"fwengmon" ? Isn't that the Jamaican custom of arranging furniture for better chimon? -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Wednesday, February 22, 2006 1:25 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Access to remote ISA 2004 server via RDP no longer working http://www.ISAserver.org Hi Rob, I hope you used fwengmon to determine what the ISA firewall was listening on, otherwise you don't know. Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls > -----Original Message----- > From: Rob Moore [mailto:RMoore@xxxxxxxx] > Sent: Wednesday, February 22, 2006 11:58 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Access to remote ISA 2004 server via > RDP no longer working > > http://www.ISAserver.org > > Yah, I checked that out this morning. (See this morning's > post.) It was > correctly configured. I unchecked it, applied it, then > re-checked it and > applied that. I was then able to RDP to the ISA server from the > webserver behind it. But when I got back to my desk, I couldn't RDP > directly to the ISA box. I tried RDPing into the > webserver--success--and > then RDPing into the ISA server--no success. That's where I'm at now. > > Even when I was able to RDP into the ISA box, it still didn't list > "3389" as a port it was listening on. > > Rob > > -----Original Message----- > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] > Sent: Wednesday, February 22, 2006 12:12 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Access to remote ISA 2004 server via RDP no > longer working > > http://www.ISAserver.org > > I make that your TS service isn't configured. > Computer Properties, "Remote" tab. > > ------------------------------------------------------- > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://isaserver.org/Jim_Harrison/ > http://isatools.org > Read the help / books / articles! > ------------------------------------------------------- > > > -----Original Message----- > From: Rob Moore [mailto:RMoore@xxxxxxxx] > Sent: Tuesday, February 21, 2006 12:31 > To: [ISAserver.org Discussion List] > Subject: RE: [isalist] RE: Access to remote ISA 2004 server via RDP no > longer working > > OK, I'm now at our remote site. When I do a "netstat -ano -p tcp" > there's nothing listening on port 3389. Here's what I get: > Proto Local Address Foreign Address State > PID > TCP 0.0.0.0:135 0.0.0.0:0 > LISTENING 956 > TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4 > TCP 0.0.0.0:1029 0.0.0.0:0 LISTENING > 1584 > TCP 0.0.0.0:1039 0.0.0.0:0 LISTENING > 1908 > TCP 0.0.0.0:1051 0.0.0.0:0 > LISTENING 696 > TCP 0.0.0.0:1052 0.0.0.0:0 LISTENING > 1044 > TCP 0.0.0.0:1054 0.0.0.0:0 LISTENING > 3680 > TCP 0.0.0.0:1056 0.0.0.0:0 LISTENING > 3636 > TCP 0.0.0.0:1311 0.0.0.0:0 LISTENING > 1908 > TCP 0.0.0.0:1723 0.0.0.0:0 LISTENING 4 > TCP 0.0.0.0:3847 0.0.0.0:0 LISTENING > 1664 > TCP 0.0.0.0:8000 0.0.0.0:0 LISTENING > 1908 > TCP 66.150.232.139:80 0.0.0.0:0 LISTENING > 3636 > TCP 66.150.232.139:80 63.138.24.67:45303 ESTABLISHED > 3636 > TCP 66.150.232.139:80 68.142.250.208:55628 TIME_WAIT 0 > TCP 66.150.232.139:80 68.142.251.89:37994 TIME_WAIT 0 > TCP 66.150.232.139:139 0.0.0.0:0 LISTENING 4 > TCP 66.150.232.139:5354 0.0.0.0:0 LISTENING > 3636 > TCP 127.0.0.1:53 0.0.0.0:0 LISTENING > 1584 > TCP 172.17.201.9:139 0.0.0.0:0 LISTENING 4 > TCP 192.168.200.1:53 0.0.0.0:0 LISTENING > 1584 > TCP 192.168.200.1:139 0.0.0.0:0 LISTENING 4 > TCP 192.168.200.1:1059 192.168.200.2:445 ESTABLISHED 4 > TCP 192.168.200.1:1121 0.0.0.0:0 LISTENING > 3636 > TCP 192.168.200.1:1167 192.168.200.2:389 CLOSE_WAIT > 1116 > TCP 192.168.200.1:1745 0.0.0.0:0 LISTENING > 3636 > TCP 192.168.200.1:4318 192.168.200.2:80 ESTABLISHED > 3636 > TCP 192.168.200.1:4538 192.168.200.2:135 TIME_WAIT 0 > TCP 192.168.200.1:4539 192.168.200.2:135 TIME_WAIT 0 > TCP 192.168.200.1:4540 192.168.200.2:1026 TIME_WAIT 0 > TCP 192.168.200.1:4557 192.168.200.2:1026 TIME_WAIT 0 > TCP 192.168.200.1:4560 192.168.200.2:389 TIME_WAIT 0 > TCP 192.168.200.1:4561 192.168.200.2:389 TIME_WAIT 0 > TCP 192.168.200.1:4565 192.168.200.2:139 TIME_WAIT 0 > TCP 192.168.200.1:4653 192.168.200.2:80 ESTABLISHED > 3636 > TCP 192.168.200.1:8080 0.0.0.0:0 LISTENING > 3636 > TCP 192.168.200.59:139 0.0.0.0:0 LISTENING 4 > > What do you make of that? > > Thanks, > Rob > > ________________________________ > > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] > Sent: Fri 2/17/2006 10:50 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Access to remote ISA 2004 server via RDP no > longer working > > > > http://www.ISAserver.org > > "abortively closed" is one side of the connection (client or server) > that is slamming the door on the connection be sending a RST > instead of > the expected SYN_ACK. > This usually happens because the application / service is not > listening > on the destination port and the TCP stack does the right thing by > telling the client to bugger off. > What is the output from "nststat -ano -p tcp" at the ISA? > > -----Original Message----- > From: Rob Moore [mailto:RMoore@xxxxxxxx] > Sent: Friday, February 17, 2006 7:30 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] Access to remote ISA 2004 server via RDP no longer > working > > http://www.ISAserver.org > > Hello all-- > > I have a remote ISA 2004 server (on Win2k3 SP1, was ISA SP1, > now is ISA > SP2) at a colocation facility. I also have an ISA 2004 server > (on Win2k3 > SP1, ISA SP1) here in the building. Behind the remote ISA server is a > web server. There is a VPN connection between the two ISA servers. > > Up until this week, I have been able to RDP from here to both remote > servers. I could RDP to both servers over the VPN or without it, for > those times when the VPN has broken. > > I don't know exactly when I stopped being able to RDP. I first > discovered it this week, right after I applied the latest MS security > patches to my computer. I was then going about applying them to my > servers. I got into and applied them to the remote web server. But I > couldn't get into my remote ISA server. I can still RDP to the remote > web server, both over the VPN and not over the VPN. When I > try to RDP to > the ISA server, I get this error at my workstation: > "Remote Desktop Disconnected > The client could not connect to the remote computer. > Remote connections might not be enabled or the computer might be too > busy to accept new connections. Blah blah blah." > > So this morning I went over to the colocation facility. I monitored > attempts to get in via RDP. Then I tried applying all the MS updates > (except for ISA SP2) and rebooting. RDP attempts got the same result. > Then I tried applying ISA SP2. RDP attempts yielded the same result. > > Examining the logs on the remote ISA server shows me that it > is NOT now, > nor was it before, denying the connection. Instead I'm getting the > result code "0x80074e21". When I Google that, I get to a Microsoft web > page with lots of error codes, including that one on ISA, and > it says "A > connection was abortively closed after one of the peers sent a RST > segment." > > Does that sound familiar to anyone? Any ideas about how to > approach this > problem? It's complicated by the fact that, now that RDP to the ISA > server isn't working, I have to take a 30-minute trip to the > colocation > facility if I want to get my hands on the server. > > One thing I didn't think of trying until I'd left the facility was > RDPing from the web server to the ISA server. > > Thanks, > Rob > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > jim@xxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > All mail to and from this domain is GFI-scanned. > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > rmoore@xxxxxxxx To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > > > All mail to and from this domain is GFI-scanned. > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > rmoore@xxxxxxxx To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: ncassidy@xxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx