Cliff
Mon Jun 30 08:49:16 PDT 2008
Solony:
After rereading this thread and noticing your comment about the client
machines having static IP addresses, it all clicked.
Your current setup apparently has your SBS server and all of the clients
directly attached to the internet. And you have enough IP addresses
for....oh....doing the subnet math in my head....14 clients...give or take.
Maybe this setup is intentional and the client machines are subordinate
servers. So I won't assume your setup is 'wrong.' You should, however,
make sure you have a good firewall between your server and the net though,
as you are essentially hanging your domain controller out there for other
machines to see (not a recommended configuration by any means.) If you
*don't* need each machine to have its own public IP address, you should look
at reconfiguring your network. SBS plays much better when configured behind
a NAT router AND a firewall so it can run DHCP, can properly host DNS
without worrying about the public abusing a recursive resolver out there,
etc.
As far as your problem browsing to the machine, you cannot use
http://servername *anything* with your configuration.
Your client machines DNS need to point to the SBS server, not the public DNS
servers that are listed. I'll be honestl, I'm a bit surprised you aren't
having *more* problems with active directory with that configuration. You
mentioned you could see other client computers, which means you are running
file and print sharing across a public IP space...
yeah...every time I read my message, I think of more things that *point* to
this being a significant network design issue. Again, maybe this is
intentional...but if you have that many servers I'd *STILL* recommend
pulling SBS off a public IP altogether. Let the other servers handle the
front-facing activities.
And if none of this makes sense, sorry. I tried to re-edit and
refactor...but there is just so much to cover that I wanted to convey...in
no uncertain terms...how odd (and potentially dangerous) this current setup
is. Getting clients to join the domain should probably be the least of your
concerns at the moment.
-Cliff
"SOLONY" <SOLONY@discussions.microsoft.com> wrote in message
news:A75F90E3-441B-462B-A6EE-5FEDC5DF704B@microsoft.com...
> Thanks for your reply.
>
> I am going to expedite the instructions to day and will get back to you.
> I
> hope I am not being redundant but the network is subnetted to
> 255-255-255-240
> so I will adjust the requirements accoerdingly.
>
> Additionally, only one NIC is deployed on the server (with the same
> network
> settings on all machines) so if I need to know something else please let
> me
> know. The settings are:
>
> 67.91.25.162
> 255.255.255.240
> gateway 67.91.25.161 (I can not access) I get paage cannot be displayed
> DNS (can not identify any of these)
> 65.106.1.196
> 65.106.7.196
> 198.6.1.3
> 64.151.103.120
>
> Thank sin advance and I will be in touch.
>
> "Terence Liu [MSFT]" wrote:
>
>> Hello Customer,
>>
>> Thank you for posting here. I'm sorry for the delay response due to the
>> weekend.
>>
>> Let's also thank Cliff for the input.
>>
>> According to your description, I understand that you unable to access the
>> connectcomputer web site from 2 clients and get "page cannot be
>> displayed"
>> error. If I have misunderstood the problem, please don't hesitate to let
>> me
>> know.
>>
>> Based on my research, I suggest we try the following steps to see if we
>> can
>> resolve this issue:
>>
>> 1. On the SBS server, open IE and browse to
>>
http://sbsservername/connectcomputer or
http://localhost/connectcomputer,
>> does this bring up the ConnectComputer site? On the good clients, can you
>> access the
http://sbsservername/connectcomputer?
>>
>> 2. Please refer to the following information to examine the DNS settings
>> and network properties on the SBS server:
>>
>> a. Leave the Default Gateway of the internal NIC blank.
>> b. Configure both the internal NIC and the external NIC to use the
>> internal DNS Service as the DNS Server.
>> c. On the DNS Server, create the DNS Forwarder to forward the external
>> DNS resolution requests to the ISP's DNS server. See:
>>
>> 323380 How to configure DNS for Internet access in Windows Server 2003
>>
http://support.microsoft.com/?id=323380
>>
>> d. Strictly followed the instructions in the KB article below to run
>> CEICW:
>>
>> 825763 How to configure Internet access in Windows Small Business Server
>> 2003
>>
http://support.microsoft.com/?id=825763
>>
>> 3. Then follow the steps below to see if the network binding order is
>> configured correctly:
>>
>> A. Right-click My Network Places, and then click Properties.
>> B. On the Advanced menu, click Advanced Settings.
>> C. Under Connections, use the up and down arrow buttons to put the
>> connections in the following order:
>> - Local Area Connection for the internal adapter
>> - Local Area Connection for the external adapter
>> - Remote Access Connections
>>
>> 4. Click Start, click Run, type "inetmgr" and click OK. Expand Web
>> Sites\Default Web Site, look for a virtual directory named
>> ConnectComputer
>> to see if it exists.
