Provide Feedback on this Broadcast

Note This document is based on the original spoken WebCast transcript. It has been edited for clarity.

Frank Brown: My name is Frank Brown. I'm here with Ray Fong, and we're going to be presenting an overview of some of the features and the setup and configuration of Remote Web Workplace, a new feature of Microsoft® Windows® Small Business Server 2003.

To give you an idea of what we're going to be covering today, our main objectives (slide 2) today are to help you understand the requirements, setup, configuration, and features of Remote Web Workplace. In the process we're going to identify some of the common Remote Web Workplace scenarios and give you a little background about why we have Remote Web Workplace and why it's such an exciting part of Small Business Server 2003. We'll also take a look at troubleshooting common types of errors or problems you may run into with Remote Web Workplace. During the question-and-answer session, we'll probably be able to help address any issues that you have at the moment.

A little more specifically (slide 3), we're going to be digging down a little bit into some of the product design goals, and what was the reason for designing this particular feature of the product. Again, we'll go over some of the scenarios, some of the situations where Remote Web Workplace may fit with your environment. We'll take a look at, also, like I mentioned before, some of the setup considerations, and those are going to be very critical as you'll see, and Ray will explain that. We'll also take a look at, for those people who do have the premium version, how you can publish the companyweb through ISA. That's a very important feature as well. As I mentioned before, we'll also have a question-and-answer session at the end of the presentation.

To give you an idea of why we even created the Remote Web Workplace (slide 4), in previous versions of Small Business Server, exposing internal network resources to remote sites often required configuring the Small Business Server for virtual private network (VPN) or dial-up types of connections. Users often had difficulty configuring either their laptops or their home computers to make these connections. Also, in some cases, that type of connection was not available for certain types of workstations, such as Internet kiosks. In addition, quite often users had to remember or record separate addresses for Outlook® Web Access (OWA) and Terminal Services. And administrators had to deal with the added complexity of enabling RRAS.

These factors made configuring and using remote features difficult for administrators and users alike. Small Business Server 2003 includes, of course, Remote Web Workplace to help streamline and simplify the use and administration of all the remote features. It provides a single access point that users can access anytime, anywhere, from any device. Basically, all they have to do is remember a single URL.

So again, the key points we're trying to get across here are that we want to better enable people anywhere, anytime, on any device. We also want to increase the use of SBS remote features and, also, simplify the use of those features. Also, with the emphasis on security, we want to be able to provide the secure connection without giving end users total VPN access to the server, if that's not desired.

The next slide (slide 5) shows some of the scenarios that highlight the value of Remote Web Workplace for Small Business users. In previous versions, as I mentioned before, mobile users had limited access to corporate resources while traveling or while out of the office. Users were limited to the following technologies: VPN, OWA, and Secure Sockets Layer (SSL) security, each which has its own limitations. VPN, like I mentioned before, often required client knowledge and labor to configure. With Remote Web Workplace, now VPN configuration can be downloaded and installed using Microsoft Connection Manager technology.

OWA, in previous versions, did not provide the full set of Exchange features that users were accustomed to. Now Small Business Server 2003 installs with Microsoft Exchange Server 2003, which includes an updated version of Outlook Web Access, with enhanced features, such as a spelling checker and scheduling, which gives the user those capabilities without the need for other third-party types of applications.

As far as SSL or certificate security, this often required additional configuration or an installation of Certificate Services. SBS 2003, through the Configure E-mail and Internet Connection Wizard (CEICW), provides the ability to automatically configure Remote Web Workplace to use certificates to enhance security. So again, that's an added benefit.

For the home user, users can now connect to their Microsoft Windows XP desktops at work, again, with no need for a VPN connection. They can access their documents stored on their own desktop, using Remote Desktop Services to increase productivity. For the terminal server, they can set up a dedicated terminal server and allow people to connect to line-of-business applications. Again, that would be a separate terminal server on the network.

Also, for remote troubleshooting, VAPs can now check on the server anywhere and anytime from a browser. They can check on the server status, look up any problem through the various links that are provided, and also look at things like server performance reports. VAPs can also use the Remote Web Workplace to connect into client's machines, using Terminal Server, for desktop issues. That can also save a trip to the site, and it eliminates the need to use Terminal Server to connect directly into the server and then use Terminal Server to connect into, let's say, a client's desktop, if they need to resolve desktop issues.

So that leads us into just what exactly is Remote Web Workplace (slide 6)? It is basically a dynamically created Web site that provides users a single, simple, and consolidated entry point to access important features of the Small Business Server 2003 server remotely. These features can be grouped under the following general categories. There are typically links that relate to Remote Desktop, SharePoint™ Server, monitoring, messaging, user assistance, and remote access.

Users can access all of these features by using a Web browser from any Internet-enabled computer, such as their home computer, an Internet kiosk, or a laptop. They can use that to navigate to the external address of the SBS server, just by simply typing in the URL for that site. Web content is going to be dynamically delivered based on the user's logon credentials. So after the user has been authenticated to the site, the user will see either the knowledge worker or the administrator page, as we'll see in a little bit.

Just as a little overview of those, if the user authenticates as a member of the Remote Web Workplace Users Group, he or she is going to be presented with a main menu page containing links to open SharePoint, Outlook Web Access, Client Help, and remote desktops of client machines. It also has a link to download Connection Manager and provides, also, the latest usage reports. Again, if any of these features are not installed or have not been configured through the wizards, those links will not be displayed.

Also, if the user is using an Internet Explorer browser version that's earlier than Internet Explorer 6.0 Service Pack 1, and the user is on a public computer, we do not show links to the SharePoint or monitoring Web sites. We present the user with an explanatory message just below the welcome message. This is kind of like a security precaution, because Internet Explorer versions before Internet Explorer 6.0 Service Pack 1 have no method to clear the authentication cache.

The administrator page is shown to all users who are members of the domain Administrators group. All possible links are shown to the administrators from this page. One nice feature though is that the links are grouped into administrative tasks and additional links to better differentiate what the administrator should be looking for, and it also helps to reduce some of the visual clutter. As I mentioned before, the same issues involving Internet Explorer apply. Those people who have versions before Internet Explorer 6.0 Service Pack 1, on a public computer, they're not going to see SharePoint or monitoring Web sites. So again, those same rules apply.

Ray Fong: Thank you, Frank. On the next slide (slide 7) we will talk about the setup and configuration of the Remote Web Workplace. Remote Web Workplace files are copied as part of the SBS Server Tools installation. So when you run the integrated setup, you'll select Server Tools, which will be installed to the server, and the files will be copied to the Inetpub\Remote directory. So Remote Web Workplace is not available externally until the administrator publishes the site by running the Configure E-mail and Internet Connection Wizard, also known as the CEICW.

After the site has been published, the packet filters will be created in the RRAS to allow TCP port 80, 443, and also TCP port 4125 and 3389 connections to the server. If you are using a third-party firewall instead of RRAS, you also need to make sure these ports are open. If you are running the premium edition, the CEICW will also configure ISA to have those ports open.

Until the CEICW is run, there is no certificate installed on the server to support SSL. So when you look at the Remote virtual directory under the Inetpub, you will see IP restrictions set to only allow the localhost and the internal client machine. So this allows the administrator to sample the Remote Web Workplace from the server without allowing the clear-text Windows password to be sent across the local network by the forms-based authentication of the Remote Web Workplace.

The Remote Web Workplace is an ASP.NET Web site that lives on the Small Business Server. It requires authentication to reach the main menu, which is the dynamic list of links that is determined by the available features on the particular SBS installation and the user's credentials.

When you look at the SBS default Web site, you will notice an ISAPI filter called Sbsflt. What this does is it redirects the incoming traffic from HTTP to HTTPS. So in case one forgets to type in the https://FQDN/Remote, if you have this filter installed, and by default it is installed, it will redirect the traffic from HTTP to HTTPS. Another feature of this ISAPI filter is it will redirect companyweb traffic to companyweb on port 444. So in case you require the companyweb for SSL, and you forget to type in the HTTPS, that filter also will redirect you from http://companyweb to https://companyweb:444.

As part of the installation, a user group called the Remote Web Workplace Users will be created. All the predefined user templates are members of this Remote Web Workplace Users Group. Members of this group are allowed to access the Remote Web Workplace.

As mentioned earlier, Remote Web Workplace uses the following TCP ports: we need TCP port 80 for the HTTP Web requests, and port 443 for the SSL requests. If you decide to publish the companyweb, you also need to make sure port 444 is open. We need port 4125, which is required by the terminal server proxy, and Frank will describe later on what exactly the terminal server proxy is. Finally, we need port 3389 if you decide to use the Remote Desktop feature.

When you connect to the Remote Web Workplace, the first screen you will see is the logon page (slide 8). So before the user can gain access to the Remote Web Workplace, we are presented with this forms-based authentication logon page. This page requires the user to enter their user name and password. The page will not prompt the user to put in the domain name during the authentication process. Their current SBS domain name will automatically be including during the logon.

The authenticated user must be a member of the Remote Web Workplace Users or the administrators groups to access the site. Once again, by default, all the user templates are members of this Remote Web Workplace Users Group. All anonymous access to any page of the Web site besides the logon page will be denied. If the user name or password is not correct, or if the user is not a member of the Remote Web Workplace Users or administrator group, he or she will receive the following message, "The user name or password is incorrect. Verify that the CAPS LOCK is not on, and contact your system administrator to ensure that you have the correct permissions to use the Remote Web Workplace."

If you also configure the server to send you alerts, you will actually receive an alert if the user tries to authenticate it through the Remote Web Workplace multiple times with the wrong password. So at that point, you know someone may try to access your server by getting the user name and password.

When you look at the logon page, you will also see a Connection speed drop-down list that allows the user to specify the connection speed for the session, and to also to set the performance option within the site. The menu, by default, is set to broadband, but there will be four options available, which will be Modem (28 Kbps), Modem (56 Kbps), Broadband, and Small Business Network. Once again, it depends on the option you pick out; you will have a different experience when you log on to the Remote Web Workplace.

At the bottom of this logon page, you will see a check box, I'm using a public or shared computer. It will allow the user to select whether the session is on a public computer or not. By default, the session is on a public computer. The public session will default to a 20-minute time-out if you do not select that box. If you are internal, you can clear that check box and the time-out is set to 120 minutes.

The logon page will disable Internet Explorer's autocomplete feature, so the user cannot accidentally resave the credentials on a public computer.

Change password (slide 9): If it is determined the user must change his or her password when they log on to the site, for example, if you require the user to change the password at logon or if the password has expired, the logon page will actually present an error message, like the screen I'm showing you. Then at that point, you need to enter the correct user name and password along with the new password. And then when you click OK, it will change the password for you. The New password and Confirm new password fields must match before we will set the new password for the user. Also, the User name and Old password fields must be completed successfully before we will change the password.

After you log on, as Frank mentioned, it depends on if you are the administrator or the Remote Web Workplace user; you will be presented with two different screens. The one we are looking at right now is the knowledge worker page (slide 10). So the user authenticated as a member of the Remote Web Workplace Users Group will be presented with this main menu; it contains a welcome message, a logoff link, the link to open SharePoint, Outlook Web Access, Client Help, and also the Remote Desktop of the client machine, and also the second server, which will be available for the terminal servers running in an Application Server Mode. It also has a link to download Connection Manager and the latest usage report. If any of those features are not available or they are not installed, the link will not be displayed.

If you log on as the administrator, you will be presented with this page (slide 11). The administrator page just shows you all the members of the domain administrators. So even though you don't belong to the Remote Web Workplace Users Group, as long as you are the administrator, you will receive this page. All the possible links are shown to the administrator on this page. The links are grouped in Administrative Tasks and Additional Links to better define what the administrator should be looking for, and this will reduce the visual clutter.

I'm going to hand it over to Frank.

Frank: As we mentioned before, for most of the features on both the administrator's page and the knowledge worker page, we're going to look at those in terms of their functionality. How are they grouped? Are they grouped according to remote computer selection, remote administration, and that kind of thing?

The first things we're going to look at are the links on both the Administrator page and knowledge worker page that relate to remote computer connections (slide 12). The link, as you'll notice, Connect to the Server Desktop, is shown to the administrators. It links to the Computer Selection page, which is then populated with a list of Windows 2000 or Windows Server 2003 servers in the SBS domain, including the SBS server itself. Again, this is important because, obviously, as an administrator you may want to be able to connect directly with a server on your network to perform any kind of administrative types of tasks. The Remote Desktop session, at that point, will be opened in the same browser window, as we'll see.

The other link that's presented on the administrator page, related to Remote Desktop administration, is of course Connect to the client desktops and Connect to my computer at work. Again, this is shown to administrators and members of the Remote Web Workplace Users group, respectively, if there's a computer on the network running Windows XP or later. So again, this feature is not going to be available if you have any earlier-version clients running previous versions of Windows; it has to be Windows XP or later. SBS and other servers will not be listed if you choose to connect to the client desktop or connect to a specific computer at work.

On the knowledge worker page, the link Connect to my company's application-sharing server is only going to be displayed to members of the Remote Web Workplace Users group if there is a Windows 2000 or Windows Server 2003 server on the network that's running Terminal Services. In other words, you have a standalone server, a terminal server, that's running in Application Sharing Mode and you may be running some kind of line-of-business applications on that server. Again, we set it up that way because, as many of you may already know, SBS 2003 does not support Terminal Server in Application Sharing Mode. So again, it would have to be a standalone server.

Similar to the Remote Desktop Connection client, you can expand the Optional Settings to select the screen size of the connection, and whether to redirect local devices like drives, printers, sound, et cetera, so it's very much like what you would see with a Remote Desktop client.

The Remote Desktop performance option is going to be determined by the connection speed you choose, when you first logon to the Remote Web Workplace. Again, depending on what you select on that initial logon page, that's going to affect the performance of the Remote Desktop connection. For instance, if you selected a 28.8-Kbps modem, it's going to just do bitmap caching, that's it. If you selected a 56-Kbps modem, you're going to get the experiences of a 28.8-Kbps modem. In other words, it will perform bitmap caching, plus it will allow you to support things like themes.

A broadband connection is basically everything that's included with a 56-Kbps connection, plus it shows you the contents of Windows while dragging, and it also supports menu and window animation.

Of course, if you choose Small Business Network, you're going to experience all the same features of the broadband connection, plus it will display desktop backgrounds. So again, based on the bandwidth that you have, you'll get more features. So that's kind of a neat feature.

When you select or click Connect to connect to the machine, the browser is going to attempt to download a Microsoft Remote Desktop ActiveX® control from the server to the client (slide 13). Again, that's going to be if the client does not already have it installed. The actual file that is downloading is located under the %systemroot%\Inetpub\Remote directory, and it's called Msrdp.cab. After it's installed, it will be installed to the client under whatever their Windows directory is, %windir%\Downloaded Program Files\Microsoft RDP Client Control. Again, that's where it will be downloaded.

If the control cannot be downloaded, you're going to be returned to the main menu with the following error. It will say, "This portion of the Remote Web Workplace requires the Microsoft Remote Desktop ActiveX control. Your browser's security settings may be preventing you from downloading the ActiveX controls. Adjust these settings, and try to connect again." So again, you'll get that error message, and that's a signal to maybe check some of the security settings in Internet Explorer.

After the ActiveX control is installed at the client, Remote Desktop sessions will be established and rendered in the same Internet Explorer window. So again, there's no need to install a Terminal Server client.

To support a Remote Desktop connection to the client machine through a firewall, SBS implements a server-side port forwarder (slide 14) that uses the SBS server to dynamically forward Terminal Server data through a firewall or a router, keeping the Terminal Server connection alive. What this slide is going to explain is basically how this process works. I'm going to step you through that.

First of all, the remote user is going to open up a Web browser and navigate to the computer selection page of the Remote Web Workplace site, connecting on TCP port 80. The remote user is going to be prompted to install the Terminal Server ActiveX component, if necessary, as we mentioned in the previous screen. After that's installed, the SBS server is going to query the Active Directory® for all internal client computers running an OS that supports Remote Desktop. Then it will present that list to the remote user for selection.

After that, the user is going to select his or her internal client and then click the Connect button. The Small Business Server reads the port value from the registry, and that location is HKEY_LOCAL_MACHINE\Software\Microsoft\SmallBusinessServer\RemoteUserPortal\Port and creates a listening socket on that port. That's TCP port 4125 by default. This port is opened on the firewall, if the user has run the SBS CEICW. For those of you who have a single NIC configuration, again, you'll have to open that port on your router. The SBS server creates a connection to the internal client's remote desktop sharing service on TCP port 3389. Ray mentioned that earlier; that's another port that you need to make sure is open on your firewall.

The server then creates a thread to manage the Terminal Server connection between the remote client and then the internal client Terminal Server connection. The thread is started, and the port value for the server is passed back to the client in the form of a URL. At that point, the Terminal Service ActiveX control connects using the port specified in the returned URL. Then, after that, the thread monitors port traffic and forwards any Terminal Server requests to the appropriate client.

Another new feature to Small Business Server is, of course, the SharePoint Services for companyweb (slide 15). This screen has some of the links that you're going to see through Remote Web Workplace, if you log on as the administrator versus a knowledge worker. The links Monitor Help Desk, Administer the company's internal Web site, and View my company's internal Web site are shown to administrators and members of Remote Web Workplace Users, respectively, if the intranet feature is installed and published through the Configure E-Mail and Internet Connection Wizard.

Unless you're accessing Remote Web Workplace internally, you're going to be prompted with user name and password when you're connecting to the links. The reason for this is because those services do not rely on the forms-based authentication that OWA and Terminal Services would. After you specify the correct credentials, companyweb will be opened within the same Internet Explorer window.

As the administrator of the network, you can then connect to the Help Desk to review issues submitted by users — again, it's basically a database that is part of the SharePoint Team Server — or connect to Site Settings to edit or modify the companyweb. As a regular user, you can then connect to the Main page of the companyweb to create or review documents or events created by others. So again, if you haven't had a chance, definitely explore the SharePoint Team Services and the companyweb features. It's really kind of neat.

The next slide, again, pulls out some of the links that are directly related to monitoring (slide 16). The links View server performance report and View server usage report are going to be shown to administrators if the server performance and usage report is published through the Configure E-Mail and Internet Connection Wizard. To have that displayed as a link, you need to run the Monitoring Configuration Wizard that's available through the To Do List. Again, that's very important. You have to run that first, before this link is even going to be displayed.

The link View server usage report is shown to members of Remote Web Workplace Users if server performance and usage report is published, again, by the CEICW, and the user is also a member of Usage Report Users Group. Again, make sure they're part of the Usage Report Users Group.

Unless you are accessing Remote Web Workplace internally, again, just like before, you're going to be prompted with user name and password if you're connecting to that link.

After you do that, you can then look at the reports to review the most recent list of critical alerts, event logs, messages, and performance counters, and you can also see how the server resources are being used. So again, that presents a lot of that information in a Web form.

This screen lists some of the links that relate to messaging services (slide 17). Again, it's a little bit different, depending on how you authenticate. The links Use Outlook Web Access and Read my Company e-mail are shown to administrators and members of the Remote Web Workplace Users, respectively, if Exchange is installed and Outlook Web Access is published through the CEICW. The user name and password specified at logon is automatically going to be forwarded to Outlook Web Access. So no additional credentials need to be provided, and the page will be open within the same Internet Explorer window.

Depending upon the connection speed and the version of Internet Explorer, Outlook Web Access could be opened in what's called premium client or basic client mode. The premium client provides all Outlook Web Access features. The basic client provides fewer features than the premium client, but offers faster performance. For instance, if you selected a 28.8-Kbps modem or a 56-Kbps modem at the logon page, or the version, let's say for instance, is earlier that Internet Explorer 6.0 Service Pack 1, in that case OWA is going to be opened in basic mode. Otherwise, it will be opened in premium mode.

If you want to connect to Outlook 2003 on a remote client to the SBS Exchange server over the Internet, the instructions for doing that are provided through the link Configure Outlook via the Internet. It provides you a series of step-by-step instructions with your specific server information. And this allows you to configure Outlook 2003 to securely connect to the Exchange server, using SSL, without any VPN setup. You'll often hear this feature referred to as RPC over HTTP. Again, if you have Outlook 2003, you want to follow that link, and that will give you the step-by-step instructions for configuring Outlook 2003 to connect to your Exchange server by RPC over HTTP. Again, that's a really exciting feature as well.

We're almost to the last two features we're going to look at. Remote connection (slide 18): The links Download Connection Manager and Connect my remote computer to the network are shown to administrators and members of the Remote Web Workplace Users Group if you have previously completed the Remote Access Wizard from the To Do List in Server Management. This is going to be used to help people configure a VPN connection to your server, if so desired.

Basically, what you're going to do is run the RRAS wizard through the Server Management, and it creates a Connection Manager package called Sbspackage.exe. When the user clicks that link, it's going to download and install an icon on their desktop under Network Connections. That would allow them to just simply double-click that icon and connect to the VPN server at your office. Again, it's using Connection Manager technology to allow you to download and install a package that would configure the client to create a VPN connection automatically.

The last type of link that you're going to see on the Remote Web Workplace relates to Remote Assistance or other assistance (slide 19). Again, depending on how you're logged on, you're going to see one of two different screens. If you're logged on as the administrator, you're going to see a link called Provide Remote Assistance, View Client Help, or Ask the Community. If you're connected as the knowledge worker, you'll see View Remote Web Workplace Help. Most of these links are going to display the help screen. Provide Remote Assistance would be if, for instance, a Windows XP client used Remote Desktop to request some assistance from you.

The final screen I'm going to take a look at today is the logoff screen (slide 20). The Web site supports a logoff feature that prevents any future user of the same browser from pressing the Back button and then being authenticated to or seeing pages from the previous session. Basically, what's going to happen is the Remote Web Workplace logoff process is going to revoke any cookies that are installed on the client, and it will forward the logoff request to OWA and any Terminal Server connections, if they're open. And it will terminate those sessions. The Web site then displays a message to reaffirm that you are indeed logged off, as you can see on the slide.

If there is no action, let's say from a public session — let's say if someone is at an Internet kiosk at an airport, for instance, and they walk away from it without logging off — after a set period of time, the default being 20 minutes, the session will time out, and the user will have to log on to it again to use the site. In a private session, for instance, if an internal client were to connect, the internal time-out is set to 120 minutes to allow for longer, uninterrupted sessions.

Basically what happens is one minute before expiration users are going to be prompted to continue the session with a pop-up Yes or No dialog containing the following text. It will say, "Your Remote Web Workplace session is about to expire due to inactivity. Do you want to continue using the site?" This window is going to appear above any other window that may be open, and it's going to remain open for one minute. If the user does not respond after a minute, the pop-up disappears, and the user will be logged out. If the user selects No, the user is logged out. If the user selects Yes, we reset the timer to whatever internal or external limit is appropriate for that user.

Ray: Thank you. On this slide (slide 21) we will talk about how to publish companyweb through the ISA. It depends on whether you're running SBS standard edition or SBS premium edition. If you're running premium edition, on which you have ISA installed, when you run through the CEICW you'll notice you will not have the SharePoint on the companyweb available. In other words, by default you won't be able to publish the companyweb through the ISA.

On this slide we will give you an overview on how to publish the companyweb through the ISA. For more detailed information, there will a KB article describing the steps in detail, so you can follow that. But right now, I'm going to give you an overview on what to do if you want to publish the companyweb through ISA.

There are three areas you need to configure. You need to set up the ISA; you also need to set up the IIS; and, finally, you need to modify the registry key. From the ISA, we need to create a protocol definition on port 444, because companyweb uses port 444, and by default ISA would not have that available. You will need to create a TCP port 444 definition with the protocol type set at TCP, and change the direction to inbound. Then after you have this protocol definition, you will need to server publish the companyweb.

Start the ISA Management console, open the publishing container, right-click the Server Publishing Rules, point to New, click Rule, and then enter a name. You can use any name you want; companyweb will be fine. If you walk through the wizard, the Internet IP address you want to specify is the IP address of SBS. By default it will be 192.168.16.2. Then on the next screen you will see it asking you what protocol definition you want, and you will want to do the companyweb Inbound 444, the protocol definition you created several steps ago. After you finish the ISA configuration, restart the firewall service to make sure all the changes take effect.

When you're done with the ISA portion, you need to go on to IIS. If you go to the companyweb right now, you will not see a certificate installed. So you need to go to the Directory Security tab, Server Certificate, and install the certificate. When you look at a certificate, there will be two certificates available to you. One is the public FQDN, the one you created during ICW. The other one will be for publishing.domain.com. Then you will need to specify the FQDN.

Then on the next screen it asks you for the SSL port. The SSL port you want to specify is 444. You don't want to use 443, because the default Web site is already using 443, so you need to specify a different port number, which will be 444. If you are using a hardware firewall, definitely you need to make sure that port 444 is also open at the hardware firewall.

After you finish the IIS configuration, you will need to go to the registry key to make those links available on the Remote Web Workplace. If you go to HKEY_LOCAL_MACHINE\Software\Microsoft\Small Business Server\Remote User Portal\Admin Links, you will see HelpDesk and STS. You need to change them from 0 to 1. Then you go to the Remote User Portal\KWLinks, and you need to change STS there from 0 to 1. Once again, more information on how exactly to publish the companyweb through the ISA will be available in Knowledge Base articles.

On this slide (slide 22), we'll talk about some of the common troubleshooting, and some of the common issues customers are seeing right now. Some of the links are not available. The links are generated dynamically based on a group memberships, and whether the feature is installed and published through the CEICW. For example, if the user does not have a mailbox, or OWA is not published, the links Use Outlook Web Access or Read my company e-mail will not be available.

If ISA 2000 is installed, the links Monitor Help Desk and Administer the company's internal Web site will not be available. But once again, refer to the previous slide for instructions on how to publish companyweb through the ISA.

