ICTCity

If (and this is your case) the RDP answesr but the credentials are wrong, you may have two different problems: 1) You must specify the domain: username@mydomain or mydomain\username 2) Check if remote RDP for that user is blocked or not (USUALLY for admins is permitted, but check in AD properties if it's permitted) It sounds like RDP is not enabled on that IP and it works with the name because of DNS resolves the name with the correct IP. Check on TS properties if the BINDING interface is only the external and change it to "*" (all). That's right. When you login with domain account (no matter if it's a new or old account) the GROUP POLICY is (are) applied specifying desktop settings, permissions and so on. By default the "Default Group Policy" is applied. To change this: Start > RUN > gpedit.msc tip: when you want to test if RDP is up and running, open your browser and type: http://IPorNAMEofTHEserver:3389/

I have no idea... this looks like a service (IIS) stucked somewhere... Default Web Site is the pre-configured website which shows you the IIS logo and stop. Usually you remove the default web site to create your own.

damn right now I can't remember... but there's an option (somewhere in settings) where to point exactly. If you find it, point (again) to the folder "RDWeb\Pages\"

Now right click RDWebApp > properties post prntscrn

Honestly I don't know why some companies offer SSL certs for 5$... maybe they work, maybe not... I never tried. Usually I bought certs on godaddy: http://www.godaddy.com/ssl/ssl-certificates.aspx?ci=9039 Have you tried googling the name of the company which sells that cert for 5$? Maybe you can find some unsatisfated user... It's also true that 5$ are almost nothing... and this is for "testing" purpose... so... try it ) you don't have confidential data ) SSL doesn't check the service, it looks at the hostname. If you buy a cert for mail.mydomain.com this will be issued for mail.mydomain.com :)

can you post a print screen of your IIS manager?

When you open IIS manager on your left you have all the app pools and so on. Well, somewhere you should have the primary, the root ( / ). Right click on it and select properties. I'm quite sure that your app is pointing to the wrong app pool.

what the... you should be able to open it... well at least we know it exist and contains something. Anyway, where is pointing the main app (root app)?

Your root app (/) is pointing where? If you manually navigate into /RDWeb/Pages/ and you open the file default.aspx, does it work?

Check in your settings of IIS where is the folder for your content (C.\IIS\) and if there are all the subfolders, in your you must have: \RDWeb\Pages\ If you don't know, search with windows search.

A domain is a group of objects (computers, users, policies, ...). In a windows environment you have a basic NON-domain WORKGROUP (called workgroup) which is good until 10 clients, then you can't add more pc. This limit is imposed by microsoft. In a domain you can easily manage everything at once, when you decide that the new default printer will be the HP IdontKnow instead of the Canon IreallyDontKnow, you don't have to access all the computers, you can just change your script or group policy. Regarding NAMES: well you should have everytime a local domain and (if needed) a public domain. Dynamics update are something different, actually megahosting.co.nz and megahosting.local ARE NOT the same thing. Windows doesn't know anything about the similar name. So, you should first create the LOCAL domain and THEN the public domain. To be honest this doesn't matter, the most important thing is: have 2 domains, internal and external. Hope this help.

Well no... but how can you check if the port is opened if there's nothing behind it? I can disable the firewall in my network, but if I don't have any WEBSERVER (example) if I write http://myhostname.whatever on my browser I simply have nothing! The port is opened but there's not a service running behind it...

Check your URL: /RDWeb/Pages/default.aspx/ It cannot be right, the last SLASH shouldn't be there, it should look like this: /RDWeb/Pages/default.aspx

And which program should work on that port? You would be able to reach it in this way= http://megahosting.co.nz:50000/ ?

You just have to create the SRV record in "megahosting.co.nz" and the name of this record will be: "_ldap._tcp.dc._msdcs" ps: pay attention when you reply, you have edited my post )

Are you sure is not opened? I mean... there's no reason for Win FW to don't open a port ) maybe the executable of the program is blocked... can you provide more details about what are you opening? Well, many FWs have this possibility, you can "block" a scan from outside, it's like a traceroute, there're firewalls that blocks packets and stop. The same thing happens on port scanning. When you are trying to find an open port (because of you're an attacker or you're testing your OWN security) you can use many programs that have also the settings to wait for the next probe. In other words, if your firwall see that the IP 8.8.8.8 is checking (connection try) on port 443 it can't (it couldn't) block this IP, but if this client in 1-2 seconds try the same thing on different port... well this is a scan ) There're other ways to scan (only with SYN, complete ACK, Christmas Tree, ...) and all of these technics are different and more or less complex. The built in FW in windows doesn't have so many settings to block specific ip on port scan. You should check other products (most of them are appliance...) but trust me, you don't really need this. Where I work right now, something I must go to clients to check network and security. Almost everyone receive a port scan but this is "normal", I mean, you must check if you are under attack, but a port scan could be only a bot which is trying to infect your pc via an open port...

The answer is there... your DNS does not have the SRV record related to "_ldap._tcp.dc._msdcs.megahosting.co.nz" this looks a bit strange to me but add this record manually and everything should be resolved.

Well the first 1024 ports are WELL-know, then there're the REGISTERED port (until 49151) so you should use a port in this range: 4915265535 Blocking port scanning is not possible, by default the port is blocked, but you can still be able to scan it...

Depends on what do you want to see and how do you want to deal with it. There's System Center from MS: http://www.microsoft.com/en-us/server-cloud/system-center/default.aspx If not there's PRTG Network Monitor but it doesn't look at the event log. There are so many softwares that can watch the eventlog, but you must say if you want a unique solution (if so, System Center is the best solution) or not. If not, well the problem can be yours programs, you say you want to monitor the backup process, ok... but which program is doing this? It provides a log? An e-mail system?

Mhhh but do you have at least the entry in your firewall? I mean, when you click apply, does the rule is registered? re you sure you don't have another firewall? Which port are you trying to open? Which port is already opened? There's only one policy which doesn't permit (to the user) to save password for .NET Passport account. This means you can still save VPNs password and so on if they're not Windows things.

Let's say that I don't have an answer. This is my though: Don't disable the loopback check, actually it's not causing problem... right? What you could do is to specify NTLM host names, which is easy and safe. I really don't know which is the best solution. I had just one time this problem and I resolved with NTLM host names but I didn't make any test to understand which scenario is better.

Also if you don't use / have IIS, check this KB: http://support.microsoft.com/kb/896861/en-us

In which way are you connected to the server? It's a remote desktop connection?

You are almost done with your job... To configure DHCP there's the wizard (when you add the DHCP role), doesn't matter the external interface, when asked, select the internal interface (private, LAN). Anyway if you want a step-by-step... Regarding the sharing... actually you are not sharing the connection, or at least you don't have to... you can easily ROUTE the connection from NIC 1 to 2. Once again to set up ROUNTING in server 2008 there's a wizard which is really easy (your scenario is not complicated), but if you need a step-by-step...

Can you post the result of ipconfig /all on the computer / server which has this problem?