>>
>> If you look at the C:\Inetpub, do you have a folder called
>> ConnectComputer?
>>
>> If the virtual directory doesn't exist but you have the ConnectComputer
>> folder, then create a virtual directory called ConnectComputer under the
>> Default Web Site. Make sure you enable anonymous access to the virtual
>> directory, and the "Integrated Windows authentication" option is cleared.
>> The path of this vdir is C:\Inetpub\ConnectComputer.
>>
>> If the virtual directory exists, make sure it is pointing to the
>> ConnectComputer folder.
>>
>> Test the issue again.
>>
>> 5. Reinstall ConnectComputer and see if it helps:
>>
>> A. Go to IIS and expand servername -> Web Sites -> Default Web Site.
>> Delete
>> the ConnectComputer vdir.
>> B. Rename the C:\Inetpub\ConnectComputer folder.
>> C. Create new folder named ConnectComputer under C:\Inetpub.
>> D. Copy all the files from the SBS2K3 media
>> cd3:\SBS\ClientSetup\ClientSetup to the C:\Inetpub\ConnectComputer
>> directory. Make sure to remove the "Read-only" attributes from the files.
>> E. Right-click on Default Web Site in IIS, choose New -> Virtual
>> Directory.
>> F. In the Alias field, type in ConnectComputer and click Next.
>> G. In the path box, browse to C:\Inetpub\ConnectComputer.
>> H. Click Next through the wizard, the default permissions are the default
>> for ConnectComputer.
>> I. Once it is completed, right-click on ConnectComptuer and select
>> Properties.
>> J. Click Remove for the "Application name" under the "Application
>> settings"
>> at the bottom of the Virtual Directory tab.
>> K. Click on the Directory Security tab, click Edit for "Authentication
>> and
>> access control".
>> L. Uncheck "Integrated Windows authentication", click OK.
>> M. Click on the Edit button on the "IP address and domain name
>> restrictions".
>> N. Put the bullet next to "Denied access" and then click Add.
>> O. Add 127.0.0.1 and the internal subnet (192.168.16.2/255.255.255.0 is
>> the
>> default). Click OK.
>> P. Click OK out of the ConnectComputer properties.
>>
>> If we cannot resolve the issue after we perform the steps above, please
>> help me collect some information for further investigation:
>>
>> 1. Please capture screenshots of the error page and send the pictures to
>> me
>> at v-terliu@microsoft.com
>>
>> 2. Gather MPS network report on SBS:
>>
>> a. Download MPSrepot_network from
>>
http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0bd9
>> 15706/MPSRPT_NETWORK.EXE
>>
>> b. Run MPSRPT_NETWORK.exe.
>>
>> c. The tool will automatically collect the information. This procedure
>> will
>> take 10~15 minutes.
>>
>> d. Open Windows Explorer, navigate to the folder:
>> %SystemRoot%\MPSReports\Network\Reports\Cab\
>>
>> e. Send the .cab file directly to me at v-terliu@microsoft.com
>>
>> 3. Run command "ipconfig /all > c:\ipconfig_client.txt" and "route print
>> >
>> c:\route_client.txt" on problematic client, send the files
>> c:\ipconfig_client.txt and c:\route_client.txt to me at
>> v-terliu@microsoft.com
>>
>> 4. Gather IIS log:
>>
>> a. Open IIS snap-in.
>>
>> b. Right click Default Web Site and click Properties.
>>
>> c. Uncheck the "Enable Logging" box and click Apply.
>>
>> d. Go to C:\WINDOWS\system32\LogFiles\W3SVC1 folder and move all files to
>> a
>> backup location.
>>
>> e. Check "Enable Logging" box and click OK.
>>
>> f. Run IISReset command.
>>
>> g. Reproduce the problem and send the log file in
>> C:\WINDOWS\system32\LogFiles\W3SVC1 folder to me for research.
>>
>> 5. Gather IIS Metabase:
>>
>> 1) Download the IIS Resource Kit tools from the following page:
>>
http://www.microsoft.com/downloads/details.aspx?FamilyId=56FC92EE-A71A-4C73-
>> B628-ADE629C89499&displaylang=en
>>
>> 2) Install it, run MBExplorer (Metabase Explorer)
>>
>> 3) Right click the "LM" node and choose "Export to file".
>>
>> 4) Specify a file name, specify the password and finish the export.
>>
>> 5) Send the file and the password to v-terliu@microsoft.com
>>
>> I hope these steps will give you some help.
>>
>> Thanks and have a nice day!
>>
>> Best regards,
>>
>> Terence Liu (MSFT)
>>
>> Microsoft CSS Online Newsgroup Support
>>
>> Get Secure! - www.microsoft.com/security
>>
>> =====================================================
>> This newsgroup only focuses on SBS technical issues. If you have issues
>> regarding other Microsoft products, you'd better post in the
>> corresponding
>> newsgroups so that they can be resolved in an efficient and timely
>> manner.
>> You can locate the newsgroup here:
>>
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>>
>> When opening a new thread via the web interface, we recommend you check
>> the
>> "Notify me of replies" box to receive e-mail notifications when there are
>> any updates in your thread. When responding to posts via your newsreader,
>> please "Reply to Group" so that others may learn and benefit from your
>> issue.
>>
>> Microsoft engineers can only focus on one issue per thread. Although we
>> provide other information for your reference, we recommend you post
>> different incidents in different threads to keep the thread clean. In
>> doing
>> so, it will ensure your issues are resolved in a timely manner.
>>
>> For urgent issues, you may want to contact Microsoft CSS directly. Please
>> check
http://support.microsoft.com for regional support phone numbers.
>>
>> Any input or comments in this thread are highly appreciated.
>> =====================================================
>>
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>> --------------------
>> >Thread-Topic: Cannot connect client to server 2003
>> >thread-index: AcjZ557tNhq8UrTxQousBgA1Pd6Vlw==
>> >X-WBNR-Posting-Host: 207.46.19.168
>> >From: =?Utf-8?B?U09MT05Z?= <SOLONY@discussions.microsoft.com>
>> >References: <CF3A98AC-310A-449C-9B7B-B6BA23FE83C0@microsoft.com>
>> <91AD1694-E7F0-4B93-92C5-AA31876EA4E6@microsoft.com>
>> >Subject: Re: Cannot connect client to server 2003
>> >Date: Sun, 29 Jun 2008 05:57:00 -0700
>> >Lines: 46
>> >Message-ID: <4917C4AD-B8BD-49F7-A5F7-4444B91FEBA3@microsoft.com>
>> >MIME-Version: 1.0
>> >Content-Type: text/plain;
>> > charset="Utf-8"
>> >Content-Transfer-Encoding: 7bit
>> >X-Newsreader: Microsoft CDO for Windows 2000
>> >Content-Class: urn:content-classes:message
>> >Importance: normal
>> >Priority: normal
>> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2992
>> >Newsgroups: microsoft.public.windows.server.sbs
>> >Path: TK2MSFTNGHUB02.phx.gbl
>> >Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:113375
>> >NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
>> >X-Tomcat-NG: microsoft.public.windows.server.sbs
>> >
>> >Thanks for the try but that method did not work either. I keep getting
>> page
>> >cannot be displayed when using
http://servername/connectcomputer.
>> >
>> >The machines have been down for over a wek already. Does anyone have
>> other
>> >suggestions?
>> >
>> >"Cliff Galiher" wrote:
>> >
>> >> The problem is that you are pre-creating the accounts. Computer
>> accounts,
>> >> like user accounts, have passwords, and by doing this manual method,
>> >> you
>> are
>> >> essentially breaking that authentication. Delete the computer
>> >> accounts
>> and
>> >> DON'T recreate them.
>> >>
>> >> Now, using the client's browser, you can connect to the server and use
>> the
>> >> "connect computer" wizard to join the domain. The wizard will create
>> the
>> >> account, set the password, and set up the client appropriately.
>> >>
>> >> -Cliff
>> >>
>> >> "SOLONY" <SOLONY@discussions.microsoft.com> wrote in message
>> >> news:CF3A98AC-310A-449C-9B7B-B6BA23FE83C0@microsoft.com...
>> >> > My customers network disconnected 2 clients that were connected
>> >> > about
>> 10
>> >> > day
>> >> > ago.
>> >> >
>> >> > I deleted and reinstalled the computer accounts and even created new
>> ones
>> >> > but I still cannot connect.
>> >> >
>> >> > None of the methods I used were able to connect them so I formatted
>> >> > and
>> >> > reinstalled all of the applications and tried to connect them again.
>> I
>> >> > keep
>> >> > getting the message "the server cannot complete the request." or
>> >> > "the
>> >> > domain
>> >> > cannot find an account for this computer"
>> >> >
>> >> > I checked and the server can see the computers after I put them on a
>> >> > "workgroup" but I still cannot connect. The clients can ping the
>> server
>> >> > with
>> >> > no problem.
>> >> >
>> >> > The NIC information is all identical to the server except of course
>> for
>> >> > the
>> >> > static IP addresses. All of the other computers seem to be working
>> fine
>> >> > with
>> >> > the server.
>> >>
>> >
>>
>>