greg Kirkpatrick [SBSC,MCTS-Vista,MCITP]" wrote:
    > >
    > >> Okay, while waiting, I ran the Exchange BPA anyway (after applying the
    > >> Exchange BPA updates), and here are its results:
    > >>
    > >> Paging file larger than Physical Memory
    > >> [this was not strictly correct, as the current paging file was 2048MB,
    > >> and
    > >> the Physical Memory is 3.50GB; however, the automatically-created
    > >> settings
    > >> had a custom size of 2048MB initial and 5348MB maximum, so perhaps it was
    > >> this that triggered the error...no matter, it was a good time to reduce
    > >> the
    > >> paging file on the Windows drive to 200MB and create a static one of
    > >> 3500MB
    > >> on another drive.]
    > >>
    > >> RPC binding does not contain FQDN
    > >> The 'ncacn_ip_tcp' binding for server SBS2003 does not contain a
    > >> fully-qualified domain name.
    > >> [fixed]
    > >>
    > >> Database backup critical
    > >> Database 'Public Folder Store (SBS2003)' on server SBS2003 has never had
    > >> a
    > >> full online backup.
    > >> [fixed]
    > >>
    > >> Network interface driver file is more than two years old
    > >> [noted...there is no newer file available]
    > >>
    > >> Storage driver is more than two years old
    > >> [noted...there is no newer file available]
    > >>
    > >> The 'fast message retrieval' option is not enabled on IMAP4
    > >> [fixed]
    > >>
    > >> The Network News Transfer Protocol (NNTP) service is running on server
    > >> sbs2003
    > >> [now disabled and stopped]
    > >>
    > >> Application log size
    > >> As a best practice, the size of the 'Application' log on server
    > >> sbs2003.domain.local should be increased. The current size is 16MB. For
    > >> servers running Microsoft Exchange, a size of 40MB or more is
    > >> recommended.
    > >> [fixed...set to 40960KB]
    > >>
    > >> Consider setting TarpitTime
    > >> Recipient filtering is enabled on server sbs2003.domain.local. As a best
    > >> practice, consider setting the 'TarpitTime' parameter as recommended in
    > >> Microsoft Knowledge Base article 899492.
    > >> [registry entry made, and request made for Hotfix from KB article 899492
    > >> via
    > >> "Contact Us: Hotfix Request Web Submission Form"...which Microsoft seems
    > >> to
    > >> keep moving to try to hide, but is currently at:
    > >> https://support.microsoft.com/contac...1414&WS=hotfix ]
    > >>
    > >> Enable automatic updates for message filtering
    > >> Automatic update for the Intelligent Message Filter is not enabled on
    > >> server
    > >> SBS2003. To improve the effectiveness of the filter, follow the
    > >> instructions
    > >> outlined in Microsoft Knowledge Base article 907747.
    > >> [why must this be a download-only .DOC file? First it says you should
    > >> enable automatic updates for message filtering, then it says you should
    > >> not
    > >> have them automatically installed!! -- and this is only the tip of the
    > >> Intelligent Message Filtering options. Done.]
    > >>
    > >> Crash upload logging disabled
    > >> Exchange fatal error information on server sbs2003.domain.local is not
    > >> automatically sent to Microsoft for analysis. It is recommended that you
    > >> enable this feature through the Exchange System Manager.
    > >> [now enabled]
    > >>
    > >> Sink registration not found Small Business Server Attachment Remover
    > >> Transport event sink 'Small Business Server Attachment Remover' was found
    > >> in
    > >> the metabase for SMTP instance '1' on server sbs2003.domain.local but its
    > >> registration could not be found. Registration expected in
    > >> HKEY_CLASSES_ROOT\CLSID\.
    > >> [this is one I'm going to need help with...the instructions on what to do
    > >> to
    > >> re-register the sink dll's are clear, but when I ran them as instructed
    > >> from
    > >> the \Program Files\Exchsrvr\Bin directory, I got errors for each one, all
    > >> of
    > >> them similar to this last one:
    > >> ---------------------------
    > >> RegSvr32
    > >> ---------------------------
    > >> msgfilter.dll was loaded, but the DllInstall entry point was not found.
    > >>
    > >> This file can not be registered.
    > >> ---------------------------
    > >> OK
    > >> ---------------------------
    > >>
    > >> So much for Exchange Best Practices Analyzer.
    > >>
    > >> As for the Small Business Server 2003 Best Practices Analyzer, I was
    > >> already
    > >> automatically seeking and downloading updates, so I was using the latest
    > >> version.
    > >>
    > >> I followed the steps to ascertain the "IP Address and Domain Name
    > >> Restrictions" of the Default Web Site, and it was already set to Grant
    > >> Access
    > >> with nothing listed as exceptions. Knowing how these settings can
    > >> sometimes
    > >> be entered in the Registry incorrectly, I reset this to Deny Access
    > >> (applied
    > >> to all) and clicked OK and APPLY and OK, then repeated the steps to
    > >> change it
    > >> back to Grant Access.
    > >>
    > >> One thing I did notice, is that for anonymous access to the Default Web
    > >> Site, it is checking the password for IUSR_SBS2003, and perhaps the
    > >> problem
    > >> is there. I reset the password for this user in AD, and changed it for
    > >> Default Web Site and the other Virtual Directories in IIS Admin, as well
    > >> as
    > >> for each of the Web Sites under the Virtual Directories that had
    > >> anonymous
    > >> access checked.
    > >>
    > >> In the message thread you mentioned, there was a mention of an ISAPI
    > >> Filter
    > >> sbssft.dll for Default Web Site. It was not there, and I have added it.
    > >> However, I question whether it is indeed necessary, since a working-RRW
    > >> SBS
    > >> server does not have this entry.
    > >>
    > >> Having rebooted the server, it appears I have done something wrong, as
    > >> the
    > >> Exchange Best Practices Analzyer now cannot connect to the first
    > >> administration group under the SERVER -- there is an orange circle with a
    > >> white X next to it.
    > >>
    > >> However, I just tested from an external connection, and REMOTE WEB
    > >> WORKPLACE
    > >> IS NOW WORKING !!!
    > >>
    > >> Huzzah, Merv! Thank you.
    > >>
    > >> That fixes both RWW and RDC, so I think I'll stop this thread, and start
    > >> a
    > >> new one in the Exchange newsgroup.
    > >>
    > >>
    > >> "Merv Porter [SBS-MVP]" wrote:
    > >>
    > >> > That second link should be:
    > >> >
    > >> > Small Business Server 2003 Best Practices Analyzer Updated
    > >> > http://blogs.technet.com/sbs/archive...r-updated.aspx
    > >> >
    > >> >
    > >> > Also, let's look at IP restrictions (as in this thread):
    > >> > http://groups.google.com/group/micro...f2c2be383e1d30
    > >> >
    > >> >
    > >> > This issue can be caused by incorrect IP restriction settings. Let's
    > >> > try
    > >> > following steps to see if it works:
    > >> >
    > >> > 1. Open Server Management and expand to Internet Information Services
    > >> > node.
    > >> > 2. Open the Default Web Site's properties
    > >> > 3. Click the Directory Security tab.
    > >> > 4. Click the Edit button next to the IP Address and Domain Name
    > >> > Restrictions
    > >> > heading.
    > >> > 5. Click to choose Granted Access and remove all the entries.
    > >> > 6. Click OK.
    > >> >
    > >> > --
    > >> > Merv Porter [SBS-MVP]
    > >> > ============================
    > >> >
    > >> > "Greg Kirkpatrick [SBSC,MCTS-Vista,MCITP]"
    > >> > <greg@no_spam_computermagic.cc>
    > >> > wrote in message
    > >> > news:71331AC0-ADFC-44C4-B515-AB5FCC9FFB1A@microsoft.com...
    > >> > > Correct -- the working-RWW server is named "win2003", but it is an
    > >> > > SBS
    > >> > > 2003
    > >> > > Premium R2. The non-working-RWW server is named "sbs2003" and it is
    > >> > > an
    > >> > > SBS
    > >> > > 2003 Premium R1. Hopefully, that won't make any difference in RWw's
    > >> > > setup.
    > >> > >
    > >> > > Your second link was the same as the first, perhaps you meant this
    > >> > > one?
    > >> > > Microsoft Exchange Best Practices Analyzer Web Update Pack
    > >> > > http://www.microsoft.com/downloads/d...displaylang=en
    > >> > >
    > >> > > When I ran SBS 2003 Best Practices Analyzer, I got these 6 warnings:
    > >> > > Network driver is more than a year old [I know this, but there
    > >> > > doesn't
    > >> > > appear to be an update, either from OEM, Tyan (most recent
    > >> > > 2006/01/09) or
    > >> > > from Vendor, nVidia (most recent 2006/07). ]
    > >> > > EDNS is enabled [never heard of this, but I followed the steps to
    > >> > > disable
    > >> > > it]
    > >> > > The OWA update is not installed [it is now]
    > >> > > Reverse DNS zone does not allow for secure updates [so why wasn't
    > >> > > this set
    > >> > > automatically? it does now.]
    > >> > > Windows Backup Wizard has not yet run [I know -- I was waiting to get
    > >> > > this
    > >> > > clean, but now's a good time, I think]
    > >> > > Microsoft Outlook 2003 is missing [from the ClientApps folder--I
    > >> > > hadn't
    > >> > > installed Outlook 2003 or IE6, as all the workstations are on Office
    > >> > > 2007
    > >> > > &
    > >> > > IE7, but to keep BPA happy, I did so]
    > >> > >
    > >> > > The Reverse DNS message was a tad vague:
    > >> > > You should configure Reverse Lookup Zone: 16.168.192.in-addr.arpa to
    > >> > > allow
    > >> > > only secure dynamic updates. To configure the Reverse Lookup Zone,
    > >> > > click
    > >> > > Start, point to Administrative Tools, and then click DNS. Right-click
    > >> > > the
    > >> > > Reverse Lookup Zone: 16.168.192.in-addr.arpa, and then click
    > >> > > Properties.
    > >> > > Select Secure only from the Dynamic Updates dropdown list.
    > >> > >
    > >> > > When I looked in DNS, the only entry under Reverse Lookup Zones was
    > >> > > "192.168.16.x Subnet". I tried to create
    > >> > > "16.168.192.in-addr.arpa" -- but
    > >> > > then I was told that it already exists. So I went to "192.168.16.x
    > >> > > Subnet"
    > >> > > and right-clicked, and clicked on Properties, and on the General tab,
    > >> > > I
    > >> > > changed the Dynamic Updates drop-down from "non-secure and secure" to
    > >> > > "Secure
    > >> > > only". [Rhetorical question: why on earth is this option even
    > >> > > necessary?
    > >> > > would there ever be a reason to have this set to anything except
    > >> > > "Secure
    > >> > > only"? and if not, why doesn't Windows Update set this
    > >> > > automatically?]
    > >> > >
    > >> > > None of those warnings would appear to have any effect on the
    > >> > > non-working
    > >> > > of
    > >> > > RWW, and in fact, following the changes, RWW is still showing "You
    > >> > > are not
    > >> > > authorized to view this page" from external and internal
    > >> > > workstations.
    > >> > >
    > >> > >
    > >> > >
    > >> > >
    > >> > >



    Nom=, KB 886209 does not apply, as when I ran this command
    netstat -aon | find ":4125"
    I got absolutely no response.

    Then, when I tested port 4125 via SHIELDS UP (https://www.grc.com) I got
    "Stealth" as the response (443, 444, and 3389 were OPEN).

    "Merv Porter [SBS-MVP]" wrote:

    > And maybe...
    >
    > Users cannot connect to remote desktops by using the Windows Small Business
    > Server 2003 Remote Web Workplace
    > http://support.microsoft.com/kb/886209
    >
    > --
    > Merv Porter [SBS-MVP]
    > ============================
    >
    > "Merv Porter [SBS-MVP]" <mwport@no_spam_hotmail.com> wrote in message
    > news:OOPnL5TuIHA.5832@TK2MSFTNGP02.phx.gbl...
    > > Sounds like you're getting closer Greg. :-)
    > >
    > > What error message are you getting when you try to access a workstation
    > > via
    > > RWW? In your router, are you sure you have port 4125 forwarded to your
    > > external NIC (192.168.2.10)?
    > >
    > > You can take the router out of the equation by connecting a spare
    > > workstation or laptop to a port onthe router, putting it in a workgroup,
    > > giving it an IP address in the same range as the LAN side of the router
    > > (192.168.2.x) and giving it a gateway of the router IP address
    > > (192.168.2.10). Then try to RWW into the server and workstations. If you
    > > still can't, then their is a configuration or software issue with the SBS
    > > server.
    > >
    > > --
    > > Merv Porter [SBS-MVP]
    > > ============================
    > >
    > >
    > > "Greg Kirkpatrick [SBSC,MCTS-Vista,MCITP]" <greg@no_spam_computermagic.cc>
    > > wrote in message
    > > news:1FDE6D63-94B1-4631-913A-49F23E1DA198@microsoft.com...
    > >> Again, Merv, thank you for your help!
    > >>
    > >> I figured out the reason Exchange Best Practices Analyzer could not
    > >> connect
    > >> to the server -- a mistyping in the previous entry was the culprit. It's
    > >> working fine now, with (almost) no issues, and certainly no critical
    > >> ones.
    > >>
    > >> While Remote Web Workplace is working, and Remote Desktop Connection will
    > >> connect directly with the server (port 3389 is forwarded to 192.168.2.10,
    > >> the
    > >> WAN Ethernet adapter of the server), I cannot Connect to Server Desktops
    > >> or
    > >> Connect to Client Desktops from Remote Web Workplace. I have seen this
    > >> problem in newsgroups previously, so perhaps I can find the solution.
    > >>
    > >>
    > >>
    > >> "Greg Kirkpatrick [SBSC,MCTS-Vista,MCITP]" wrote:
    > >>
    > >>> Okay, while waiting, I ran the Exchange BPA anyway (after applying the
    > >>> Exchange BPA updates), and here are its results:
    > >>>
    > >>> Paging file larger than Physical Memory
    > >>> [this was not strictly correct, as the current paging file was 2048MB,
    > >>> and
    > >>> the Physical Memory is 3.50GB; however, the automatically-created
    > >>> settings
    > >>> had a custom size of 2048MB initial and 5348MB maximum, so perhaps it
    > >>> was
    > >>> this that triggered the error...no matter, it was a good time to reduce
    > >>> the
    > >>> paging file on the Windows drive to 200MB and create a static one of
    > >>> 3500MB
    > >>> on another drive.]
    > >>>
    > >>> RPC binding does not contain FQDN
    > >>> The 'ncacn_ip_tcp' binding for server SBS2003 does not contain a
    > >>> fully-qualified domain name.
    > >>> [fixed]
    > >>>
    > >>> Database backup critical
    > >>> Database 'Public Folder Store (SBS2003)' on server SBS2003 has never had
    > >>> a
    > >>> full online backup.
    > >>> [fixed]
    > >>>
    > >>> Network interface driver file is more than two years old
    > >>> [noted...there is no newer file available]
    > >>>
    > >>> Storage driver is more than two years old
    > >>> [noted...there is no newer file available]
    > >>>
    > >>> The 'fast message retrieval' option is not enabled on IMAP4
    > >>> [fixed]
    > >>>
    > >>> The Network News Transfer Protocol (NNTP) service is running on server
    > >>> sbs2003
    > >>> [now disabled and stopped]
    > >>>
    > >>> Application log size
    > >>> As a best practice, the size of the 'Application' log on server
    > >>> sbs2003.domain.local should be increased. The current size is 16MB. For
    > >>> servers running Microsoft Exchange, a size of 40MB or more is
    > >>> recommended.
    > >>> [fixed...set to 40960KB]
    > >>>
    > >>> Consider setting TarpitTime
    > >>> Recipient filtering is enabled on server sbs2003.domain.local. As a best
    > >>> practice, consider setting the 'TarpitTime' parameter as recommended in
    > >>> Microsoft Knowledge Base article 899492.
    > >>> [registry entry made, and request made for Hotfix from KB article 899492
    > >>> via
    > >>> "Contact Us: Hotfix Request Web Submission Form"...which Microsoft seems
    > >>> to
    > >>> keep moving to try to hide, but is currently at:
    > >>> https://support.microsoft.com/contac...1414&WS=hotfix ]
    > >>>
    > >>> Enable automatic updates for message filtering
    > >>> Automatic update for the Intelligent Message Filter is not enabled on
    > >>> server
    > >>> SBS2003. To improve the effectiveness of the filter, follow the
    > >>> instructions
    > >>> outlined in Microsoft Knowledge Base article 907747.
    > >>> [why must this be a download-only .DOC file? First it says you should
    > >>> enable automatic updates for message filtering, then it says you should
    > >>> not
    > >>> have them automatically installed!! -- and this is only the tip of the
    > >>> Intelligent Message Filtering options. Done.]
    > >>>
    > >>> Crash upload logging disabled
    > >>> Exchange fatal error information on server sbs2003.domain.local is not
    > >>> automatically sent to Microsoft for analysis. It is recommended that you
    > >>> enable this feature through the Exchange System Manager.
    > >>> [now enabled]
    > >>>
    > >>> Sink registration not found Small Business Server Attachment Remover
    > >>> Transport event sink 'Small Business Server Attachment Remover' was
    > >>> found
    > >>> in
    > >>> the metabase for SMTP instance '1' on server sbs2003.domain.local but
    > >>> its
    > >>> registration could not be found. Registration expected in
    > >>> HKEY_CLASSES_ROOT\CLSID\.
    > >>> [this is one I'm going to need help with...the instructions on what to
    > >>> do
    > >>> to
    > >>> re-register the sink dll's are clear, but when I ran them as instructed
    > >>> from
    > >>> the \Program Files\Exchsrvr\Bin directory, I got errors for each one,
    > >>> all
    > >>> of
    > >>> them similar to this last one:
    > >>> ---------------------------
    > >>> RegSvr32
    > >>> ---------------------------
    > >>> msgfilter.dll was loaded, but the DllInstall entry point was not found.
    > >>>
    > >>> This file can not be registered.
    > >>> ---------------------------
    > >>> OK
    > >>> ---------------------------
    > >>>
    > >>> So much for Exchange Best Practices Analyzer.
    > >>>
    > >>> As for the Small Business Server 2003 Best Practices Analyzer, I was
    > >>> already
    > >>> automatically seeking and downloading updates, so I was using the latest
    > >>> version.
    > >>>
    > >>> I followed the steps to ascertain the "IP Address and Domain Name
    > >>> Restrictions" of the Default Web Site, and it was already set to Grant
    > >>> Access
    > >>> with nothing listed as exceptions. Knowing how these settings can
    > >>> sometimes
    > >>> be entered in the Registry incorrectly, I reset this to Deny Access
    > >>> (applied
    > >>> to all) and clicked OK and APPLY and OK, then repeated the steps to
    > >>> change it
    > >>> back to Grant Access.
    > >>>
    > >>> One thing I did notice, is that for anonymous access to the Default Web
    > >>> Site, it is checking the password for IUSR_SBS2003, and perhaps the
    > >>> problem
    > >>> is there. I reset the password for this user in AD, and changed it for
    > >>> Default Web Site and the other Virtual Directories in IIS Admin, as well
    > >>> as
    > >>> for each of the Web Sites under the Virtual Directories that had
    > >>> anonymous
    > >>> access checked.
    > >>>
    > >>> In the message thread you mentioned, there was a mention of an ISAPI
    > >>> Filter
    > >>> sbssft.dll for Default Web Site. It was not there, and I have added
    > >>> it.
    > >>> However, I question whether it is indeed necessary, since a working-RRW
    > >>> SBS
    > >>> server does not have this entry.
    > >>>
    > >>> Having rebooted the server, it appears I have done something wrong, as
    > >>> the
    > >>> Exchange Best Practices Analzyer now cannot connect to the first
    > >>> administration group under the SERVER -- there is an orange circle with
    > >>> a
    > >>> white X next to it.
    > >>>
    > >>> However, I just tested from an external connection, and REMOTE WEB
    > >>> WORKPLACE
    > >>> IS NOW WORKING !!!
    > >>>
    > >>> Huzzah, Merv! Thank you.
    > >>>
    > >>> That fixes both RWW and RDC, so I think I'll stop this thread, and start
    > >>> a
    > >>> new one in the Exchange newsgroup.
    > >>>
    > >>>
    > >>> "Merv Porter [SBS-MVP]" wrote:
    > >>>
    > >>> > That second link should be:
    > >>> >
    > >>> > Small Business Server 2003 Best Practices Analyzer Updated
    > >>> > http://blogs.technet.com/sbs/archive...r-updated.aspx
    > >>> >
    > >>> >
    > >>> > Also, let's look at IP restrictions (as in this thread):
    > >>> > http://groups.google.com/group/micro...f2c2be383e1d30
    > >>> >
    > >>> >
    > >>> > This issue can be caused by incorrect IP restriction settings. Let's
    > >>> > try
    > >>> > following steps to see if it works:
    > >>> >
    > >>> > 1. Open Server Management and expand to Internet Information Services
    > >>> > node.
    > >>> > 2. Open the Default Web Site's properties
    > >>> > 3. Click the Directory Security tab.
    > >>> > 4. Click the Edit button next to the IP Address and Domain Name
    > >>> > Restrictions
    > >>> > heading.
    > >>> > 5. Click to choose Granted Access and remove all the entries.
    > >>> > 6. Click OK.
    > >>> >
    > >>> > --
    > >>> > Merv Porter [SBS-MVP]
    > >>> > ============================
    > >>> >
    > >>> > "Greg Kirkpatrick [SBSC,MCTS-Vista,MCITP]"
    > >>> > <greg@no_spam_computermagic.cc>
    > >>> > wrote in message
    > >>> > news:71331AC0-ADFC-44C4-B515-AB5FCC9FFB1A@microsoft.com...
    > >>> > > Correct -- the working-RWW server is named "win2003", but it is an
    > >>> > > SBS
    > >>> > > 2003
    > >>> > > Premium R2. The non-working-RWW server is named "sbs2003" and it is
    > >>> > > an
    > >>> > > SBS
    > >>> > > 2003 Premium R1. Hopefully, that won't make any difference in RWw's
    > >>> > > setup.
    > >>> > >
    > >>> > > Your second link was the same as the first, perhaps you meant this
    > >>> > > one?
    > >>> > > Microsoft Exchange Best Practices Analyzer Web Update Pack
    > >>> > > http://www.microsoft.com/downloads/d...displaylang=en
    > >>> > >
    > >>> > > When I ran SBS 2003 Best Practices Analyzer, I got these 6 warnings:
    > >>> > > Network driver is more than a year old [I know this, but there
    > >>> > > doesn't
    > >>> > > appear to be an update, either from OEM, Tyan (most recent
    > >>> > > 2006/01/09) or
    > >>> > > from Vendor, nVidia (most recent 2006/07). ]
    > >>> > > EDNS is enabled [never heard of this, but I followed the steps to
    > >>> > > disable
    > >>> > > it]
    > >>> > > The OWA update is not installed [it is now]
    > >>> > > Reverse DNS zone does not allow for secure updates [so why wasn't
    > >>> > > this set
    > >>> > > automatically? it does now.]
    > >>> > > Windows Backup Wizard has not yet run [I know -- I was waiting to
    > >>> > > get
    > >>> > > this
    > >>> > > clean, but now's a good time, I think]
    > >>> > > Microsoft Outlook 2003 is missing [from the ClientApps folder--I
    > >>> > > hadn't
    > >>> > > installed Outlook 2003 or IE6, as all the workstations are on Office
    > >>> > > 2007
    > >>> > > &
    > >>> > > IE7, but to keep BPA happy, I did so]
    > >>> > >
    > >>> > > The Reverse DNS message was a tad vague:
    > >>> > > You should configure Reverse Lookup Zone: 16.168.192.in-addr.arpa to
    > >>> > > allow
    > >>> > > only secure dynamic updates. To configure the Reverse Lookup Zone,
    > >>> > > click
    > >>> > > Start, point to Administrative Tools, and then click DNS.
    > >>> > > Right-click
    > >>> > > the
    > >>> > > Reverse Lookup Zone: 16.168.192.in-addr.arpa, and then click
    > >>> > > Properties.
    > >>> > > Select Secure only from the Dynamic Updates dropdown list.
    > >>> > >
    > >>> > > When I looked in DNS, the only entry under Reverse Lookup Zones was
    > >>> > > "192.168.16.x Subnet". I tried to create
    > >>> > > "16.168.192.in-addr.arpa" -- but
    > >>> > > then I was told that it already exists. So I went to "192.168.16.x



    See if this sets things right... Disable RRAS inside its MMC console (right
    click on <yourservername> and disable, close the console), then re-run CEICW
    again, enable the firewall, select all your services, and complete the rest
    of CEICW. Then try an external connection to your server/workstations via
    RWW.

    --
    Merv Porter [SBS-MVP]
    ============================


    "Greg Kirkpatrick [SBSC,MCTS-Vista,MCITP]" <greg@no_spam_computermagic.cc>
    wrote in message news:738556D6-134C-4C20-A1B8-971DC3250B64@microsoft.com...
    > Yes, I am getting closer.
    >
    > Yes, I am absolutely certain that port 4125 (and 3389, and 443, and 444)
    > are
    > forwarded to the server (192.168.2.10).
    >
    > The exact message I am getting, when trying Connect to Client Desktop (or
    > Server Desktop) is:
    > VBScript: Remote Desktop Disconnected
    > The client could not connect to the remote computer. Remote connections
    > might not be enabled or the computer might be too
    > busy to accept new connections. It is also possible that network problems
    > are preventing your connection. Please try
    > connecting again later. If the problem continues to occur, contact your
    > administrator.
    >
    > This is definitely a firewall issue, because if I turn off the Routing and
    > Remote Access service (on the server, connecting via Remote Desktop
    > Connection), then when I connect via RWW, and try to Connect to Client
    > Desktop or Connect to Server Desktop, it works. Of course, at that point,
    > the client workstations cannot then connect to the Internet. So I have to
    > have RRAS on, it is just a matter of how to configure it to allow RDC/RDP.
    >
    >
    > "Merv Porter [SBS-MVP]" wrote:
    >
    >> Sounds like you're getting closer Greg. :-)
    >>
    >> What error message are you getting when you try to access a workstation
    >> via
    >> RWW? In your router, are you sure you have port 4125 forwarded to your
    >> external NIC (192.168.2.10)?
    >>
    >> You can take the router out of the equation by connecting a spare
    >> workstation or laptop to a port onthe router, putting it in a workgroup,
    >> giving it an IP address in the same range as the LAN side of the router
    >> (192.168.2.x) and giving it a gateway of the router IP address
    >> (192.168.2.10). Then try to RWW into the server and workstations. If
    >> you
    >> still can't, then their is a configuration or software issue with the SBS
    >> server.
    >>
    >> --
    >> Merv Porter [SBS-MVP]
    >> ============================
    >>
    >>
    >> "Greg Kirkpatrick [SBSC,MCTS-Vista,MCITP]"
    >> <greg@no_spam_computermagic.cc>
    >> wrote in message
    >> news:1FDE6D63-94B1-4631-913A-49F23E1DA198@microsoft.com...
    >> > Again, Merv, thank you for your help!
    >> >
    >> > I figured out the reason Exchange Best Practices Analyzer could not
    >> > connect
    >> > to the server -- a mistyping in the previous entry was the culprit.
    >> > It's
    >> > working fine now, with (almost) no issues, and certainly no critical
    >> > ones.
    >> >
    >> > While Remote Web Workplace is working, and Remote Desktop Connection
    >> > will
    >> > connect directly with the server (port 3389 is forwarded to
    >> > 192.168.2.10,
    >> > the
    >> > WAN Ethernet adapter of the server), I cannot Connect to Server
    >> > Desktops
    >> > or
    >> > Connect to Client Desktops from Remote Web Workplace. I have seen this
    >> > problem in newsgroups previously, so perhaps I can find the solution.
    >> >
    >> >
    >> >
    >> > "Greg Kirkpatrick [SBSC,MCTS-Vista,MCITP]" wrote:
    >> >
    >> >> Okay, while waiting, I ran the Exchange BPA anyway (after applying the
    >> >> Exchange BPA updates), and here are its results:
    >> >>
    >> >> Paging file larger than Physical Memory
    >> >> [this was not strictly correct, as the current paging file was 2048MB,
    >> >> and
    >> >> the Physical Memory is 3.50GB; however, the automatically-created
    >> >> settings
    >> >> had a custom size of 2048MB initial and 5348MB maximum, so perhaps it
    >> >> was
    >> >> this that triggered the error...no matter, it was a good time to
    >> >> reduce
    >> >> the
    >> >> paging file on the Windows drive to 200MB and create a static one of
    >> >> 3500MB
    >> >> on another drive.]
    >> >>
    >> >> RPC binding does not contain FQDN
    >> >> The 'ncacn_ip_tcp' binding for server SBS2003 does not contain a
    >> >> fully-qualified domain name.
    >> >> [fixed]
    >> >>
    >> >> Database backup critical
    >> >> Database 'Public Folder Store (SBS2003)' on server SBS2003 has never
    >> >> had
    >> >> a
    >> >> full online backup.
    >> >> [fixed]
    >> >>
    >> >> Network interface driver file is more than two years old
    >> >> [noted...there is no newer file available]
    >> >>
    >> >> Storage driver is more than two years old
    >> >> [noted...there is no newer file available]
    >> >>
    >> >> The 'fast message retrieval' option is not enabled on IMAP4
    >> >> [fixed]
    >> >>
    >> >> The Network News Transfer Protocol (NNTP) service is running on server
    >> >> sbs2003
    >> >> [now disabled and stopped]
    >> >>
    >> >> Application log size
    >> >> As a best practice, the size of the 'Application' log on server
    >> >> sbs2003.domain.local should be increased. The current size is 16MB.
    >> >> For
    >> >> servers running Microsoft Exchange, a size of 40MB or more is
    >> >> recommended.
    >> >> [fixed...set to 40960KB]
    >> >>
    >> >> Consider setting TarpitTime
    >> >> Recipient filtering is enabled on server sbs2003.domain.local. As a
    >> >> best
    >> >> practice, consider setting the 'TarpitTime' parameter as recommended
    >> >> in
    >> >> Microsoft Knowledge Base article 899492.
    >> >> [registry entry made, and request made for Hotfix from KB article
    >> >> 899492
    >> >> via
    >> >> "Contact Us: Hotfix Request Web Submission Form"...which Microsoft
    >> >> seems
    >> >> to
    >> >> keep moving to try to hide, but is currently at:
    >> >> https://support.microsoft.com/contac...1414&WS=hotfix ]
    >> >>
    >> >> Enable automatic updates for message filtering
    >> >> Automatic update for the Intelligent Message Filter is not enabled on
    >> >> server
    >> >> SBS2003. To improve the effectiveness of the filter, follow the
    >> >> instructions
    >> >> outlined in Microsoft Knowledge Base article 907747.
    >> >> [why must this be a download-only .DOC file? First it says you should
    >> >> enable automatic updates for message filtering, then it says you
    >> >> should
    >> >> not
    >> >> have them automatically installed!! -- and this is only the tip of the
    >> >> Intelligent Message Filtering options. Done.]
    >> >>
    >> >> Crash upload logging disabled
    >> >> Exchange fatal error information on server sbs2003.domain.local is not
    >> >> automatically sent to Microsoft for analysis. It is recommended that
    >> >> you
    >> >> enable this feature through the Exchange System Manager.
    >> >> [now enabled]
    >> >>
    >> >> Sink registration not found Small Business Server Attachment Remover
    >> >> Transport event sink 'Small Business Server Attachment Remover' was
    >> >> found
    >> >> in
    >> >> the metabase for SMTP instance '1' on server sbs2003.domain.local but
    >> >> its
    >> >> registration could not be found. Registration expected in
    >> >> HKEY_CLASSES_ROOT\CLSID\.
    >> >> [this is one I'm going to need help with...the instructions on what to
    >> >> do
    >> >> to
    >> >> re-register the sink dll's are clear, but when I ran them as
    >> >> instructed
    >> >> from
    >> >> the \Program Files\Exchsrvr\Bin directory, I got errors for each one,
    >> >> all
    >> >> of
    >> >> them similar to this last one:
    >> >> ---------------------------
    >> >> RegSvr32
    >> >> ---------------------------
    >> >> msgfilter.dll was loaded, but the DllInstall entry point was not
    >> >> found.
    >> >>
    >> >> This file can not be registered.
    >> >> ---------------------------
    >> >> OK
    >> >> ---------------------------
    >> >>
    >> >> So much for Exchange Best Practices Analyzer.
    >> >>
    >> >> As for the Small Business Server 2003 Best Practices Analyzer, I was
    >> >> already
    >> >> automatically seeking and downloading updates, so I was using the
    >> >> latest
    >> >> version.
    >> >>
    >> >> I followed the steps to ascertain the "IP Address and Domain Name
    >> >> Restrictions" of the Default Web Site, and it was already set to Grant
    >> >> Access
    >> >> with nothing listed as exceptions. Knowing how these settings can
    >> >> sometimes
    >> >> be entered in the Registry incorrectly, I reset this to Deny Access
    >> >> (applied
    >> >> to all) and clicked OK and APPLY and OK, then repeated the steps to
    >> >> change it
    >> >> back to Grant Access.
    >> >>
    >> >> One thing I did notice, is that for anonymous access to the Default
    >> >> Web
    >> >> Site, it is checking the password for IUSR_SBS2003, and perhaps the
    >> >> problem
    >> >> is there. I reset the password for this user in AD, and changed it
    >> >> for
    >> >> Default Web Site and the other Virtual Directories in IIS Admin, as
    >> >> well
    >> >> as
    >> >> for each of the Web Sites under the Virtual Directories that had
    >> >> anonymous
    >> >> access checked.
    >> >>
    >> >> In the message thread you mentioned, there was a mention of an ISAPI
    >> >> Filter
    >> >> sbssft.dll for Default Web Site. It was not there, and I have added
    >> >> it.
    >> >> However, I question whether it is indeed necessary, since a
    >> >> working-RRW
    >> >> SBS
    >> >> server does not have this entry.
    >> >>
    >> >> Having rebooted the server, it appears I have done something wrong, as
    >> >> the
    >> >> Exchange Best Practices Analzyer now cannot connect to the first
    >> >> administration group under the SERVER -- there is an orange circle
    >> >> with a
    >> >> white X next to it.
    >> >>
    >> >> However, I just tested from an external connection, and REMOTE WEB
    >> >> WORKPLACE
    >> >> IS NOW WORKING !!!
    >> >>
    >> >> Huzzah, Merv! Thank you.
    >> >>
    >> >> That fixes both RWW and RDC, so I think I'll stop this thread, and
    >> >> start
    >> >> a
    >> >> new one in the Exchange newsgroup.
    >> >>
    >> >>
    >> >> "Merv Porter [SBS-MVP]" wrote:
    >> >>
    >> >> > That second link should be:
    >> >> >
    >> >> > Small Business Server 2003 Best Practices Analyzer Updated
    >> >> > http://blogs.technet.com/sbs/archive...r-updated.aspx
    >> >> >
    >> >> >
    >> >> > Also, let's look at IP restrictions (as in this thread):
    >> >> > http://groups.google.com/group/micro...f2c2be383e1d30
    >> >> >
    >> >> >
    >> >> > This issue can be caused by incorrect IP restriction settings. Let's
    >> >> > try
    >> >> > following steps to see if it works:
    >> >> >
    >> >> > 1. Open Server Management and expand to Internet Information
    >> >> > Services
    >> >> > node.
    >> >> > 2. Open the Default Web Site's properties
    >> >> > 3. Click the Directory Security tab.
    >> >> > 4. Click the Edit button next to the IP Address and Domain Name
    >> >> > Restrictions
    >> >> > heading.
    >> >> > 5. Click to choose Granted Access and remove all the entries.
    >> >> > 6. Click OK.
    >> >> >
    >> >> > --
    >> >> > Merv Porter [SBS-MVP]
    >> >> > ============================
    >> >> >
    >> >> > "Greg Kirkpatrick [SBSC,MCTS-Vista,MCITP]"
    >> >> > <greg@no_spam_computermagic.cc>
    >> >> > wrote in message
    >> >> > news:71331AC0-ADFC-44C4-B515-AB5FCC9FFB1A@microsoft.com...
    >> >> > > Correct -- the working-RWW server is named "win2003", but it is an
    >> >> > > SBS
    >> >> > > 2003
    >> >> > > Premium R2. The non-working-RWW server is named "sbs2003" and it
    >> >> > > is
    >> >> > > an
    >> >> > > SBS
    >> >> > > 2003 Premium R1. Hopefully, that won't make any difference in
    >> >> > > RWw's
    >> >> > > setup.
    >> >> > >
    >> >> > > Your second link was the same as the first, perhaps you meant this
    >> >> > > one?
    >> >> > > Microsoft Exchange Best Practices Analyzer Web Update Pack
    >> >> > > http://www.microsoft.com/downloads/d...displaylang=en
    >> >> > >
    >> >> > > When I ran SBS 2003 Best Practices Analyzer, I got these 6
    >> >> > > warnings:
    >> >> > > Network driver is more than a year old [I know this, but there
    >> >> > > doesn't
    >> >> > > appear to be an update, either from OEM, Tyan (most recent
    >> >> > > 2006/01/09) or
    >> >> > > from Vendor, nVidia (most recent 2006/07). ]
    >> >> > > EDNS is enabled [never heard of this, but I followed the steps to
    >> >> > > disable
    >> >> > > it]
    >> >> > > The OWA update is not installed [it is now]
    >> >> > > Reverse DNS zone does not allow for secure updates [so why wasn't
    >> >> > > this set
    >> >> > > automatically? it does now.]
    >> >> > > Windows Backup Wizard has not yet run [I know -- I was waiting to
    >> >> > > get
    >> >> > > this
    >> >> > > clean, but now's a good time, I think]
    >> >> > > Microsoft Outlook 2003 is missing [from the ClientApps folder--I
    >> >> > > hadn't
    >> >> > > installed Outlook 2003 or IE6, as all the workstations are on
    >> >> > > Office
    >> >> > > 2007
    >> >> > > &
    >> >> > > IE7, but to keep BPA happy, I did so]
    >> >> > >
    >> >> > > The Reverse DNS message was a tad vague:
    >> >> > > You should configure Reverse Lookup Zone: 16.168.192.in-addr.arpa
    >> >> > > to
    >> >> > > allow
    >> >> > > only secure dynamic updates. To configure the Reverse Lookup Zone,
    >> >> > > click
    >> >> > > Start, point to Administrative Tools, and then click DNS.
    >> >> > > Right-click
    >> >> > > the
    >> >> > > Reverse Lookup Zone: 16.168.192.in-addr.arpa, and then click
    >> >> > > Properties.
    >> >> > > Select Secure only from the Dynamic Updates dropdown list.
    >> >> > >
    >> >> > > When I looked in DNS, the only entry under Reverse Lookup Zones
    >> >> > > was
    >> >> > > "192.168.16.x Subnet". I tried to create
    >> >> > > "16.168.192.in-addr.arpa" -- but
    >> >> > > then I was told that it already exists. So I went to
    >> >> > > "192.168.16.x
    >> >> > > Subnet"
    >> >> > > and right-clicked, and clicked on Properties, and on the General
    >> >> > > tab,
    >> >> > > I
    >> >> > > changed the Dynamic Updates drop-down from "non-secure and secure"
    >> >> > > to
    >> >> > > "Secure
    >> >> > > only". [Rhetorical question: why on earth is this option even
    >> >> > > necessary?
    >> >> > > would there ever be a reason to have this set to anything except
    >> >> > > "Secure
    >> >> > > only"? and if not, why doesn't Windows Update set this
    >> >> > > automatically?]
    >> >> > >
    >> >> > > None of those warnings would appear to have any effect on the
    >> >> > > non-working
    >> >> > > of
    >> >> > > RWW, and in fact, following the changes, RWW is still showing "You
    >> >> > > are not
    >> >> > > authorized to view this page" from external and internal
    >> >> > > workstations.
    >> >> > >
    >> >> > >
    >> >> > >
    >> >> > >
    >> >> > >





