RE: Access to remote ISA 2004 server via RDP no longer working
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 22 Feb 2006 12:24:35 -0600
Hi Rob,
I hope you used fwengmon to determine what the ISA firewall was
listening on, otherwise you don't know.
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
> -----Original Message-----
> From: Rob Moore [mailto:RMoore@xxxxxxxx]
> Sent: Wednesday, February 22, 2006 11:58 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Access to remote ISA 2004 server via
> RDP no longer working
>
> http://www.ISAserver.org
>
> Yah, I checked that out this morning. (See this morning's
> post.) It was
> correctly configured. I unchecked it, applied it, then
> re-checked it and
> applied that. I was then able to RDP to the ISA server from the
> webserver behind it. But when I got back to my desk, I couldn't RDP
> directly to the ISA box. I tried RDPing into the
> webserver--success--and
> then RDPing into the ISA server--no success. That's where I'm at now.
>
> Even when I was able to RDP into the ISA box, it still didn't list
> "3389" as a port it was listening on.
>
> Rob
>
> -----Original Message-----
> From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> Sent: Wednesday, February 22, 2006 12:12 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Access to remote ISA 2004 server via RDP no
> longer working
>
> http://www.ISAserver.org
>
> I make that your TS service isn't configured.
> Computer Properties, "Remote" tab.
>
> -------------------------------------------------------
> Jim Harrison
> MCP(NT4, W2K), A+, Network+, PCG
> http://isaserver.org/Jim_Harrison/
> http://isatools.org
> Read the help / books / articles!
> -------------------------------------------------------
>
>
> -----Original Message-----
> From: Rob Moore [mailto:RMoore@xxxxxxxx]
> Sent: Tuesday, February 21, 2006 12:31
> To: [ISAserver.org Discussion List]
> Subject: RE: [isalist] RE: Access to remote ISA 2004 server via RDP no
> longer working
>
> OK, I'm now at our remote site. When I do a "netstat -ano -p tcp"
> there's nothing listening on port 3389. Here's what I get:
> Proto Local Address Foreign Address State
> PID
> TCP 0.0.0.0:135 0.0.0.0:0
> LISTENING 956
> TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
> TCP 0.0.0.0:1029 0.0.0.0:0 LISTENING
> 1584
> TCP 0.0.0.0:1039 0.0.0.0:0 LISTENING
> 1908
> TCP 0.0.0.0:1051 0.0.0.0:0
> LISTENING 696
> TCP 0.0.0.0:1052 0.0.0.0:0 LISTENING
> 1044
> TCP 0.0.0.0:1054 0.0.0.0:0 LISTENING
> 3680
> TCP 0.0.0.0:1056 0.0.0.0:0 LISTENING
> 3636
> TCP 0.0.0.0:1311 0.0.0.0:0 LISTENING
> 1908
> TCP 0.0.0.0:1723 0.0.0.0:0 LISTENING 4
> TCP 0.0.0.0:3847 0.0.0.0:0 LISTENING
> 1664
> TCP 0.0.0.0:8000 0.0.0.0:0 LISTENING
> 1908
> TCP 66.150.232.139:80 0.0.0.0:0 LISTENING
> 3636
> TCP 66.150.232.139:80 63.138.24.67:45303 ESTABLISHED
> 3636
> TCP 66.150.232.139:80 68.142.250.208:55628 TIME_WAIT 0
> TCP 66.150.232.139:80 68.142.251.89:37994 TIME_WAIT 0
> TCP 66.150.232.139:139 0.0.0.0:0 LISTENING 4
> TCP 66.150.232.139:5354 0.0.0.0:0 LISTENING
> 3636
> TCP 127.0.0.1:53 0.0.0.0:0 LISTENING
> 1584
> TCP 172.17.201.9:139 0.0.0.0:0 LISTENING 4
> TCP 192.168.200.1:53 0.0.0.0:0 LISTENING
> 1584
> TCP 192.168.200.1:139 0.0.0.0:0 LISTENING 4
> TCP 192.168.200.1:1059 192.168.200.2:445 ESTABLISHED 4
> TCP 192.168.200.1:1121 0.0.0.0:0 LISTENING
> 3636
> TCP 192.168.200.1:1167 192.168.200.2:389 CLOSE_WAIT
> 1116
> TCP 192.168.200.1:1745 0.0.0.0:0 LISTENING
> 3636
> TCP 192.168.200.1:4318 192.168.200.2:80 ESTABLISHED
> 3636
> TCP 192.168.200.1:4538 192.168.200.2:135 TIME_WAIT 0
> TCP 192.168.200.1:4539 192.168.200.2:135 TIME_WAIT 0
> TCP 192.168.200.1:4540 192.168.200.2:1026 TIME_WAIT 0
> TCP 192.168.200.1:4557 192.168.200.2:1026 TIME_WAIT 0
> TCP 192.168.200.1:4560 192.168.200.2:389 TIME_WAIT 0
> TCP 192.168.200.1:4561 192.168.200.2:389 TIME_WAIT 0
> TCP 192.168.200.1:4565 192.168.200.2:139 TIME_WAIT 0
> TCP 192.168.200.1:4653 192.168.200.2:80 ESTABLISHED
> 3636
> TCP 192.168.200.1:8080 0.0.0.0:0 LISTENING
> 3636
> TCP 192.168.200.59:139 0.0.0.0:0 LISTENING 4
>
> What do you make of that?