There is no SSL redirection. When you connect to Remote Web Workplace through the regular HTTP, and you are not being redirected to the secure Web site through the HTTPS — for example, https://FQDN/Remote — if you are seeing something like that, you need to verify the ISAPI filter, Sbsflt, which is located in InetPub\Sbsflt. Sbsflt.dll is loaded in the default Web site. You need to make sure the default Web site, of course, is running also.

There are some common errors we've seen. One of the common ones is the user name or the password is incorrect. Verify that the CAPS LOCK is not on, and then retype the current user name and password. If you receive this error message again, contact your system administrator to ensure that you have the correct permissions to use the Remote Web Workplace. So the resolution is you need to make sure the user and password, of course, is correct, and you also need to make sure the user belongs to the secondary group called the Remote Web Workplace Users.

Another error message is "This portion of the Remote Web Workplace requires a Microsoft Remote Desktop ActiveX control. Your browser's security setting may be preventing you from downloading ActiveX controls. Adjust these settings, and try to connect again." If you see this one, you need to make sure the files that provide the Remote Desktop ActiveX control is in the correct location. So you need to verify that in the %systemroot%\Inetpub\Remote\Msrdp.cab is available at a server. If it is available, the file may be corrupt. Then, at that point, you need to replace that one from the CD1:\i386 folder.

Another scenario could be maybe the Remote Desktop ActiveX control is missing or corrupted at the client side. If that's the case, you need to go to the client. Go to the Windows directory, Downloaded Program Files. You will see a folder called Microsoft RDP Client Control. You need to delete that one and download this ActiveX control again. Also, from the client side, open Tools, Internet Options, click Security, then click Custom Level. Verify that Download signed ActiveX controls and Run ActiveX controls and plug-ins is either set to Enable or Prompt.

Another error message you may see is "The client could not connect to the remote computer. Remote connections may not be enabled or the computer might be too busy to accept new connections. It is also possible network problems are preventing your connection. Please try connecting again later. If the problem continues to occur, contact your administrator."

If you see this one, the first thing you may want to do is run the CEICW from the Server Management To Do List to publish the Remote Web Workplace, which will make the TCP port 4125 open at the RRAS. Of course, once again, make sure TCP port 4125 is open at any hardware router.

Another error message will be "Connectivity to the remote computer could not be established. Ensure that the remote computer is on and connecting to the Windows Small Business Server network." If you receive this error message, make sure the client you are trying to connect to is turned on, and you need to make sure that Remote Desktop is enabled at the clients. Verify that it runs from a LAN machine. See if you can use regular Remote Desktop to connect to that client.

These are the common errors customers are seeing today. So make sure you have the correct files, and make sure the ports are turned on.

We will go to the Q&A session right now.

Otto Cate: Let's start with this one here: Can the logon be set up to automatically direct to the user's desktop?

Frank: Currently, that feature is not supported. I think in previous beta versions there was some discussion about that. But currently there is no one-to-one mapping based on the user authentication to their particular desktop, from that selection screen.

Otto: The next question: Does the Remote Web Workplace work if you install the standard version of SBS 2003? Does it use any functions in ISA?

Frank: Remote Web Workplace comes with both SBS 2003 standard edition as well as SBS 2003 premium edition, so it's not dependent on ISA. Let's say, for instance, you run the Configure E-Mail and Internet Connection Wizard on a standard version. It creates the appropriate packet filters within RRAS, as opposed to ISA. Hopefully that makes sense. Does that answer the question?

Ray: Either way, if you're running the standard edition or premium edition, Remote Web Workplace will be available.

Otto: Just to further clarify: Where does it find the computers when I select Remote Desktop? Is it from Active Directory or Network Neighborhood? And does it see computers that are turned off?

Frank: It finds it through Active Directory. It's going to query Active Directory to provide the user with a list of computers that are running Windows XP or later.

Ray: Yes. It's going to show you all the computers running Windows XP or later. One thing to remember is even when the computer is turned off, the name of that machine will also show up on the list. So when you click that computer from the Remote Web Workplace, you need make sure that client machine is actually turned on. Because if it is turned off, that name will still show up on that list. We look for the Active Directory; we will not test whether that machine is turned on or not.

Frank: Another important point to make as well is that with Small Business Server, and again, this is probably a little bit of a different topic, but when your Windows 2000 or Windows XP clients join the domain, typically they're connecting to a connect computer Web site. It's very important that you go through the process of creating your users and creating your computer accounts by using the wizards provided by Small Business Server. What that will do is when you connect to the Web site and configure the client, it will also set up, for instance, the Remote Desktop capability on the client machine. If you don't — let's say, for instance, you go through and you just create the computer the way you normally would just create the computer account — to join the domain, you'll have to do a little footwork on your own. You'd have to go into the client, Advanced Properties, and then enable Remote Desktop capability that way, as opposed to having it done automatically.

Otto: The next question: Can you briefly explain what a Small Business Network is and what it's used for?

Ray: This particular question probably would be off topic. For this kind of question, what you could do is go to a newsgroup. You may want to post this question to the newsgroup, and that address is microsoft.public.windows.server.sbs.

Frank: A brief answer to the question would be Small Business Server 2003 is mostly designed for small to medium-sized networks, of no more than 75 users: single-server, single-site, single-domain types of configurations. It uses an awful lot of wizards to automate a lot of the administrative functions of a network. So it's really designed for those small-to-medium types of networks, where you may not have a dedicated IT person on staff.

As Ray mentioned, you can also ask more or drill down into more specific items in that public newsgroup. It's microsoft.public.windows.server.sbs. I gave just a brief overview. But definitely post a question there, and we can probably answer it in whatever level of detail you need.

Otto: The next question: I run a network of 150 people, and I also care for five SBS 2003 systems for other small businesses. I was wondering if the Remote Web Workplace is available to larger businesses as an add-on or something of that nature? This would greatly enhance the remote experience for home and remote users for my primary 150-user company.

Frank: Unfortunately, that's not something that's offered in the Standard Edition of Windows Server 2003, or Enterprise Edition, or any of those editions. It's only available to the Small Business Server. I don't know if there are any plans to offer that beyond that. I kind of doubt it. But that certainly is something that you may want to suggest as an enhancement feature. If you go to the Web site, there's usually a link where you can offer product suggestions and that kind of thing.

Otto: On this question, we might need some further clarification from the listener, but I'm going to ask it just in case: I'm currently getting an error about 128-bit encryption, that the client has the pack installed. Is that something that you guys have seen, or do you guys maybe need a little bit more detail to address that type of question?

Ray: Yes. We probably need more specific information on that exact error in the scenario. Maybe the customer can post that question to the newsgroup.

Otto: Okay. Thank you. What does not work if the ActiveX program is not installed on a public computer?

Frank: Basically, the ability to connect to Remote Desktop. For instance, if they go to the Remote Web Workplace and they try to connect to their computer at work, that feature won't work. Usually you will get a prompt. As I mentioned before, when you click to connect to the computer, it will prompt you to download and install that ActiveX control.

Otto: The next question: I'm using SBS 2003 in a single NIC configuration, and we're wondering why we need to open port 3389 on a third-party firewall. I've successfully tested the Connect to Server Desktop and Connect to Client Desktops through ports 443 and 4125 only. This has the added benefit of being protected via SSL. If you open port 3389 on an external firewall, aren't you leaving an unencrypted path to the SBS server and bypassing RWW's SSL security posture?

Ray: On this particular one, the reason why you need port 3389 is if you decide to connect to the server directly, you need to have the port 3389 open.

Frank: I guess if you don't need to do that, to create a direct connection, then that's fine as well.

Ray: Yes. If you decide you want to just go use Remote Web Workplace to always connect using Terminal Services through the Remote Web Workplace, then yes, you can use 4125.

Otto: I've installed Windows XP to all desktops and SBS 2003. I can connect to all but three desktops remotely as users or administrator. This might need a little extra clarification, or maybe it's something that they need to ask in the newsgroup or through a support incident. But do you know generally what might be the cause, that they can connect to all but three?

Ray: One thing you want to make sure of is if you can connect to that machine internally. For example, if internally you cannot even use your regular Remote Desktop to connect, then obviously you won't be able to do it through the Remote Web Workplace. Another thing you want to make sure of is that the client's IP address is registered in the SBS DNS. So basically, we need to make sure we have the name resolution correct. Beyond that one, if you have any specific questions, you may want to go to newsgroup support. There you can post questions more specific to your environment, and you can go from there.

Otto: Is it an absolute requirement to install ISA?

Ray: No, it's not. Without ISA, you will be able to use Remote Web Workplace. So ISA is not a requirement. Once again, if you are running SBS 2003 standard edition or premium edition, you will be able to use the Remote Web Workplace. So ISA is not a requirement. But ISA will definitely give you more security features, like more monitoring. It will give you better locking levels.

Otto: The next question: Do any Web pages cache on the client machine?

Frank: I don't believe they do. Part of the process, when they log out, is that logout process will clear the current cache so that, again, there's no risk of somebody coming in and then just hitting the back button on the browser and seeing, for instance, that person's e-mail or whatever.

Otto: Is the Remote Web Workplace an available download, for those of us who are not using SBS 2003?

Frank: Unfortunately no. Again, that might be a good product suggestion, but currently it's only available in SBS 2003.

Otto: If remote users simply need Outlook Web Access, do you need a separate VPN server for SBS 2003 for secure access, or is the VPN service built into the Remote Web Services?

Frank: Depending upon what the client has, if they have Outlook 2003, they can configure the Outlook 2003 client to use RPC over HTTP. The actual step-by-step instructions for that can be found on the Remote Web Workplace site. For instance, if you want to try that out, if you have Outlook 2003, browse to your Remote Web Workplace site, and there's a link there. I forget what the name of it is. There's a link there that actually has the step-by-step instructions. Use Outlook over the Internet; that's the link that you want to click.

The nice thing about that Help screen is it supplies you with the URL that you're going to type as you go through the configuration process. So it will be unique to your specific server.

Ray: If you want to just use OWA, if you decide you don't want to use OWA over HTTP, what you could do is just go to the browser, type https://FQDN/exchange, and it will bring you to OWA. You don't need VPN to access OWA. You can use VPN, but it's not a requirement.

Frank: That's because by default we're going to install a certificate. Again, that's in keeping with heightened security, so that the actual connection, the Web connection, is going to be encrypted by a certificate.

Otto: How do I allow Outlook Web Access to be accessed from the Internet? Currently, I'm getting a message that it is not allowed due to restrictions in IIS.