    Also, please post the results of an ipconfig /all for the SBS server.

    --
    Merv Porter [SBS-MVP]
    ============================

    "Greg Kirkpatrick [SBSC,MCTS-Vista,MCITP]" <greg@no_spam_computermagic.cc>
    wrote in message news:738556D6-134C-4C20-A1B8-971DC3250B64@microsoft.com...
    > Yes, I am getting closer.
    >
    > Yes, I am absolutely certain that port 4125 (and 3389, and 443, and 444)
    > are
    > forwarded to the server (192.168.2.10).
    >
    > The exact message I am getting, when trying Connect to Client Desktop (or
    > Server Desktop) is:
    > VBScript: Remote Desktop Disconnected
    > The client could not connect to the remote computer. Remote connections
    > might not be enabled or the computer might be too
    > busy to accept new connections. It is also possible that network problems
    > are preventing your connection. Please try
    > connecting again later. If the problem continues to occur, contact your
    > administrator.
    >
    > This is definitely a firewall issue, because if I turn off the Routing and
    > Remote Access service (on the server, connecting via Remote Desktop
    > Connection), then when I connect via RWW, and try to Connect to Client
    > Desktop or Connect to Server Desktop, it works. Of course, at that point,
    > the client workstations cannot then connect to the Internet. So I have to
    > have RRAS on, it is just a matter of how to configure it to allow RDC/RDP.
    >
    >
    > "Merv Porter [SBS-MVP]" wrote:
    >
    >> Sounds like you're getting closer Greg. :-)
    >>
    >> What error message are you getting when you try to access a workstation
    >> via
    >> RWW? In your router, are you sure you have port 4125 forwarded to your
    >> external NIC (192.168.2.10)?
    >>
    >> You can take the router out of the equation by connecting a spare
    >> workstation or laptop to a port onthe router, putting it in a workgroup,
    >> giving it an IP address in the same range as the LAN side of the router
    >> (192.168.2.x) and giving it a gateway of the router IP address
    >> (192.168.2.10). Then try to RWW into the server and workstations. If
    >> you
    >> still can't, then their is a configuration or software issue with the SBS
    >> server.
    >>
    >> --
    >> Merv Porter [SBS-MVP]
    >> ============================
    >>
    >>
    >> "Greg Kirkpatrick [SBSC,MCTS-Vista,MCITP]"
    >> <greg@no_spam_computermagic.cc>
    >> wrote in message
    >> news:1FDE6D63-94B1-4631-913A-49F23E1DA198@microsoft.com...
    >> > Again, Merv, thank you for your help!
    >> >
    >> > I figured out the reason Exchange Best Practices Analyzer could not
    >> > connect
    >> > to the server -- a mistyping in the previous entry was the culprit.
    >> > It's
    >> > working fine now, with (almost) no issues, and certainly no critical
    >> > ones.
    >> >
    >> > While Remote Web Workplace is working, and Remote Desktop Connection
    >> > will
    >> > connect directly with the server (port 3389 is forwarded to
    >> > 192.168.2.10,
    >> > the
    >> > WAN Ethernet adapter of the server), I cannot Connect to Server
    >> > Desktops
    >> > or
    >> > Connect to Client Desktops from Remote Web Workplace. I have seen this
    >> > problem in newsgroups previously, so perhaps I can find the solution.
    >> >
    >> >
    >> >
    >> > "Greg Kirkpatrick [SBSC,MCTS-Vista,MCITP]" wrote:
    >> >
    >> >> Okay, while waiting, I ran the Exchange BPA anyway (after applying the
    >> >> Exchange BPA updates), and here are its results:
    >> >>
    >> >> Paging file larger than Physical Memory
    >> >> [this was not strictly correct, as the current paging file was 2048MB,
    >> >> and
    >> >> the Physical Memory is 3.50GB; however, the automatically-created
    >> >> settings
    >> >> had a custom size of 2048MB initial and 5348MB maximum, so perhaps it
    >> >> was
    >> >> this that triggered the error...no matter, it was a good time to
    >> >> reduce
    >> >> the
    >> >> paging file on the Windows drive to 200MB and create a static one of
    >> >> 3500MB
    >> >> on another drive.]
    >> >>
    >> >> RPC binding does not contain FQDN
    >> >> The 'ncacn_ip_tcp' binding for server SBS2003 does not contain a
    >> >> fully-qualified domain name.
    >> >> [fixed]
    >> >>
    >> >> Database backup critical
    >> >> Database 'Public Folder Store (SBS2003)' on server SBS2003 has never
    >> >> had
    >> >> a
    >> >> full online backup.
    >> >> [fixed]
    >> >>
    >> >> Network interface driver file is more than two years old
    >> >> [noted...there is no newer file available]
    >> >>
    >> >> Storage driver is more than two years old
    >> >> [noted...there is no newer file available]
    >> >>
    >> >> The 'fast message retrieval' option is not enabled on IMAP4
    >> >> [fixed]
    >> >>
    >> >> The Network News Transfer Protocol (NNTP) service is running on server
    >> >> sbs2003
    >> >> [now disabled and stopped]
    >> >>
    >> >> Application log size
    >> >> As a best practice, the size of the 'Application' log on server
    >> >> sbs2003.domain.local should be increased. The current size is 16MB.
    >> >> For
    >> >> servers running Microsoft Exchange, a size of 40MB or more is
    >> >> recommended.
    >> >> [fixed...set to 40960KB]
    >> >>
    >> >> Consider setting TarpitTime
    >> >> Recipient filtering is enabled on server sbs2003.domain.local. As a
    >> >> best
    >> >> practice, consider setting the 'TarpitTime' parameter as recommended
    >> >> in
    >> >> Microsoft Knowledge Base article 899492.
    >> >> [registry entry made, and request made for Hotfix from KB article
    >> >> 899492
    >> >> via
    >> >> "Contact Us: Hotfix Request Web Submission Form"...which Microsoft
    >> >> seems
    >> >> to
    >> >> keep moving to try to hide, but is currently at:
    >> >> https://support.microsoft.com/contac...1414&WS=hotfix ]
    >> >>
    >> >> Enable automatic updates for message filtering
    >> >> Automatic update for the Intelligent Message Filter is not enabled on
    >> >> server
    >> >> SBS2003. To improve the effectiveness of the filter, follow the
    >> >> instructions
    >> >> outlined in Microsoft Knowledge Base article 907747.
    >> >> [why must this be a download-only .DOC file? First it says you should
    >> >> enable automatic updates for message filtering, then it says you
    >> >> should
    >> >> not
    >> >> have them automatically installed!! -- and this is only the tip of the
    >> >> Intelligent Message Filtering options. Done.]
    >> >>
    >> >> Crash upload logging disabled
    >> >> Exchange fatal error information on server sbs2003.domain.local is not
    >> >> automatically sent to Microsoft for analysis. It is recommended that
    >> >> you
    >> >> enable this feature through the Exchange System Manager.
    >> >> [now enabled]
    >> >>
    >> >> Sink registration not found Small Business Server Attachment Remover
    >> >> Transport event sink 'Small Business Server Attachment Remover' was
    >> >> found
    >> >> in
    >> >> the metabase for SMTP instance '1' on server sbs2003.domain.local but
    >> >> its
    >> >> registration could not be found. Registration expected in
    >> >> HKEY_CLASSES_ROOT\CLSID\.
    >> >> [this is one I'm going to need help with...the instructions on what to
    >> >> do
    >> >> to
    >> >> re-register the sink dll's are clear, but when I ran them as
    >> >> instructed
    >> >> from
    >> >> the \Program Files\Exchsrvr\Bin directory, I got errors for each one,
    >> >> all
    >> >> of
    >> >> them similar to this last one:
    >> >> ---------------------------
    >> >> RegSvr32
    >> >> ---------------------------
    >> >> msgfilter.dll was loaded, but the DllInstall entry point was not
    >> >> found.
    >> >>
    >> >> This file can not be registered.
    >> >> ---------------------------
    >> >> OK
    >> >> ---------------------------
    >> >>
    >> >> So much for Exchange Best Practices Analyzer.
    >> >>
    >> >> As for the Small Business Server 2003 Best Practices Analyzer, I was
    >> >> already
    >> >> automatically seeking and downloading updates, so I was using the
    >> >> latest
    >> >> version.
    >> >>
    >> >> I followed the steps to ascertain the "IP Address and Domain Name
    >> >> Restrictions" of the Default Web Site, and it was already set to Grant
    >> >> Access
    >> >> with nothing listed as exceptions. Knowing how these settings can
    >> >> sometimes
    >> >> be entered in the Registry incorrectly, I reset this to Deny Access
    >> >> (applied
    >> >> to all) and clicked OK and APPLY and OK, then repeated the steps to
    >> >> change it
    >> >> back to Grant Access.
    >> >>
    >> >> One thing I did notice, is that for anonymous access to the Default
    >> >> Web
    >> >> Site, it is checking the password for IUSR_SBS2003, and perhaps the
    >> >> problem
    >> >> is there. I reset the password for this user in AD, and changed it
    >> >> for
    >> >> Default Web Site and the other Virtual Directories in IIS Admin, as
    >> >> well
    >> >> as
    >> >> for each of the Web Sites under the Virtual Directories that had
    >> >> anonymous
    >> >> access checked.
    >> >>
    >> >> In the message thread you mentioned, there was a mention of an ISAPI
    >> >> Filter
    >> >> sbssft.dll for Default Web Site. It was not there, and I have added
    >> >> it.
    >> >> However, I question whether it is indeed necessary, since a
    >> >> working-RRW
    >> >> SBS
    >> >> server does not have this entry.
    >> >>
    >> >> Having rebooted the server, it appears I have done something wrong, as
    >> >> the
    >> >> Exchange Best Practices Analzyer now cannot connect to the first
    >> >> administration group under the SERVER -- there is an orange circle
    >> >> with a
    >> >> white X next to it.
    >> >>
    >> >> However, I just tested from an external connection, and REMOTE WEB
    >> >> WORKPLACE
    >> >> IS NOW WORKING !!!
    >> >>
    >> >> Huzzah, Merv! Thank you.
    >> >>
    >> >> That fixes both RWW and RDC, so I think I'll stop this thread, and
    >> >> start
    >> >> a
    >> >> new one in the Exchange newsgroup.
    >> >>
    >> >>
    >> >> "Merv Porter [SBS-MVP]" wrote:
    >> >>
    >> >> > That second link should be:
    >> >> >
    >> >> > Small Business Server 2003 Best Practices Analyzer Updated
    >> >> > http://blogs.technet.com/sbs/archive...r-updated.aspx
    >> >> >
    >> >> >
    >> >> > Also, let's look at IP restrictions (as in this thread):
    >> >> > http://groups.google.com/group/micro...f2c2be383e1d30
    >> >> >
    >> >> >
    >> >> > This issue can be caused by incorrect IP restriction settings. Let's
    >> >> > try
    >> >> > following steps to see if it works:
    >> >> >
    >> >> > 1. Open Server Management and expand to Internet Information
    >> >> > Services
    >> >> > node.
    >> >> > 2. Open the Default Web Site's properties
    >> >> > 3. Click the Directory Security tab.
    >> >> > 4. Click the Edit button next to the IP Address and Domain Name
    >> >> > Restrictions
    >> >> > heading.
    >> >> > 5. Click to choose Granted Access and remove all the entries.
    >> >> > 6. Click OK.
    >> >> >
    >> >> > --
    >> >> > Merv Porter [SBS-MVP]
    >> >> > ============================
    >> >> >
    >> >> > "Greg Kirkpatrick [SBSC,MCTS-Vista,MCITP]"
    >> >> > <greg@no_spam_computermagic.cc>
    >> >> > wrote in message
    >> >> > news:71331AC0-ADFC-44C4-B515-AB5FCC9FFB1A@microsoft.com...
    >> >> > > Correct -- the working-RWW server is named "win2003", but it is an
    >> >> > > SBS
    >> >> > > 2003
    >> >> > > Premium R2. The non-working-RWW server is named "sbs2003" and it
    >> >> > > is
    >> >> > > an
    >> >> > > SBS
    >> >> > > 2003 Premium R1. Hopefully, that won't make any difference in
    >> >> > > RWw's
    >> >> > > setup.
    >> >> > >
    >> >> > > Your second link was the same as the first, perhaps you meant this
    >> >> > > one?
    >> >> > > Microsoft Exchange Best Practices Analyzer Web Update Pack
    >> >> > > http://www.microsoft.com/downloads/d...displaylang=en
    >> >> > >
    >> >> > > When I ran SBS 2003 Best Practices Analyzer, I got these 6
    >> >> > > warnings:
    >> >> > > Network driver is more than a year old [I know this, but there
    >> >> > > doesn't
    >> >> > > appear to be an update, either from OEM, Tyan (most recent
    >> >> > > 2006/01/09) or
    >> >> > > from Vendor, nVidia (most recent 2006/07). ]
    >> >> > > EDNS is enabled [never heard of this, but I followed the steps to
    >> >> > > disable
    >> >> > > it]
    >> >> > > The OWA update is not installed [it is now]
    >> >> > > Reverse DNS zone does not allow for secure updates [so why wasn't
    >> >> > > this set
    >> >> > > automatically? it does now.]
    >> >> > > Windows Backup Wizard has not yet run [I know -- I was waiting to
    >> >> > > get
    >> >> > > this
    >> >> > > clean, but now's a good time, I think]
    >> >> > > Microsoft Outlook 2003 is missing [from the ClientApps folder--I
    >> >> > > hadn't
    >> >> > > installed Outlook 2003 or IE6, as all the workstations are on
    >> >> > > Office
    >> >> > > 2007
    >> >> > > &
    >> >> > > IE7, but to keep BPA happy, I did so]
    >> >> > >
    >> >> > > The Reverse DNS message was a tad vague:
    >> >> > > You should configure Reverse Lookup Zone: 16.168.192.in-addr.arpa
    >> >> > > to
    >> >> > > allow
    >> >> > > only secure dynamic updates. To configure the Reverse Lookup Zone,
    >> >> > > click
    >> >> > > Start, point to Administrative Tools, and then click DNS.
    >> >> > > Right-click
    >> >> > > the
    >> >> > > Reverse Lookup Zone: 16.168.192.in-addr.arpa, and then click
    >> >> > > Properties.
    >> >> > > Select Secure only from the Dynamic Updates dropdown list.
    >> >> > >
    >> >> > > When I looked in DNS, the only entry under Reverse Lookup Zones
    >> >> > > was
    >> >> > > "192.168.16.x Subnet". I tried to create
    >> >> > > "16.168.192.in-addr.arpa" -- but
    >> >> > > then I was told that it already exists. So I went to
    >> >> > > "192.168.16.x
    >> >> > > Subnet"
    >> >> > > and right-clicked, and clicked on Properties, and on the General
    >> >> > > tab,
    >> >> > > I
    >> >> > > changed the Dynamic Updates drop-down from "non-secure and secure"
    >> >> > > to
    >> >> > > "Secure
    >> >> > > only". [Rhetorical question: why on earth is this option even
    >> >> > > necessary?
    >> >> > > would there ever be a reason to have this set to anything except
    >> >> > > "Secure
    >> >> > > only"? and if not, why doesn't Windows Update set this
    >> >> > > automatically?]
    >> >> > >
    >> >> > > None of those warnings would appear to have any effect on the
    >> >> > > non-working
    >> >> > > of
    >> >> > > RWW, and in fact, following the changes, RWW is still showing "You
    >> >> > > are not
    >> >> > > authorized to view this page" from external and internal
    >> >> > > workstations.
    >> >> > >
    >> >> > >
    >> >> > >
    >> >> > >
    >> >> > >





    I disabled RRAS as you suggested, via MMC, and I re-ran CEICW, configuring
    Firewall and VPN, etc. I then ran Remote Access Wizard. Both completed
    without errors.

    I then ran a SHIELDS UP probe at www.grc.com and got these results:


    ----------------------------------------------------------------------

    GRC Port Authority Report created on UTC: 2008-05-19 at 22:46:36

    Results from scan of ports: 443, 444, 3389, 4125

    3 Ports Open
    1 Ports Closed
    0 Ports Stealth
    ---------------------
    4 Ports Tested

    NO PORTS were found to be STEALTH.

    The port found to be CLOSED was: 4125

    Other than what is listed above, all ports are OPEN.

    TruStealth: FAILED - NOT all tested ports were STEALTH,
    - NO unsolicited packets were received,
    - A PING REPLY (ICMP Echo) WAS RECEIVED.

    ----------------------------------------------------------------------

    Despite this, Remote Web Workplace DOES WORK now, and Connect to Server
    Desktops (and Connect to Client Desktops) are also WORKING now! Apparently,
    disabling RRAS in MMC as suggested and re-running CEICW and Remote Access
    Wizards fixed the problems.

    Thank you, thank you, thank you, Merv!



    "Greg Kirkpatrick [SBSC,MCTS-Vista,MCITP]" wrote:

    > Nom=, KB 886209 does not apply, as when I ran this command
    > netstat -aon | find ":4125"
    > I got absolutely no response.
    >
    > Then, when I tested port 4125 via SHIELDS UP (https://www.grc.com) I got
    > "Stealth" as the response (443, 444, and 3389 were OPEN).
    >
    > "Merv Porter [SBS-MVP]" wrote:
    >
    > > And maybe...
    > >
    > > Users cannot connect to remote desktops by using the Windows Small Business
    > > Server 2003 Remote Web Workplace
    > > http://support.microsoft.com/kb/886209
    > >
    > > --
    > > Merv Porter [SBS-MVP]
    > > ============================
    > >
    > > "Merv Porter [SBS-MVP]" <mwport@no_spam_hotmail.com> wrote in message
    > > news:OOPnL5TuIHA.5832@TK2MSFTNGP02.phx.gbl...
    > > > Sounds like you're getting closer Greg. :-)
    > > >
    > > > What error message are you getting when you try to access a workstation
    > > > via
    > > > RWW? In your router, are you sure you have port 4125 forwarded to your
    > > > external NIC (192.168.2.10)?
    > > >
    > > > You can take the router out of the equation by connecting a spare
    > > > workstation or laptop to a port onthe router, putting it in a workgroup,
    > > > giving it an IP address in the same range as the LAN side of the router
    > > > (192.168.2.x) and giving it a gateway of the router IP address
    > > > (192.168.2.10). Then try to RWW into the server and workstations. If you
    > > > still can't, then their is a configuration or software issue with the SBS
    > > > server.
    > > >
    > > > --
    > > > Merv Porter [SBS-MVP]
    > > > ============================
    > > >
    > > >
    > > > "Greg Kirkpatrick [SBSC,MCTS-Vista,MCITP]" <greg@no_spam_computermagic.cc>
    > > > wrote in message
    > > > news:1FDE6D63-94B1-4631-913A-49F23E1DA198@microsoft.com...
    > > >> Again, Merv, thank you for your help!
    > > >>
    > > >> I figured out the reason Exchange Best Practices Analyzer could not
    > > >> connect
    > > >> to the server -- a mistyping in the previous entry was the culprit. It's
    > > >> working fine now, with (almost) no issues, and certainly no critical
    > > >> ones.
    > > >>
    > > >> While Remote Web Workplace is working, and Remote Desktop Connection will
    > > >> connect directly with the server (port 3389 is forwarded to 192.168.2.10,
    > > >> the
    > > >> WAN Ethernet adapter of the server), I cannot Connect to Server Desktops
    > > >> or
    > > >> Connect to Client Desktops from Remote Web Workplace. I have seen this
    > > >> problem in newsgroups previously, so perhaps I can find the solution.
    > > >>
    > > >>
    > > >>
    > > >> "Greg Kirkpatrick [SBSC,MCTS-Vista,MCITP]" wrote:
    > > >>
    > > >>> Okay, while waiting, I ran the Exchange BPA anyway (after applying the
    > > >>> Exchange BPA updates), and here are its results:
    > > >>>
    > > >>> Paging file larger than Physical Memory
    > > >>> [this was not strictly correct, as the current paging file was 2048MB,
    > > >>> and
    > > >>> the Physical Memory is 3.50GB; however, the automatically-created
    > > >>> settings
    > > >>> had a custom size of 2048MB initial and 5348MB maximum, so perhaps it
    > > >>> was
    > > >>> this that triggered the error...no matter, it was a good time to reduce
    > > >>> the
    > > >>> paging file on the Windows drive to 200MB and create a static one of
    > > >>> 3500MB
    > > >>> on another drive.]
    > > >>>
    > > >>> RPC binding does not contain FQDN
    > > >>> The 'ncacn_ip_tcp' binding for server SBS2003 does not contain a
    > > >>> fully-qualified domain name.
    > > >>> [fixed]
    > > >>>
    > > >>> Database backup critical
    > > >>> Database 'Public Folder Store (SBS2003)' on server SBS2003 has never had
    > > >>> a
    > > >>> full online backup.
    > > >>> [fixed]
    > > >>>
    > > >>> Network interface driver file is more than two years old
    > > >>> [noted...there is no newer file available]
    > > >>>
    > > >>> Storage driver is more than two years old
    > > >>> [noted...there is no newer file available]
    > > >>>
    > > >>> The 'fast message retrieval' option is not enabled on IMAP4
    > > >>> [fixed]
    > > >>>
    > > >>> The Network News Transfer Protocol (NNTP) service is running on server
    > > >>> sbs2003
    > > >>> [now disabled and stopped]
    > > >>>
    > > >>> Application log size
    > > >>> As a best practice, the size of the 'Application' log on server
    > > >>> sbs2003.domain.local should be increased. The current size is 16MB. For
    > > >>> servers running Microsoft Exchange, a size of 40MB or more is
    > > >>> recommended.
    > > >>> [fixed...set to 40960KB]
    > > >>>
    > > >>> Consider setting TarpitTime
    > > >>> Recipient filtering is enabled on server sbs2003.domain.local. As a best
    > > >>> practice, consider setting the 'TarpitTime' parameter as recommended in
    > > >>> Microsoft Knowledge Base article 899492.
    > > >>> [registry entry made, and request made for Hotfix from KB article 899492
    > > >>> via
    > > >>> "Contact Us: Hotfix Request Web Submission Form"...which Microsoft seems
    > > >>> to
    > > >>> keep moving to try to hide, but is currently at:
    > > >>> https://support.microsoft.com/contac...1414&WS=hotfix ]
    > > >>>
    > > >>> Enable automatic updates for message filtering
    > > >>> Automatic update for the Intelligent Message Filter is not enabled on
    > > >>> server
    > > >>> SBS2003. To improve the effectiveness of the filter, follow the
    > > >>> instructions
    > > >>> outlined in Microsoft Knowledge Base article 907747.
    > > >>> [why must this be a download-only .DOC file? First it says you should
    > > >>> enable automatic updates for message filtering, then it says you should
    > > >>> not
    > > >>> have them automatically installed!! -- and this is only the tip of the
    > > >>> Intelligent Message Filtering options. Done.]
    > > >>>
    > > >>> Crash upload logging disabled
    > > >>> Exchange fatal error information on server sbs2003.domain.local is not
    > > >>> automatically sent to Microsoft for analysis. It is recommended that you
    > > >>> enable this feature through the Exchange System Manager.
    > > >>> [now enabled]
    > > >>>
    > > >>> Sink registration not found Small Business Server Attachment Remover
    > > >>> Transport event sink 'Small Business Server Attachment Remover' was
    > > >>> found
    > > >>> in
    > > >>> the metabase for SMTP instance '1' on server sbs2003.domain.local but
    > > >>> its
    > > >>> registration could not be found. Registration expected in
    > > >>> HKEY_CLASSES_ROOT\CLSID\.
    > > >>> [this is one I'm going to need help with...the instructions on what to
    > > >>> do
    > > >>> to
    > > >>> re-register the sink dll's are clear, but when I ran them as instructed
    > > >>> from
    > > >>> the \Program Files\Exchsrvr\Bin directory, I got errors for each one,
    > > >>> all
    > > >>> of
    > > >>> them similar to this last one:
    > > >>> ---------------------------
    > > >>> RegSvr32
    > > >>> ---------------------------
    > > >>> msgfilter.dll was loaded, but the DllInstall entry point was not found.
    > > >>>
    > > >>> This file can not be registered.
    > > >>> ---------------------------
    > > >>> OK
    > > >>> ---------------------------
    > > >>>
    > > >>> So much for Exchange Best Practices Analyzer.
    > > >>>
    > > >>> As for the Small Business Server 2003 Best Practices Analyzer, I was
    > > >>> already
    > > >>> automatically seeking and downloading updates, so I was using the latest
    > > >>> version.
    > > >>>
    > > >>> I followed the steps to ascertain the "IP Address and Domain Name
    > > >>> Restrictions" of the Default Web Site, and it was already set to Grant
    > > >>> Access
    > > >>> with nothing listed as exceptions. Knowing how these settings can
    > > >>> sometimes
    > > >>> be entered in the Registry incorrectly, I reset this to Deny Access
    > > >>> (applied
    > > >>> to all) and clicked OK and APPLY and OK, then repeated the steps to
    > > >>> change it
    > > >>> back to Grant Access.
    > > >>>
    > > >>> One thing I did notice, is that for anonymous access to the Default Web
    > > >>> Site, it is checking the password for IUSR_SBS2003, and perhaps the
    > > >>> problem
    > > >>> is there. I reset the password for this user in AD, and changed it for
    > > >>> Default Web Site and the other Virtual Directories in IIS Admin, as well
    > > >>> as
    > > >>> for each of the Web Sites under the Virtual Directories that had
    > > >>> anonymous
    > > >>> access checked.
    > > >>>
    > > >>> In the message thread you mentioned, there was a mention of an ISAPI
    > > >>> Filter
    > > >>> sbssft.dll for Default Web Site. It was not there, and I have added
    > > >>> it.
    > > >>> However, I question whether it is indeed necessary, since a working-RRW
    > > >>> SBS
    > > >>> server does not have this entry.
    > > >>>
    > > >>> Having rebooted the server, it appears I have done something wrong, as
    > > >>> the
    > > >>> Exchange Best Practices Analzyer now cannot connect to the first
    > > >>> administration group under the SERVER -- there is an orange circle with
    > > >>> a
    > > >>> white X next to it.
    > > >>>
    > > >>> However, I just tested from an external connection, and REMOTE WEB
    > > >>> WORKPLACE
    > > >>> IS NOW WORKING !!!
    > > >>>
    > > >>> Huzzah, Merv! Thank you.
    > > >>>
    > > >>> That fixes both RWW and RDC, so I think I'll stop this thread, and start
    > > >>> a
    > > >>> new one in the Exchange newsgroup.
    > > >>>
    > > >>>
    > > >>> "Merv Porter [SBS-MVP]" wrote:
    > > >>>
    > > >>> > That second link should be:
    > > >>> >
    > > >>> > Small Business Server 2003 Best Practices Analyzer Updated
    > > >>> > http://blogs.technet.com/sbs/archive...r-updated.aspx
    > > >>> >
    > > >>> >
    > > >>> > Also, let's look at IP restrictions (as in this thread):
    > > >>> > http://groups.google.com/group/micro...f2c2be383e1d30
    > > >>> >
    > > >>> >
    > > >>> > This issue can be caused by incorrect IP restriction settings. Let's
    > > >>> > try
    > > >>> > following steps to see if it works:
    > > >>> >
    > > >>> > 1. Open Server Management and expand to Internet Information Services
    > > >>> > node.
    > > >>> > 2. Open the Default Web Site's properties
    > > >>> > 3. Click the Directory Security tab.
    > > >>> > 4. Click the Edit button next to the IP Address and Domain Name
    > > >>> > Restrictions
    > > >>> > heading.
    > > >>> > 5. Click to choose Granted Access and remove all the entries.
    > > >>> > 6. Click OK.
    > > >>> >
    > > >>> > --
    > > >>> > Merv Porter [SBS-MVP]
    > > >>> > ============================
    > > >>> >
    > > >>> > "Greg Kirkpatrick [SBSC,MCTS-Vista,MCITP]"
    > > >>> > <greg@no_spam_computerm Exchange Best Practices Analzyer now cannot connect to the first
    agic.cc>
    > > >>> > wrote in message
    > > >>> > news:71331AC0-ADFC-44C4-B515-AB5FCC9FFB1A@microsoft.com...
    > > >>> > > Correct -- the working-RWW server is named "win2003", but it is an
    > > >>> > > SBS
    > > >>> > > 2003
    > > >>> > > Premium R2. The non-working-RWW server is named "sbs2003" and it is
    > > >>> > > an
    > > >>> > > SBS
    > > >>> > > 2003 Premium R1. Hopefully, that won't make any difference in RWw's
    > > >>> > > setup.
    > > >>> > >
    > > >>> > > Your second link was the same as the first, perhaps you meant this
    > > >>> > > one?
    > > >>> > > Microsoft Exchange Best Practices Analyzer Web Update Pack
    > > >>> > > http://www.microsoft.com/downloads/d...displaylang=en
    > > >>> > >
    > > >>> > > When I ran SBS 2003 Best Practices Analyzer, I got these 6 warnings:
    > > >>> > > Network driver is more than a year old [I know this, but there
    > > >>> > > doesn't
    > > >>> > > appear to be an update, either from OEM, Tyan (most recent
    > > >>> > > 2006/01/09) or
    > > >>> > > from Vendor, nVidia (most recent 2006/07). ]
    > > >>> > > EDNS is enabled [never heard of this, but I followed the steps to
    > > >>> > > disable
    > > >>> > > it]
    > > >>> > > The OWA update is not installed [it is now]
    > > >>> > > Reverse DNS zone does not allow for secure updates [so why wasn't
    > > >>> > > this set
    > > >>> > > automatically? it does now.]
    > > >>> > > Windows Backup Wizard has not yet run [I know -- I was waiting to
    > > >>> > > get
    > > >>> > > this
    > > >>> > > clean, but now's a good time, I think]
    > > >>> > > Microsoft Outlook 2003 is missing [from the ClientApps folder--I
    > > >>> > > hadn't
    > > >>> > > installed Outlook 2003 or IE6, as all the workstations are on Office
    > > >>> > > 2007
    > > >>> > > &
    > > >>> > > IE7, but to keep BPA happy, I did so]
    > > >>> > >
    > > >>> > > The Reverse DNS message was a tad vague:
    > > >>> > > You should configure Reverse Lookup Zone: 16.168.192.in-addr.arpa to
    > > >>> > > allow
    > > >>> > > only secure dynamic updates. To configure the Reverse Lookup Zone,
    > > >>> > > click
    > > >>> > > Start, point to Administrative Tools, and then click DNS.
    > > >>> > > Right-click



    The Shields Up! report is as expected because port 4125 is opened
    dynamically (i.e., only when required).

    Glad you're back in business Greg!

    --
    Merv Porter [SBS-MVP]
    ============================

    "Greg Kirkpatrick [SBSC,MCTS-Vista,MCITP]" <greg@no_spam_computermagic.cc>
    wrote in message news:DD607D72-7639-46E4-8D4C-4A32CD3FB8C6@microsoft.com...
    >I disabled RRAS as you suggested, via MMC, and I re-ran CEICW, configuring
    > Firewall and VPN, etc. I then ran Remote Access Wizard. Both completed
    > without errors.
    >
    > I then ran a SHIELDS UP probe at www.grc.com and got these results:
    >
    >
    > ----------------------------------------------------------------------
    >
    > GRC Port Authority Report created on UTC: 2008-05-19 at 22:46:36
    >
    > Results from scan of ports: 443, 444, 3389, 4125
    >
    > 3 Ports Open
    > 1 Ports Closed
    > 0 Ports Stealth
    > ---------------------
    > 4 Ports Tested
    >
    > NO PORTS were found to be STEALTH.
    >
    > The port found to be CLOSED was: 4125
    >
    > Other than what is listed above, all ports are OPEN.
    >
    > TruStealth: FAILED - NOT all tested ports were STEALTH,
    > - NO unsolicited packets were received,
    > - A PING REPLY (ICMP Echo) WAS RECEIVED.
    >
    > ----------------------------------------------------------------------
    >
    > Despite this, Remote Web Workplace DOES WORK now, and Connect to Server
    > Desktops (and Connect to Client Desktops) are also WORKING now!
    > Apparently,
    > disabling RRAS in MMC as suggested and re-running CEICW and Remote Access
    > Wizards fixed the problems.
    >
    > Thank you, thank you, thank you, Merv!
    >
    >
    >
    > "Greg Kirkpatrick [SBSC,MCTS-Vista,MCITP]" wrote:
    >
    >> Nom=, KB 886209 does not apply, as when I ran this command
    >> netstat -aon | find ":4125"
    >> I got absolutely no response.
    >>
    >> Then, when I tested port 4125 via SHIELDS UP (https://www.grc.com) I got
    >> "Stealth" as the response (443, 444, and 3389 were OPEN).
    >>
    >> "Merv Porter [SBS-MVP]" wrote:
    >>
    >> > And maybe...
    >> >
    >> > Users cannot connect to remote desktops by using the Windows Small
    >> > Business
    >> > Server 2003 Remote Web Workplace
    >> > http://support.microsoft.com/kb/886209
    >> >
    >> > --
    >> > Merv Porter [SBS-MVP]
    >> > ============================
    >> >
    >> > "Merv Porter [SBS-MVP]" <mwport@no_spam_hotmail.com> wrote in message
    >> > news:OOPnL5TuIHA.5832@TK2MSFTNGP02.phx.gbl...
    >> > > Sounds like you're getting closer Greg. :-)
    >> > >
    >> > > What error message are you getting when you try to access a
    >> > > workstation
    >> > > via
    >> > > RWW? In your router, are you sure you have port 4125 forwarded to
    >> > > your
    >> > > external NIC (192.168.2.10)?
    >> > >
    >> > > You can take the router out of the equation by connecting a spare
    >> > > workstation or laptop to a port onthe router, putting it in a
    >> > > workgroup,
    >> > > giving it an IP address in the same range as the LAN side of the
    >> > > router
    >> > > (192.168.2.x) and giving it a gateway of the router IP address
    >> > > (192.168.2.10). Then try to RWW into the server and workstations.
    >> > > If you
    >> > > still can't, then their is a configuration or software issue with the
    >> > > SBS
    >> > > server.
    >> > >
    >> > > --
    >> > > Merv Porter [SBS-MVP]
    >> > > ============================
    >> > >
    >> > >
    >> > > "Greg Kirkpatrick [SBSC,MCTS-Vista,MCITP]"
    >> > > <greg@no_spam_computermagic.cc>
    >> > > wrote in message
    >> > > news:1FDE6D63-94B1-4631-913A-49F23E1DA198@microsoft.com...
    >> > >> Again, Merv, thank you for your help!
    >> > >>
    >> > >> I figured out the reason Exchange Best Practices Analyzer could not
    >> > >> connect
    >> > >> to the server -- a mistyping in the previous entry was the culprit.
    >> > >> It's
    >> > >> working fine now, with (almost) no issues, and certainly no critical
    >> > >> ones.
    >> > >>
    >> > >> While Remote Web Workplace is working, and Remote Desktop Connection
    >> > >> will
    >> > >> connect directly with the server (port 3389 is forwarded to
    >> > >> 192.168.2.10,
    >> > >> the
    >> > >> WAN Ethernet adapter of the server), I cannot Connect to Server
    >> > >> Desktops
    >> > >> or
    >> > >> Connect to Client Desktops from Remote Web Workplace. I have seen
    >> > >> this
    >> > >> problem in newsgroups previously, so perhaps I can find the
    >> > >> solution.
    >> > >>
    >> > >>
    >> > >>
    >> > >> "Greg Kirkpatrick [SBSC,MCTS-Vista,MCITP]" wrote:
    >> > >>
    >> > >>> Okay, while waiting, I ran the Exchange BPA anyway (after applying
    >> > >>> the
    >> > >>> Exchange BPA updates), and here are its results:
    >> > >>>
    >> > >>> Paging file larger than Physical Memory
    >> > >>> [this was not strictly correct, as the current paging file was
    >> > >>> 2048MB,
    >> > >>> and
    >> > >>> the Physical Memory is 3.50GB; however, the automatically-created
    >> > >>> settings
    >> > >>> had a custom size of 2048MB initial and 5348MB maximum, so perhaps
    >> > >>> it
    >> > >>> was
    >> > >>> this that triggered the error...no matter, it was a good time to
    >> > >>> reduce
    >> > >>> the
    >> > >>> paging file on the Windows drive to 200MB and create a static one
    >> > >>> of
    >> > >>> 3500MB
    >> > >>> on another drive.]
    >> > >>>
    >> > >>> RPC binding does not contain FQDN
    >> > >>> The 'ncacn_ip_tcp' binding for server SBS2003 does not contain a
    >> > >>> fully-qualified domain name.
    >> > >>> [fixed]
    >> > >>>
    >> > >>> Database backup critical
    >> > >>> Database 'Public Folder Store (SBS2003)' on server SBS2003 has
    >> > >>> never had
    >> > >>> a
    >> > >>> full online backup.
    >> > >>> [fixed]
    >> > >>>
    >> > >>> Network interface driver file is more than two years old
    >> > >>> [noted...there is no newer file available]
    >> > >>>
    >> > >>> Storage driver is more than two years old
    >> > >>> [noted...there is no newer file available]
    >> > >>>
    >> > >>> The 'fast message retrieval' option is not enabled on IMAP4
    >> > >>> [fixed]
    >> > >>>
    >> > >>> The Network News Transfer Protocol (NNTP) service is running on
    >> > >>> server
    >> > >>> sbs2003
    >> > >>> [now disabled and stopped]
    >> > >>>
    >> > >>> Application log size
    >> > >>> As a best practice, the size of the 'Application' log on server
    >> > >>> sbs2003.domain.local should be increased. The current size is 16MB.
    >> > >>> For
    >> > >>> servers running Microsoft Exchange, a size of 40MB or more is
    >> > >>> recommended.
    >> > >>> [fixed...set to 40960KB]
    >> > >>>
    >> > >>> Consider setting TarpitTime
    >> > >>> Recipient filtering is enabled on server sbs2003.domain.local. As a
    >> > >>> best
    >> > >>> practice, consider setting the 'TarpitTime' parameter as
    >> > >>> recommended in
    >> > >>> Microsoft Knowledge Base article 899492.
    >> > >>> [registry entry made, and request made for Hotfix from KB article
    >> > >>> 899492
    >> > >>> via
    >> > >>> "Contact Us: Hotfix Request Web Submission Form"...which Microsoft
    >> > >>> seems
    >> > >>> to
    >> > >>> keep moving to try to hide, but is currently at:
    >> > >>> https://support.microsoft.com/contac...1414&WS=hotfix ]
    >> > >>>
    >> > >>> Enable automatic updates for message filtering
    >> > >>> Automatic update for the Intelligent Message Filter is not enabled
    >> > >>> on
    >> > >>> server
    >> > >>> SBS2003. To improve the effectiveness of the filter, follow the
    >> > >>> instructions
    >> > >>> outlined in Microsoft Knowledge Base article 907747.
    >> > >>> [why must this be a download-only .DOC file? First it says you
    >> > >>> should
    >> > >>> enable automatic updates for message filtering, then it says you
    >> > >>> should
    >> > >>> not
    >> > >>> have them automatically installed!! -- and this is only the tip of
    >> > >>> the
    >> > >>> Intelligent Message Filtering options. Done.]
    >> > >>>
    >> > >>> Crash upload logging disabled
    >> > >>> Exchange fatal error information on server sbs2003.domain.local is
    >> > >>> not
    >> > >>> automatically sent to Microsoft for analysis. It is recommended
    >> > >>> that you
    >> > >>> enable this feature through the Exchange System Manager.
    >> > >>> [now enabled]
    >> > >>>
    >> > >>> Sink registration not found Small Business Server Attachment
    >> > >>> Remover
    >> > >>> Transport event sink 'Small Business Server Attachment Remover' was
    >> > >>> found
    >> > >>> in
    >> > >>> the metabase for SMTP instance '1' on server sbs2003.domain.local
    >> > >>> but
    >> > >>> its
    >> > >>> registration could not be found. Registration expected in
    >> > >>> HKEY_CLASSES_ROOT\CLSID\.
    >> > >>> [this is one I'm going to need help with...the instructions on what
    >> > >>> to
    >> > >>> do
    >> > >>> to
    >> > >>> re-register the sink dll's are clear, but when I ran them as
    >> > >>> instructed
    >> > >>> from
    >> > >>> the \Program Files\Exchsrvr\Bin directory, I got errors for each
    >> > >>> one,
    >> > >>> all
    >> > >>> of
    >> > >>> them similar to this last one:
    >> > >>> ---------------------------
    >> > >>> RegSvr32
    >> > >>> ---------------------------
    >> > >>> msgfilter.dll was loaded, but the DllInstall entry point was not
    >> > >>> found.
    >> > >>>
    >> > >>> This file can not be registered.
    >> > >>> ---------------------------
    >> > >>> OK
    >> > >>> ---------------------------
    >> > >>>
    >> > >>> So much for Exchange Best Practices Analyzer.
    >> > >>>
    >> > >>> As for the Small Business Server 2003 Best Practices Analyzer, I
    >> > >>> was
    >> > >>> already
    >> > >>> automatically seeking and downloading updates, so I was using the
    >> > >>> latest
    >> > >>> version.
    >> > >>>
    >> > >>> I followed the steps to ascertain the "IP Address and Domain Name
    >> > >>> Restrictions" of the Default Web Site, and it was already set to
    >> > >>> Grant
    >> > >>> Access
    >> > >>> with nothing listed as exceptions. Knowing how these settings can
    >> > >>> sometimes
    >> > >>> be entered in the Registry incorrectly, I reset this to Deny Access
    >> > >>> (applied
    >> > >>> to all) and clicked OK and APPLY and OK, then repeated the steps to
    >> > >>> change it
    >> > >>> back to Grant Access.
    >> > >>>
    >> > >>> One thing I did notice, is that for anonymous access to the Default
    >> > >>> Web
    >> > >>> Site, it is checking the password for IUSR_SBS2003, and perhaps the
    >> > >>> problem
    >> > >>> is there. I reset the password for this user in AD, and changed it
    >> > >>> for
    >> > >>> Default Web Site and the other Virtual Directories in IIS Admin, as
    >> > >>> well
    >> > >>> as
    >> > >>> for each of the Web Sites under the Virtual Directories that had
    >> > >>> anonymous
    >> > >>> access checked.
    >> > >>>
    >> > >>> In the message thread you mentioned, there was a mention of an
    >> > >>> ISAPI
    >> > >>> Filter
    >> > >>> sbssft.dll for Default Web Site. It was not there, and I have
    >> > >>> added
    >> > >>> it.
    >> > >>> However, I question whether it is indeed necessary, since a
    >> > >>> working-RRW
    >> > >>> SBS
    >> > >>> server does not have this entry.
    >> > >>>
    >> > >>> Having rebooted the server, it appears I have done something wrong,
    >> > >>> as
    >> > >>> the
    >> > >>> Exchange Best Practices Analzyer now cannot connect to the first
    >> > >>> administration group under the SERVER -- there is an orange circle
    >> > >>> with
    >> > >>> a
    >> > >>> white X next to it.
    >> > >>>
    >> > >>> However, I just tested from an external connection, and REMOTE WEB
    >> > >>> WORKPLACE
    >> > >>> IS NOW WORKING !!!
    >> > >>>
    >> > >>> Huzzah, Merv! Thank you.
    >> > >>>
    >> > >>> That fixes both RWW and RDC, so I think I'll stop this thread, and
    >> > >>> start
    >> > >>> a
    >> > >>> new one in the Exchange newsgroup.
    >> > >>>
    >> > >>>
    >> > >>> "Merv Porter [SBS-MVP]" wrote:
    >> > >>>
    >> > >>> > That second link should be:
    >> > >>> >
    >> > >>> > Small Business Server 2003 Best Practices Analyzer Updated
    >> > >>> > http://blogs.technet.com/sbs/archive...r-updated.aspx
    >> > >>> >
    >> > >>> >
    >> > >>> > Also, let's look at IP restrictions (as in this thread):
    >> > >>> > http://groups.google.com/group/micro...f2c2be383e1d30
    >> > >>> >
    >> > >>> >
    >> > >>> > This issue can be caused by incorrect IP restriction settings.
    >> > >>> > Let's
    >> > >>> > try
    >> > >>> > following steps to see if it works:
    >> > >>> >
    >> > >>> > 1. Open Server Management and expand to Internet Information
    >> > >>> > Services
    >> > >>> > node.
    >> > >>> > 2. Open the Default Web Site's properties
    >> > >>> > 3. Click the Directory Security tab.
    >> > >>> > 4. Click the Edit button next to the IP Address and Domain Name
    >> > >>> > Restrictions
    >> > >>> > heading.
    >> > >>> > 5. Click to choose Granted Access and remove all the entries.
    >> > >>> > 6. Click OK.
    >> > >>> >
    >> > >>> > --
    >> > >>> > Merv Porter [SBS-MVP]
    >> > >>> > ============================
    >> > >>> >
    >> > >>> > "Greg Kirkpatrick [SBSC,MCTS-Vista,MCITP]"
    >> > >>> > <greg@no_spam_computermagic.cc>
    >> > >>> > wrote in message
    >> > >>> > news:71331AC0-ADFC-44C4-B515-AB5FCC9FFB1A@microsoft.com...
    >> > >>> > > Correct -- the working-RWW server is named "win2003", but it is
    >> > >>> > > an
    >> > >>> > > SBS
    >> > >>> > > 2003
    >> > >>> > > Premium R2. The non-working-RWW server is named "sbs2003" and
    >> > >>> > > it is
    >> > >>> > > an
    >> > >>> > > SBS
    >> > >>> > > 2003 Premium R1. Hopefully, that won't make any difference in
    >> > >>> > > RWw's
    >> > >>> > > setup.
    >> > >>> > >
    >> > >>> > > Your second link was the same as the first, perhaps you meant
    >> > >>> > > this
    >> > >>> > > one?
    >> > >>> > > Microsoft Exchange Best Practices Analyzer Web Update Pack
    >> > >>> > > http://www.microsoft.com/downloads/d...displaylang=en
    >> > >>> > >
    >> > >>> > > When I ran SBS 2003 Best Practices Analyzer, I got these 6
    >> > >>> > > warnings:
    >> > >>> > > Network driver is more than a year old [I know this, but there
    >> > >>> > > doesn't
    >> > >>> > > appear to be an update, either from OEM, Tyan (most recent
    >> > >>> > > 2006/01/09) or
    >> > >>> > > from Vendor, nVidia (most recent 2006/07). ]
    >> > >>> > > EDNS is enabled [never heard of this, but I followed the steps
    >> > >>> > > to
    >> > >>> > > disable
    >> > >>> > > it]
    >> > >>> > > The OWA update is not installed [it is now]
    >> > >>> > > Reverse DNS zone does not allow for secure updates [so why
    >> > >>> > > wasn't
    >> > >>> > > this set
    >> > >>> > > automatically? it does now.]
    >> > >>> > > Windows Backup Wizard has not yet run [I know -- I was waiting
    >> > >>> > > to
    >> > >>> > > get
    >> > >>> > > this
    >> > >>> > > clean, but now's a good time, I think]
    >> > >>> > > Microsoft Outlook 2003 is missing [from the ClientApps
    >> > >>> > > folder--I
    >> > >>> > > hadn't
    >> > >>> > > installed Outlook 2003 or IE6, as all the workstations are on
    >> > >>> > > Office
    >> > >>> > > 2007
    >> > >>> > > &
    >> > >>> > > IE7, but to keep BPA happy, I did so]
    >> > >>> > >
    >> > >>> > > The Reverse DNS message was a tad vague:
    >> > >>> > > You should configure Reverse Lookup Zone:
    >> > >>> > > 16.168.192.in-addr.arpa to
    >> > >>> > > allow
    >> > >>> > > only secure dynamic updates. To configure the Reverse Lookup
    >> > >>> > > Zone,
    >> > >>> > > click
    >> > >>> > > Start, point to Administrative Tools, and then click DNS.
    >> > >>> > > Right-click

Similar Threads

  1. How to set up Remote Desktop Services in Workplace
    By Nicoli in forum Networking & Security
    Replies: 6
    Last Post: 19-01-2011, 06:54 PM
  2. Cannot Remote Desktop to servers Even if in Remote Desktop Users Group
    By Scott Townsend in forum Windows Server Help
    Replies: 5
    Last Post: 20-04-2010, 12:35 AM
  3. remote web workplace rww stops working connect to remote computer
    By Dharuna in forum Small Business Server
    Replies: 3
    Last Post: 24-09-2008, 03:49 PM
  4. MAC and Remote Web Workplace and Remote Desktop Connection
    By Tirana in forum Small Business Server
    Replies: 2
    Last Post: 03-01-2008, 10:23 AM
  5. Replies: 2
    Last Post: 11-12-2007, 02:56 PM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Page generated in 1,638,646,979.63748 seconds with 17 queries