mmthomas

Here's a link for setting up file sharing in Server 2008. That should get you started.

Unfortunately, I don't know of any built in tools for that, but the gpmc tool does let you sort on the gpo status column.

Is this a domain controller or stand alone server? Is this an admin account or just a user in the remote desktop user group? If it's a domain controller and not an admin account, then you need to modify the default domain controller policy to allow remote login for the remote desktop group.

Are the Windows Firewall service and the Base Filtering Service set to use the Local Service account?

I'm not sure if this is what you had in mind, but if you open the Group Policy Management Console (gpmc.msc) and expand Domains > yourdomain > Group Policy Objects, all of the group policy objects in the domain are listed and the GPO Status column will list enabled or disabled.

This is not an area I know very well, but have you installed Desktop Experience on Server 2008?

Check the logs on the local computer first and see what kind of print events/errors are there. If USER1 logs into another computer, can he/she print from there?

What do you mean "at the same time"? Most Windows client OSes only allow one logon at a time. Vista and Win7 will allow you to "Switch User" but only one active account can use it at a time (XP had fast user switching, but not for domains). Windows Server will allow two simultaneous administrative RDP sessions which could be either local or domain accounts. If you just mean that multiple people will log on the computer at different times, that is normal, and I don't know what you want to accomplish.

Ok, just in case it wasn't understood, I meant the master RDP-tcp connection -- so that would affect all connection ability from all remote machines. It's the connection that all RDP sessions connect to on the server, not an individual remote session. This screen shot may look different from yours because I have deleted and renamed it:[ATTACH]45.IPB[/ATTACH]

IP ranges for VPN are in your Routing and Remote Access Services if they are pulling from a static pool. If vpn users cannot access network resources, it may be because routing between the subnets has not been configured in RRAS. If you open RRAS and right-click on the server and choose properties, on the General tab you should have IPv4 Router checked and the sub-radio button for LAN and demand-dial routing should be selected. On the IPv4 tab the checkbox at the top for "Enable IPv4 Forwarding" should be selected. That IPv4 tab also has the setting for using DHCP to assign addresses or to use a static pool. You may be using a pool rather than the DHCP server to assign IPs. If RAS is set to use DHCP, then it should be grabbing about 10 ip addresses from the DHCP scope to assign to vpn users.

When users can't connect, if you reset the RDP-tcp connection rather than restart the server does that fix the problem? (Terminal Services Configuration > click the RDP-tcp connection, chose Disable Connection, OK and then re-enable the connection) If it does, the connection properties may be corrupted. You can Delete the connection in the same tool and Create New Connection to replace it.

What message do users get when they try to connect? When users cannot connect, what is the RAM utilization on the server? Are users logging off at the end of the day (as opposed to just disconnecting) so that all of the licenses are not seen as in use at the start of the next?

What kind of router/firewall is it and have you restarted it since you started having this problem connecting to it?

What gpo do you have it in, the default domain policy? If you run rsop or gpresult on your clients is the policy showing as being enforced? Is Block Policy Inheritance selected on the domain controller OU?

Are you setup to use a proxy in IE? If so, do you have it checked to bypass proxy for local sites?

Yes, TCP/IP v4 properties is where you will change the IP address. You will want to pick an IP address that is in your network subnet, but not in the range of addresses being assigned through DHCP. In your case, it sounds like your router is probably doing DHCP. So, your network is probably something like 192.168.1.0 with a netmask of 255.255.255.0 and a default gateway of 192.168.1.1 (the router's ip address). Your router is probably configured to give out DHCP addresses in the range of something like 192.168.1.100 - 192.168.1.200. So you would want to assign your server an address between .1 and .100 exclusive. So if you gave it an address of 192.168.1.2 and netmask 255.255.255.0 and a gateway of 192.168.1.1 you should have internet access. (assuming you do have a 192.168.1.0 network).

For most servers, it is best to assign a static IP address. This is because you may have applications, firewalls or port forwarding configured to use the server's IP address for access. If you use DHCP, a power or network outage may cause your server to pick up a new IP address and suddenly your server is unavailable. Then you may have to traipse over to the server to logon at the console to find out what the IP address is.

Here is a link to get you started with IP addressing and configuring.

What you are asking to set up is an Internet Connection Sharing host on the server or as a NAT host. The network diagram looks like this: Do you have a reason that you want to do it that way and not this way: Unless you are going to run software on the software to do something with everyone's network traffic, I think the second is a simpler way to set up your network and takes some processing load off of the server. To do the second, you need to: 1) Set up your server to run DHCP. Point all machines to the Belkin router/firewall as the gateway address. 2) Have DHCP give the Belkin router/firewall IP address as the gateway address. 3) Have DHCP give out the server address for DNS. That should accomplish giving all machines access to the Internet and the server. To enable VPN connections from external: 1) Setup RAS VPN on the server (note those are short pages with a NEXT button before the comments) 2) On the Belkin router, forward TCP Port 1723, IP Protocol 47 (GRE) (Note: 47 is a protocol number and not TCP port. The protocol name is GRE.) to the server's IP address. If you do want to run everything through the server, then you have to set up NAT on the server. If your server is a VPN server, you cannot set it up as an ICS server. NAT will accomplish the same thing. You will still need to setup DHCP as above, except that the gateway should be the server's IP address rather than the router's IP address. (Note that the link assumes that you are setting up without the router between you and the internet. Where it says to put in the address from your ISP [step 4], you would actually put in the address you are getting from your router). Hope that helps.

Have you set up a domain with your server or are all the machines only in a workgroup? Here are some instructions for setting up shared folders. If you're in a workgroup, each user will need to have a local account on the server as well as on their own machine. If you are in a domain, then they'll be using the same username and password to log onto their machine as to access shares on the server and the server share access would be pretty transparent to them. What kind of router do you have? Is it a simple router provided by your ISP or does it have firewalling and port forwarding features that you can configure? If that router is giving your server a private IP address rather than a public IP address, then you won't be to do VPNs unless it can also handle port forwarding. You will be wanting to configure Routing and Remote Access in order to enable the server to receive VPN requests from your external laptops, but I wouldn't start messing with it until you know how everything is going to be setup. There is a wizard for the first time you setup RRAS and it's easier if you do everything at once.

Hi, Pulse. Welcome to the forum.

What kind of firewall or router do you have connected to your internet connection? Most of the time those ports are set to auto-negotiate speed. I have, on occasion, seen that cause weird problems that then disappeared if the port was set to 10 or 100Mbps. If you think there might be a problem with the deltacom DNS servers, you can use one of the Level3 DNS servers like 4.2.2.1 or 4.2.2.2 and see if it works any better. But you may have to resort to a laborious plan of extensive ping, traceroute, and netmon scanning of the internet connection to determine where the problems really are.

Hello and welcome, SoundFX.

The IP Address should be OK if it is in the same network as your other servers, but the DNS Server address should be changed on your Ethernet adapter TCP/IP properties to the address of a DNS server that is already in the domain to which you are trying to connect. If you point the DNS to itself, then the server does not know how to authenticate you when you try to log on with a domain account. By pointing to the DNS address to a DNS server that is already in the domain, when you try to login with a domain account, the server can ask the DNS server where the domain controllers are for the domain and then forward your logon request for authentication. So, for example, let us say that you have a domain controller for your domain: IP Address: 10.10.100.5 Default Gateway: 10.10.100.3 Let us also assume that this domain controller is running DNS for the domain. If so, its DNS setting will look like this: DNS Server: 10.10.100.5 or it might say 127.0.0.1 In that case, it is OK to point to itself because the domain controller is also the primary DNS server for the domain. If I add another server, it should look like this: IP Address: 10.10.100.15 Default Gateway: 10.10.100.3 DNS Server: 10.10.100.5 Unless you are a very large company, you will probably only have one or two servers that are running DNS for your domain. All of your servers and workstations need to point to one of those DNS servers in order to work properly. The only servers that should point to themselves for DNS are the DNS servers themselves.

It looks like you have it pointed to itself for DNS. Try pointing it at one of the domain DNS servers, unless you made it a DNS server for the domain?