Re: W2K3 & VPN blocking access to server
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 17 May 2006 21:52:16 -0500
I am not familiar in what the wizard does but I would open the Remote Access
Management Console and see if it shows that the server is active. If it is
you can right click and select disable routing and remote access. I don't
think installing Terminal Services would cause an access problem if that is
all that was done. Running netstat -anp tcp should show that ports 139 TCP
and 445 TCP are listening [or connected] if file and print sharing is
enabled and running and a user on a computer with proper network
connectivity to the computer could verify that with telnet. For instance
from your computer if you entered the command telent xxx.xxx.xxx.xxx 445
where xxx.xxx.xxx.xxx is the actual IP address of the destination computer
you should get a blank command prompt screen with a blinking cursor if the
port is open to your computer. Try telnet localhost 445 on your computer
[assuming fps is enabled] to see how it works. You can also use the free
Microsoft tool portqry to do a command line port scan of a remote computer
to see what ports are open on it to the source computer. It sounds as if
file and print sharing became disabled [or the server service is stopped] or
access to those ports is blocked somehow - Windows Firewall, ipsec policy,
rras filtering, tcp/ip filtering [which does not stop ping], etc. Question
the customer further to see if he can remember doing ANY other configuration
change on the server. --- Steve
http://support.microsoft.com/default.aspx?kbid=832919 --- portqry info
"riley" <rileypetty@xxxxxxx> wrote in message
news:%23k2VIGieGHA.3364@xxxxxxxxxxxxxxxxxxxxxxx
Thank you very much Steven for the quick response. I don't have access to
the customer's location right now but I'm trying to get my homework done
before tomorrow morning. This customer is not familiar with many of the
issues you discussed below. He was trying to help me out this morning by
giving me remote access through a MS VPN to his SQL/Exchange server. I was
busy with another customer and couldn't get back to him to stop everything
(not that I've been much help the rest of the day). He used the "Configure
Your Server Wizard" in Win2003. I'm certain he didn't do anything but
launch
the wizard and follow the clicks. According to him when it didn't work he
just reversed the process and uninstalled the VPN. When he called this
afternoon saying Outlook would not connect to the Exchange Server 2003 I
went over thinking it was an Exchange problem. After looking around in the
network I realized you could not see the server in question from anywhere
on
the network and from the sever you could not see any other machines. I can
ping the machine. I can get into AD and look at the properties of the
machine. Just cannot connect to it. We can get to Exchange via OWA and I
assume that's because OWA is web based on the local machine. I'll have to
wait until tomorrow morning to get into RRAS. When you run the wizard to
install a VPN does it open/turn on RRAS? He had installed Terminal
Services
on that same machine this past Friday. Does that have anything to do with
this problem/VPN? I don't think he configured anything in the VPN area
except to take the defaults. Anyway, I hope this additional information
helps a little more. Thanks again for the help.
Riley
"Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:eZBdr6heGHA.1264@xxxxxxxxxxxxxxxxxxxxxxx
Did they disable RRAS? You can check by going into the Remote Accessit
Management Console. If the server still shows a green up arrow then it is
enabled and probably what has happened is that configuring VPN enabled
input/output filters on the network adapter and I believe disabling
Remote
Access will remove them or you could do it manually [see first link
below]
if you need to leave Remote Access enabled for some reason. Also check
the
Windows Firewall to see if it is enabled and if it is and should be that
has the proper exemptions. Another thing to look at is to see if someonecan
configured an ipsec policy on the server that is restricting what ports
be used. You can go into Local Security Policy to see if an ipsec policyis
assigned and also examine the properties of the ipsec policy such as theServer
filter lists to see how traffic is restricted. --- Steve
http://support.microsoft.com/default.aspx?scid=kb;en-us;324262
"riley" <rileypetty@xxxxxxx> wrote in message
news:eqzNkeheGHA.764@xxxxxxxxxxxxxxxxxxxxxxx
Hello,
We have a customer that is running Exchange 2003 (std) on a Windows
server2003 (std) SP1 and they mistakenly ran the server configuration wizard
this
morning to turn on VPN when all they needed was Terminal Services.
After
they removed the VPN they could no longer connect to the server with
Outlook
or see other machines in the domain from the server. Also, no other
machines
could see the server in question. The server could still log on to the
domain as usual and you could get email via OWA from any client in the
domain but not with a direct Outlook connection. I cannot figure out
how
to
solve the problem. I'm certain a switch got turned on with the VPN
installation but I don't know which one. Also, there is SQL on the
that we can't get to it either. Can someone help with this problem?
Riley
.
- References:
- W2K3 & VPN blocking access to server
- From: riley
- Re: W2K3 & VPN blocking access to server
- From: Steven L Umbach
- Re: W2K3 & VPN blocking access to server
- From: riley
- W2K3 & VPN blocking access to server
- Prev by Date: Re: W2K3 & VPN blocking access to server
- Next by Date: Cannot authenticate after MSCEP re-install
- Previous by thread: Re: W2K3 & VPN blocking access to server
- Next by thread: Cannot authenticate after MSCEP re-install
- Index(es):
Relevant Pages
|
Loading