>
> Thanks,
> Rob
>
> ________________________________
>
> From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> Sent: Fri 2/17/2006 10:50 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Access to remote ISA 2004 server via RDP no
> longer working
>
>
>
> http://www.ISAserver.org
>
> "abortively closed" is one side of the connection (client or server)
> that is slamming the door on the connection be sending a RST
> instead of
> the expected SYN_ACK.
> This usually happens because the application / service is not
> listening
> on the destination port and the TCP stack does the right thing by
> telling the client to bugger off.
> What is the output from "nststat -ano -p tcp" at the ISA?
>
> -----Original Message-----
> From: Rob Moore [mailto:RMoore@xxxxxxxx]
> Sent: Friday, February 17, 2006 7:30 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Access to remote ISA 2004 server via RDP no longer
> working
>
> http://www.ISAserver.org
>
> Hello all--
>
> I have a remote ISA 2004 server (on Win2k3 SP1, was ISA SP1,
> now is ISA
> SP2) at a colocation facility. I also have an ISA 2004 server
> (on Win2k3
> SP1, ISA SP1) here in the building. Behind the remote ISA server is a
> web server. There is a VPN connection between the two ISA servers.
>
> Up until this week, I have been able to RDP from here to both remote
> servers. I could RDP to both servers over the VPN or without it, for
> those times when the VPN has broken.
>
> I don't know exactly when I stopped being able to RDP. I first
> discovered it this week, right after I applied the latest MS security
> patches to my computer. I was then going about applying them to my
> servers. I got into and applied them to the remote web server. But I
> couldn't get into my remote ISA server. I can still RDP to the remote
> web server, both over the VPN and not over the VPN. When I
> try to RDP to
> the ISA server, I get this error at my workstation:
> "Remote Desktop Disconnected
> The client could not connect to the remote computer.
> Remote connections might not be enabled or the computer might be too
> busy to accept new connections. Blah blah blah."
>
> So this morning I went over to the colocation facility. I monitored
> attempts to get in via RDP. Then I tried applying all the MS updates
> (except for ISA SP2) and rebooting. RDP attempts got the same result.
> Then I tried applying ISA SP2. RDP attempts yielded the same result.
>
> Examining the logs on the remote ISA server shows me that it
> is NOT now,
> nor was it before, denying the connection. Instead I'm getting the
> result code "0x80074e21". When I Google that, I get to a Microsoft web
> page with lots of error codes, including that one on ISA, and
> it says "A
> connection was abortively closed after one of the peers sent a RST
> segment."
>
> Does that sound familiar to anyone? Any ideas about how to
> approach this
> problem? It's complicated by the fact that, now that RDP to the ISA
> server isn't working, I have to take a 30-minute trip to the
> colocation
> facility if I want to get my hands on the server.
>
> One thing I didn't think of trying until I'd left the facility was
> RDPing from the web server to the ISA server.
>
> Thanks,
> Rob
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> jim@xxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> All mail to and from this domain is GFI-scanned.
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> rmoore@xxxxxxxx To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
>
> All mail to and from this domain is GFI-scanned.
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> rmoore@xxxxxxxx To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
Other related posts: