Topic: accessing a 2003 small business server behind sme

[sal1504]

I am  stuck with a remote access problem, I hope someone can help. Here is the situation. I need to be able to access a Windows 2003 SBS server for remote management. The 2003sbs is behind a SME server which is configured as a Server/Gateway. The SME Server is attached to an Adtran Router that is fully open.

         Windows XP workstation ---------  Internet ----------- Adtran Router ------ SMEServer ----------------  Windows 2003 SBS
                     
I connect to the SMEServer using the Standard SME VPN procedures. Once the VPN connection is established I can use Remote Desktop to access the workstations. I can also use RealVNC to access all of the workstations, but neither work on the Windows Server. I get the following error "the client could not connect to the remote computer." I feel that this is an error in the Windows Server but I am not sure. I can ping the Windows server without any problem. Shouldn't I be able to access the Windows Server with either of these programs or is there something the needs to be opened up in SME to allow this remote access? If it was up to me I would only be using SME Server but there is software involved that has to run on MSSQL so I have to use the MS 2003 SBS.

Any help would be greatly appreciated!

Sal

[David Harper]

Is ISA Server running on the SBS? If so, check this KB article.

[sal1504]

davidiwharper

thanks for the quick reply, I am pretty sure that it is turned off but i will double check it tomorrow.

Sal

[dmac]

Have you enabled remote access on the Server?
under "control Panel" - "System" - Remote tab.  You can select the allow users to access.  By default, it only allows Admins.  Then just RDP to the system, you can do a quick test to see if it is enabled using telnet (telnet <ipaddr> 3389).

HTH

[axessit]

It would be helpful to know whether you can actually access the SBS box from the local SME LAN. Does the SBS machine only have one network card ?

I connect to my SBS machines behind SME firewalls by the method you mention with no trouble, so I am picking it's a SBS setup issue.

[sal1504]

thank you all for the reply. I check ISA and it is turned off. I can telnet to port 3389. Remote control is turned on with the users that need access to the server. The sbs machine has only one network card. I can not access the SBS server at all either as administrator or user remotely, internally i have no problem.

Sal

[pfloor]

Have you checked for DHCP and/or IP address conflicts?  Please tell us more about your IP and DHCP settings on both the SME and SBS servers:

1-Which server provides DHCP to the local network?
2-What is your DHCP range?
3-What is the external IP of the SME server?
4-What is the internal IP of the SME server?
5-What is the IP of the SBS server?

Another consideration is that with your setup, you are NATing twice.  I have had problems with that scenario.  Have you tried to put the Adtran router in bridge mode to give SME your public IP address?

Also, another way to access multiple machines is directly with RDP and port forwarding (VPN is just to slow for me).  You may want to try this as a test to see if it is a VPN problem:

In the SME server-manager, create some port forwards (I always use arbitrary high port numbers, 3389 is constantly bombarded):

- Forward external port 45670 to internal port 3389 on SBS server
- Forward external port 45671 to internal port 3389 on workstation1
- Forward external port 45672 to internal port 3389 on workstation2
etc...

Then reconfigure your RDP connection(s) to match the assigned external port number like this:

Computer:   xxx.xxx.xxx.xxx:45670 <This will connect to SBS server.
Computer:   xxx.xxx.xxx.xxx:45671 <This will connect to workstation1, etc.

I have an internet facing Windows server with only one port open (https) and I access it with RDP but NOT directly to the Widows server.  I come in through an SME server as described above (through a different external IP address)  and connect via the local lan side of the windows server so I know the port forward method works.

[mmccarn]

The last single-NIC SBS server I setup (last spring) would not allow any remote connections to any of the local services by default.

I had to find a wizard or edit group policies to allow connections from anywhere outside the local network...

[sal1504]

mmccarn

That is the same conclusion I came to, but i did find a program called TERMISERV-xpsp2-sp3-enu.exe on the internet that takes a XP machine and makes it a terminal server. From the little I have played with it, it takes a standard xp-pro machine and allows unlimited simultaneous RDP connections to the workstation as long as you have fast access mode turned on. It is a free virus free download and appears to work well. I currently have seven rdp connections to it through a vpn. Each user has there own desktop, can all print remotely and access all the software that is needed. This isn't the answer I wanted but seems to work well. The downside seems to be speed. With xp only using 3gb of ram if i have all 7 connections running large programs they seem to slow down, but not enough to not use it.

Sal

[MSmith]

logmein.com

Job done!