SBS 2003 RDC

awayu · 19 Dec 2008 at 10:57

I posted a few weeks ago about some issues with an SBS 2003 server I'm setting up. I decided to get a second NIC and a switch, and run the internal network on one NIC and the external connection on the second NIC.

The internal network works perfectly. Externally I seem to be having some problems.

The internet works perfectly, and all of the workstations on the internal network are able to connect to it. But the main thing I wanted to do was set up VPN and RDC so that users could access the server from home. They need to do this so that they can use IRIS, an accountancy program which uses an SQL database based on the SBS 2003 server.

It took me a while to get the remote access working, but after a few hours I could finally get a connection using RDC. The network is set-up as following:

Workstations <-> Switch <-> Internal NIC <-> Server <-> External NIC <-> Netgear DG834G router <-> Internet

I tested the RDC by using my laptop, which I connected to the internet using a wireless connection in a nearby office. I went home, happy that everything was working and users were able to access the server and IRIS off-site.

That evening I needed to log onto the server to e-mail myself some files, so I connected to the server using RDC on my XP Pro machine, typed in the IP (which is static) and connected with no problems. I logged out.

The next morning I get a phonecall saying the RDC wasn't working. Dumbfounded I went back into the office and ran the CEICW again, and once again left the office with the RDC working. Out of interest I continuously tested the RDC throughout the rest of the day by connecting, logging in and then logging out. It worked all day yesterday, until suddenly sometime shortly after midnight I couldn't connect. If I try pinging the IP of the server I don't even get anything, yet the server is on and connected to the internet.

I don't understand what the problem is, why I am able to get RDC for a while, but then all of a sudden it stops working.

As I mentioned, I'm using a Netgear DG834G router, all necessary ports are forwarded. One of the things I had to do during configuration was turn off DHCP on the router. The server handles DHCP on the internal network, and I set up internal firewall permissions for VPN and Terminal Services.

Any help would be much appreciated. I'm not sure why the connection works for a limited amount of time and then stops, and I obviously can't go into the office every day to run the CEICW again (which at the moment is the only way I can find to get the RDC working again).

K.C. Leblanc · 19 Dec 2008 at 11:18

Are the router and the server (both NICs) using static IPs? Is the external NIC set to a different range from the internal one?

awayu · 19 Dec 2008 at 11:28

The internal NIC is set to the default 192.168.16.2 (which is static); there's only 3 workstations on the internal network, and they're assigned using DHCP.

The external NIC is set to 192.168.0.2, and this is static. I originally used DHCP on the router to assign the IP, but VPN/RDC wouldn't connect when I did this, so I changed the external NIC to static 192.168.0.2. The router is 192.168.0.1, which is default for a Netgear DG834G.

Rob7865 · 19 Dec 2008 at 12:26

Don't let the users RDP Direct onto the server!!! Your just lining yourself up for problems

Have you set up the RWW? Train your Users to connect to the RWW site, then they can RDP to their internal workstation using the appropriate link in the RWW site.
We have a customer that uses IRIS and this is exactly how they work.
RDP from External does not really need to be used - even for Server Admin tasks from outside the LAN you can use the RWW connection.

Any probs, let me know
Rob

awayu · 19 Dec 2008 at 12:39

I've considered RWW, but there are a couple of problems with that idea (I think).

1 - Two of the users use laptops, so they don't have permanently attached workstations that they can RWW into. We tried just using VPN so they could use IRIS on their laptops away from the office, but the VPN is just too slow to be an effective choice.

2 - There's 3 people that work for the business that don't even have a workstation in the network (laptop or desktop), because they work permanently on the road. The only way for them to get onto IRIS is by RDC onto the server.

3 - We only actually have one permanently attached workstation on the internal network, and the way I understand it is that only one connection can be made to that at any given time. Is there any way of using RWW in this environment, where we basically only have one workstation but need at to have the capacity for at least 5 simultaneous connections? In theory, could I setup another workstation that would basically act as an IRIS workstation, allowing multiple people from outside the office to connect and use IRIS on one workstation at the same time?

One of the companies clients uses RDC to great effect, allowing people to login and do things on their SAGE database. This is pretty much what we want to do, and as I said, it works perfectly, for a few hours.

----

On a separate note, I have a sneaking suspicion that this could all be down to a problem with the router. As I mentioned in the first post, I am unable to ping the IP of the server (I keep getting timeouts) despite the fact it is connected to the internet and I can browse the internet from within the server.

Rob7865 · 19 Dec 2008 at 12:56

Your best bet is to setup another Workstation or if budget allows buy / set-up a terminal Server - This will then allow users that don't have workstations to use the application.
As you have found out the VPN will be very slow due to the amount of data being transferred by IRIS.

I cannot stress enough how much of a bad idea it is to allow users (which have little to NO IT knowledge / sense) to have FULL access to the Domain Server. Servers are designed to server and not act as a workstation.
Remember, servers can be shutdown from an RDP session, stopping anyone connecting until the server is physically powered on.

I would revisit the RWW setup - 5 users over 2 machines should be fine to start with - Our customer with IRIS is running a workstation for each user and they then RWW from home. Trust me with SBS THIS IS the right way!

Rob

awayu · 19 Dec 2008 at 13:13

Hmm, I like the idea of using RWW. Unfortunately I won't be in the office again until next week, but I'll give it a try. If I can set it up and then have multiple external users connect to the workstation we have, then I'll probably be able to persuade the company to buy another workstation so I can set it up as a dedicated terminal server.

I still have worries over the inability to ping the router/server though. Both times the RDC has stopped working it has been fine for 5-10 hours before suddenly stopping working. It's as if the router simply stops accepting outside connections. I get 721 errors when I try to VPN in.

K.C. Leblanc · 19 Dec 2008 at 14:37

If your server has enough spare grunt you could install VMware server and then create an XP virtual machine that people can remote onto. The only cost would be an XP licence and my some extra RAM for the server.

Have you got a static IP on your ADSL line or are you using some sort of Dynamic DNS setup?

awayu · 19 Dec 2008 at 14:43

It's a static IP for the ADSL.

What I don't understand is that a month or so ago I tried to set this up, but using just one NIC. Back then I had no problems with accessing the server via RDC, but had lots of problems on the internal network.

Now the internal network is fine, but RDC is screwed! Slightly frustrating, and I find it very perplexing that I can get internet access from the server, yet when I try to ping the server from the internet it works for a while but then all of a sudden starts to time out. This is my main concern, because I fear something may be wrong with the router, but have no spares to test if that is the case.