WIN2003 Firewall Issue...

hi,
i am using win2003 server its running on exchange 2003
our field employees are using cisco vpn client, they are able to access all
the other server's and desktop's but they are not able to access that
particular exchange server...
from server to vpn client pc i am able to access, but from vpn client pc to
server i am not able to access....
i had checked the windows firewall its off only but its showing some error
message also. "windows Firewall cannot run because another program or service
is running that might use the network address translation component
(Ipnat.sys.)" in the server windows firewall side.
what was the problem??? how can i trubleshoot and solve the problem????

In news:F14409E8-16AB-496A-A4E7-(E-Mail Removed),
Gopi Raju <(E-Mail Removed)> typed:
> hi,
> i am using win2003 server its running on exchange 2003
> our field employees are using cisco vpn client, they are able to
> access all the other server's and desktop's but they are not able to
> access that particular exchange server...
> from server to vpn client pc i am able to access, but from vpn client
> pc to server i am not able to access....
> i had checked the windows firewall its off only but its showing some
> error message also. "windows Firewall cannot run because another
> program or service is running that might use the network address
> translation component (Ipnat.sys.)" in the server windows firewall
> side.
> what was the problem??? how can i trubleshoot and solve the
> problem????

Is RRAS or Connection Sharing enabled? That would be the only reason you are
getting a message stating "windows Firewall cannot run because another
program or service ."

Curious, why would you have that running on the Exchange server? Is it also
a DC?


--
Regards,
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
MVP Microsoft MVP - Directory Services
Microsoft Certified Trainer

Infinite Diversities in Infinite Combinations

Hi,
thanks for your soon reply...
i was disable the RRAS services in the server...now that error not coming,
but my problem not yet solved.
from that server to i am able to access the cisco VPN client system, but i
am not able to access from cisco VPN client system to that particular
server... windows firewall also disable only...remaining all the server's,
client i am able to access from VPN cliet..
pls guide me how can i solve the problem!!!....
thanks,
Gopi.R

"Ace Fekay [MVP]" wrote:

> In news:F14409E8-16AB-496A-A4E7-(E-Mail Removed),
> Gopi Raju <(E-Mail Removed)> typed:
> > hi,
> > i am using win2003 server its running on exchange 2003
> > our field employees are using cisco vpn client, they are able to
> > access all the other server's and desktop's but they are not able to
> > access that particular exchange server...
> > from server to vpn client pc i am able to access, but from vpn client
> > pc to server i am not able to access....
> > i had checked the windows firewall its off only but its showing some
> > error message also. "windows Firewall cannot run because another
> > program or service is running that might use the network address
> > translation component (Ipnat.sys.)" in the server windows firewall
> > side.
> > what was the problem??? how can i trubleshoot and solve the
> > problem????
>
> Is RRAS or Connection Sharing enabled? That would be the only reason you are
> getting a message stating "windows Firewall cannot run because another
> program or service ."
>
> Curious, why would you have that running on the Exchange server? Is it also
> a DC?
>
>
> --
> Regards,
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
> MVP Microsoft MVP - Directory Services
> Microsoft Certified Trainer
>
> Infinite Diversities in Infinite Combinations
>
>
>
>
>

In news:11823947-6ECC-4F53-84E7-(E-Mail Removed),
Gopi Raju <(E-Mail Removed)> typed:
> Hi,
> thanks for your soon reply...
> i was disable the RRAS services in the server...now that error not
> coming, but my problem not yet solved.
> from that server to i am able to access the cisco VPN client system,
> but i am not able to access from cisco VPN client system to that
> particular server... windows firewall also disable only...remaining
> all the server's, client i am able to access from VPN cliet..
> pls guide me how can i solve the problem!!!....
> thanks,
> Gopi.R

Ok, you disabled RRAS on the Exchange server. Good. Why was RRAS installed?
What was it's purpose?

I still need you to anwswer some questions to better help you and understand
the actual problem you are experiencing. So far I am getting a
generalization from you that makes it difficult to help.

How exactly are the clients trying to "connect" or "access" the Exchange
server? Are you talking about email? If so, what client are you using?
Outlook Express or Microsoft Office Outlook? What type of connection? POP3,
IMAP, OWA, or RPC/HTTPS?

Is the Exchange server a domain controller?

Does it have more than one NIC? If so, why?

Are there any errors in the Event log on the Exchange server.

Maybe it is a DNS problem. Please post the following:

Run "ipconfig /all > c:\ipconfig.txt" on the server and one of the clients
while they are connected to the VPN. Then open the ipconfig.txt file and
post the contents.

Run "net start > c:\netstart.txt" on the server and open the netstart.txt
file and post it's contents.

Thank you,

Ace

hi,
The client are using Microsoft outlook through pop3
yes the exhchange server is a domain controller
this server having 2 nic cards, the both cards are teaming.
no errors in the event viewer
in the exchange server ipconfig /all

C:\>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : agni
Primary Dns Suffix . . . . . . . : SNX.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : SNX.com

Ethernet adapter AGNI:

Connection-specific DNS Suffix . : SNX.com
Description . . . . . . . . . . . : BASP Virtual Adapter
Physical Address. . . . . . . . . : 00-14-5E-CC-D2-6C
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 172.30.2.11
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.30.2.1
DNS Servers . . . . . . . . . . . : 61.1.128.65

net start in the server

C:\>net start
These Windows services are started:

Application Experience Lookup Service
Application Layer Gateway Service
Automatic Updates
COM+ Event System
Computer Browser
Cryptographic Services
DCOM Server Process Launcher
DHCP Client
Distributed File System
Distributed Transaction Coordinator
DNS Client
DNS Server
Error Reporting Service
Event Log
File Replication Service
FTP Publishing Service
HID Input Service
HTTP SSL
IIS Admin Service
Intersite Messaging
IPSEC Services
Kerberos Key Distribution Center
Logical Disk Manager
Machine Debug Manager
McAfee Framework Service
McAfee McShield
McAfee Task Manager
Microsoft Exchange Information Store
Microsoft Exchange Management
Microsoft Exchange MTA Stacks
Microsoft Exchange POP3
Microsoft Exchange Routing Engine
Microsoft Exchange System Attendant
Microsoft Search
Net Logon
Network Connections
Network Location Awareness (NLA)
NT LM Security Support Provider
Plug and Play
Print Spooler
Protected Storage
Remote Access Connection Manager
Remote Procedure Call (RPC)
Remote Registry
Routing and Remote Access
Secondary Logon
Security Accounts Manager
Server
Shell Hardware Detection
Simple Mail Transfer Protocol (SMTP)
SNMP Service
System Event Notification
Task Scheduler
TCP/IP NetBIOS Helper
Telephony
Terminal Services
Windows Audio
Windows Firewall/Internet Connection Sharing (ICS)
Windows Management Instrumentation
Windows Time
Wireless Configuration
Workstation
World Wide Web Publishing Service

The command completed successfully.

"Ace Fekay [MVP]" wrote:

> In news:11823947-6ECC-4F53-84E7-(E-Mail Removed),
> Gopi Raju <(E-Mail Removed)> typed:
> > Hi,
> > thanks for your soon reply...
> > i was disable the RRAS services in the server...now that error not
> > coming, but my problem not yet solved.
> > from that server to i am able to access the cisco VPN client system,
> > but i am not able to access from cisco VPN client system to that
> > particular server... windows firewall also disable only...remaining
> > all the server's, client i am able to access from VPN cliet..
> > pls guide me how can i solve the problem!!!....
> > thanks,
> > Gopi.R
>
> Ok, you disabled RRAS on the Exchange server. Good. Why was RRAS installed?
> What was it's purpose?
>
> I still need you to anwswer some questions to better help you and understand
> the actual problem you are experiencing. So far I am getting a
> generalization from you that makes it difficult to help.
>
> How exactly are the clients trying to "connect" or "access" the Exchange
> server? Are you talking about email? If so, what client are you using?
> Outlook Express or Microsoft Office Outlook? What type of connection? POP3,
> IMAP, OWA, or RPC/HTTPS?
>
> Is the Exchange server a domain controller?
>
> Does it have more than one NIC? If so, why?
>
> Are there any errors in the Event log on the Exchange server.
>
> Maybe it is a DNS problem. Please post the following:
>
> Run "ipconfig /all > c:\ipconfig.txt" on the server and one of the clients
> while they are connected to the VPN. Then open the ipconfig.txt file and
> post the contents.
>
> Run "net start > c:\netstart.txt" on the server and open the netstart.txt
> file and post it's contents.
>
> Thank you,
>
> Ace
>
>
>
>
>
>
>
>

In news:092BC472-A21A-44A4-878E-(E-Mail Removed),
Gopi Raju <(E-Mail Removed)> typed:
> hi,
> The client are using Microsoft outlook through pop3
> yes the exhchange server is a domain controller
> this server having 2 nic cards, the both cards are teaming.
> no errors in the event viewer
> in the exchange server ipconfig /all
>
> C:\>ipconfig /all
>
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : agni
> Primary Dns Suffix . . . . . . . : SNX.com
> Node Type . . . . . . . . . . . . : Unknown
> IP Routing Enabled. . . . . . . . : Yes
> WINS Proxy Enabled. . . . . . . . : Yes
> DNS Suffix Search List. . . . . . : SNX.com
>
> Ethernet adapter AGNI:
>
> Connection-specific DNS Suffix . : SNX.com
> Description . . . . . . . . . . . : BASP Virtual Adapter
> Physical Address. . . . . . . . . : 00-14-5E-CC-D2-6C
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 172.30.2.11
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 172.30.2.1
> DNS Servers . . . . . . . . . . . : 61.1.128.65
>
> net start in the server
>
> C:\>net start
> These Windows services are started:
>
> Application Experience Lookup Service
> Application Layer Gateway Service
> Automatic Updates
> COM+ Event System
> Computer Browser
> Cryptographic Services
> DCOM Server Process Launcher
> DHCP Client
> Distributed File System
> Distributed Transaction Coordinator
> DNS Client
> DNS Server
> Error Reporting Service
> Event Log
> File Replication Service
> FTP Publishing Service
> HID Input Service
> HTTP SSL
> IIS Admin Service
> Intersite Messaging
> IPSEC Services
> Kerberos Key Distribution Center
> Logical Disk Manager
> Machine Debug Manager
> McAfee Framework Service
> McAfee McShield
> McAfee Task Manager
> Microsoft Exchange Information Store
> Microsoft Exchange Management
> Microsoft Exchange MTA Stacks
> Microsoft Exchange POP3
> Microsoft Exchange Routing Engine
> Microsoft Exchange System Attendant
> Microsoft Search
> Net Logon
> Network Connections
> Network Location Awareness (NLA)
> NT LM Security Support Provider
> Plug and Play
> Print Spooler
> Protected Storage
> Remote Access Connection Manager
> Remote Procedure Call (RPC)
> Remote Registry
> Routing and Remote Access
> Secondary Logon
> Security Accounts Manager
> Server
> Shell Hardware Detection
> Simple Mail Transfer Protocol (SMTP)
> SNMP Service
> System Event Notification
> Task Scheduler
> TCP/IP NetBIOS Helper
> Telephony
> Terminal Services
> Windows Audio
> Windows Firewall/Internet Connection Sharing (ICS)
> Windows Management Instrumentation
> Windows Time
> Wireless Configuration
> Workstation
> World Wide Web Publishing Service
>
> The command completed successfully.


Thank you for posting the info.

What is this DNS address?
> DNS Servers . . . . . . . . . . . : 61.1.128.65

Is it a domain controller for your domain or the ISP's? If it is the ISP's,
please immediately remove it and ONLY use your domain controller DNS. THis
is a HUGE problem. Machiens will ask DNS, "where is my domain and domain
controller?" If it asks the ISP's DNS, does it know of your internal domain?
NO, it does not. ONLY use the internal DNS.

If you are using Microsoft Outlook (not Outlook Express), why are you using
POP3???? No need to. Use Exchange services for the internal machines.
Disable POP3. You are missing out on alot of cool and functional features to
help make your office more productive.

Ace

In news:(E-Mail Removed),
Ace Fekay [MVP] <(E-Mail Removed)> typed:


I do not believe this is a firewall issue. When using an ISP's DNS, it can
cause NUMEROUS issues.

What DNS address is your DCs and your user's machines using? ISP's too?

All Active Directory machines must ONLY use the internal DNS server.
Configure a forwarder to 4.2.2.2. If not sure how to do that, follow this
article:

323380 - HOW TO Configure DNS for Internet Access in Windows Server 2003
(forwarding) :
http://support.microsoft.com/?id=323380

Read this please:
291382 - Frequently asked questions about Windows 2000 DNS and Windows
Server 2003 DNS
http://support.microsoft.com/?id=291382

Ace