sbs2011 essentials connect client computers to the network broken
-
Tuesday, January 15, 2013 9:24 AM
Trying to connect additional client computers to the network using http://connect is now broken. This may be a related problem to broken remote web access.
"Our SBS essentials was working OK for remote access until recently, after someone made some (unknown) changes to the server. As far as I can tell the router is setup correctly with the correct port forwarding, we have the correct “remote” “A” record. We didn’t buy an SSL certificate (when we were able to access remotely we got the “unknown website” message) I worked through the remote setup wizard but get stuck at the point required for an SSL certificate. I have looked at the settings in IIS 7, but don’t really know what to look for. Something may have got broken, but I don’t know what. If I don’t have any SSL cert would I still be able to get remote access (all be it with browser warning)"
All Replies
-
Tuesday, January 15, 2013 9:04 AM
Hi I’m trying to make remote web access working again – I’m inexperienced in this area. Our SBS essentials was working OK for remote access until recently, after someone made some (unknown) changes to the server. As far as I can tell the router is setup correctly with the correct port forwarding, we have the correct “remote” “A” record. We didn’t buy an SSL certificate (when we were able to access remotely we got the “unknown website” message) I worked through the remote setup wizard but get stuck at the point required for an SSL certificate. I have looked at the settings in IIS 7, but don’t really know what to look for. Something may have got broken, but I don’t know what. If I don’t have any SSL cert would I still be able to get remote access (all be it with browser warning)
- Merged by RobertPearmanMVP, Moderator Wednesday, January 23, 2013 1:25 PM same issue
-
Wednesday, January 16, 2013 11:08 AMModerator
What happens when you browse the website on the server?
Can you get to the connect site?
Can you get to the RWA site?
Robert Pearman SBS MVP | www.titlerequired.com | www.itauthority.co.uk
-
Wednesday, January 16, 2013 1:18 PMModeratorId imagine this is related, but just so we know - what is the error when you go http://connect
Robert Pearman SBS MVP | www.titlerequired.com | www.itauthority.co.uk
-
Thursday, January 17, 2013 10:34 AMModerator
Hi,
Would you please provide more detailed information about the current issue? As RobertPearman mentioned, what is the error when you type http://connect ? Please let us know the detailed error.
Best Regards,
Andy Qi
Andy Qi
TechNet Community Support
-
Monday, January 21, 2013 1:25 PM
I get "Internet Explorer cannot display the webpage"
Also using https://localhost/ gives "Internet Explorer cannot display the webpage"
-
Monday, January 21, 2013 1:39 PM
If I https://localhost on the server I get to the site.
If I enter https://server-name on any pc in the office I connect OK to the site
Thanks for helping
-
Wednesday, January 23, 2013 10:07 AM
Hi
I imagine you guys are busy but can you please help in this matter
Best Regards
Tom
-
Wednesday, January 23, 2013 10:08 AM
Hi
I imagine you guys are busy but can you please help in this matter
Best Regards
Tom
-
Wednesday, January 23, 2013 12:46 PMModerator
is that only via https - what about http
also what if you try the other port numbers, 65510 etc.
Can you check that the AppPools are running?
Any errors in the event logs?
Robert Pearman SBS MVP | www.titlerequired.com | www.itauthority.co.uk
-
Wednesday, January 23, 2013 5:41 PM
I'll try what you suggest, in the meantime I notice that if I use IE on a win7 PC in the building and browse the network, under "Computer (xx)" I see the computers and the server, and under "Other Devices (1)" I see just the server - if I click on the serevr I open a web page and get the "Connect your computer to the server" as I would if I typed http://connect
The address is http://[fe80::d94b:1b4e:d8d6:671f]:65510/Connect/?
And https://localhost/ is the same resutl as http://localhost/
-
Tuesday, January 29, 2013 5:44 PM
is that only via https - what about http
- the same
also what if you try the other port numbers, 65510 etc- the same
Can you check that the AppPools are running?
Yes there are several (11) running
Any errors in the event logs?- Session "WbadminUIInBuiltTracing" failed to start with the following error: 0xC0000035
-
Wednesday, January 30, 2013 10:20 AMModeratorIs that the only error?
Robert Pearman SBS MVP | www.titlerequired.com | www.itauthority.co.uk
-
Wednesday, January 30, 2013 6:24 PM
OK - I turned off all connected pcs on the network and rebooted the server, here are the errors I think are applicable
Log Name: Application
Source: Microsoft-Windows-CertificationAuthority
Date: 30/01/2013 18:01:34
Event ID: 91
Task Category: None
Level: Error
Keywords: Classic
User: SYSTEM
Computer: HiTech-Server.HITECH.local
Description:
Could not connect to the Active Directory. Active Directory Certificate Services will retry when processing requires Active Directory access.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-CertificationAuthority" Guid="{6A71D062-9AFE-4F35-AD08-52134F85DFB9}" EventSourceName="CertSvc" />
<EventID Qualifiers="49754">91</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-01-30T18:01:34.000000000Z" />
<EventRecordID>70752</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>HiTech-Server.HITECH.local</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="MSG_E_DS_RETRY">
</EventData>
</Event>
Log Name: Directory Service
Source: Microsoft-Windows-ActiveDirectory_DomainService
Date: 30/01/2013 18:00:42
Event ID: 2886
Task Category: LDAP Interface
Level: Warning
Keywords: Classic
User: ANONYMOUS LOGON
Computer: HiTech-Server.HITECH.local
Description:
The security of this directory server can be significantly enhanced by configuring the server to reject SASL (Negotiate, Kerberos, NTLM, or Digest) LDAP binds that do not request signing (integrity verification) and LDAP simple binds that are performed on a cleartext (non-SSL/TLS-encrypted) connection. Even if no clients are using such binds, configuring the server to reject them will improve the security of this server.
Some clients may currently be relying on unsigned SASL binds or LDAP simple binds over a non-SSL/TLS connection, and will stop working if this configuration change is made. To assist in identifying these clients, if such binds occur this directory server will log a summary event once every 24 hours indicating how many such binds occurred. You are encouraged to configure those clients to not use such binds. Once no such events are observed for an extended period, it is recommended that you configure the server to reject such binds.
For more details and information on how to make this configuration change to the server, please see http://go.microsoft.com/fwlink/?LinkID=87923.
You can enable additional logging to log an event each time a client makes such a bind, including information on which client made the bind. To do so, please raise the setting for the "LDAP Interface Events" event logging category to level 2 or higher.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-ActiveDirectory_DomainService" Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}" EventSourceName="NTDS General" />
<EventID Qualifiers="32768">2886</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>16</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2013-01-30T18:00:42.243691900Z" />
<EventRecordID>1817</EventRecordID>
<Correlation />
<Execution ProcessID="508" ThreadID="656" />
<Channel>Directory Service</Channel>
<Computer>HiTech-Server.HITECH.local</Computer>
<Security UserID="S-1-5-7" />
</System>
<EventData>
</EventData>
</Event>
.png)