Frank: It could be a number of things, and again, that may be something to post to the newsgroup. One definite thing you want to double-check is just to verify that port 443 is open on your firewall or router. That may be a simple part of the problem, because unlike in previous implementations of Small Business Server and OWA, where we didn't install a certificate by default, you could just hit it by hitting port 80. With SBS 2003, we're using certificates, so it's going to use 443. If that's blocked, obviously we're not going to be able to connect.

Otto: RWW and Outlook RDP over HTTP: How would those perform over a high-latency connection?

Frank: Of course, if you're using Remote Web Workplace, the connection choice that you select when you log on is going to dictate what you're going to see in Outlook Web Access. You're going to be getting just some of the basic features. You're not going to get things like spell checking and those types of features. That's one thing that would be different.

As far as accessing, let's say, Outlook using Remote Procedure Call (RPC) over HTTP, I'm not sure I have enough information on how good the performance would be. Of course, that way you're getting all the features, as you would with a normal Outlook 2003 client. But as far as performance, I don't have any numbers on that.

Ray: If you want to really find out the performance, you need to do a NetMon trace, and also look at the performance counter, and basically capture the traffic. Until we have that specific information, it is hard to tell, performance-wise. If you are interested, you may want to open a support incident with PSS. We may be able to determine if the performance is running at an acceptable level, or if there's something wrong with the line.

Otto: This one seems fairly related, but it's certainly asking about some different areas. The question is: How is the connection through Remote Web Workplace secure for the Terminal Server connection? Meaning, is all the traffic directed through port 443 and 444 and not subject to a "man-in-the-middle" attack?

Ray: Remote Desktop or Terminal Services traffic is already encrypted. So I'm not sure what additional encryption this customer is looking for. If you could post something a little bit more specific, that would be great. Or you could post it to the newsgroup, so we can further follow-up on that.

Otto: The next question: Can you host multiple Internet Web sites from SBS 2003?

Ray: For this particular one, you may want to go to the newsgroup. Let's stay focused on this topic, the Remote Web Workplace.

Frank: Technically, you can host another Web site, but again, you may want to think about performance issues, if it's a public Web site, and think about security issues. So again, there are those types of considerations, but you could do it by using host headers and all those types of technologies.

Otto: The next question: Can I remove the company name from the logon page?

Ray: Yes. That is just a registry key. Right now, I don't have that key right in front of me; but yes, there is way you can remove that company name from the Remote Web Workplace, yes.

Otto: The next question: Can the Remote Web Workplace authentication be configured to require third-party radius authentication?

Ray: We don't support that, no.

Otto: Are there any problems with running Remote Web Workplace for SBS 2003 in general, with only one NIC?

Ray: If there's only one NIC, then the only protection is coming from your hardware firewall. At that point, you need to make sure the hardware firewall has most of the ports closed, except ports like 4125, 443, and 80. At that point, if you are only running one NIC, the protection is at your hardware router. So you need to make sure you configure the hardware router correctly to block all the traffic you don't want.

Otto: The next question is as follows: Can you define the difference and the desktop options that would not be available if I do not use Terminal Server?

Ray: I'm not exactly sure of the question, but I think there's a link that allows you to connect to the terminal server, and that link only shows up if you have a second server running Terminal Services in Application Sharing Mode. So if you don't have that one, you will not see that link. I hope that answered that question. If not, you may need to give me more specifics on exactly what you're looking for.

Otto: If the user needs to post a follow-up, we certainly have some time to address it here during this session.

The next question is: After applying the SharePoint fix, re-running user permissions, and then logging on as an administrator, not on a public computer, the companyweb is not actually listed on the RWW screen. We have ISA, and we're wondering if there is any additional configuration that might be required. It worked before the installation of the SharePoint fix.

Ray: The SharePoint fix shouldn't cause any problem. One thing you may want to check is if you have ISA installed or not. As I talked about in the slides, if you have ISA installed, you need to make sure you publish your companyweb through the ISA manually. But as far as the fix, I'm not aware if that will remove that link from the Remote Web Workplace.

Otto: Why would we not use Active Directory software deployment, instead of your own function, when deploying software? Is there maybe a list of things that you shouldn't do manually, instead of using the SBS wizards?

Frank: You can always go through and configure things individually. The wizards are there to make it a little bit easier. For instance, I recall during the presentation I mentioned that if you don't connect to the Web site and join the domain, you'd have to go through and enable the Remote Desktop feature manually. If you're already comfortable with that, certainly you can do that.

You can go into Active Directory Users and Computers and create a computer account, and join the domain the way you normally would. The only thing is, you'd have to go back in on the individual client and then enable Remote Desktop, or else that feature wouldn't work. Certainly, you can do that, but if you use the wizards it makes it a little bit easier, and a lot of the other features are configured for you, that's all. Ray, do you have anything to add?

Ray: No. That's pretty much it.

Otto: Am I missing anything using hardware firewall versus ISA? What are the pros and cons of both? Right now, I do not have ISA installed.

Frank: You can do that, just using a hardware firewall. Some of the advantages that using an ISA product would have is that it does more stateful inspection of packets. For instance, most hardware firewalls do basic NAT types of functions, where they look at the header and port information of packets that are coming into the network. It's kind of like somebody just forwarding a letter by looking at the address, versus somebody who receives an e-mail, opens up the letter to verify it's not anything dangerous, and then forwards it on. So ISA does more of that kind of packet inspection type of security, whereas a hardware firewall may or may not.

It's not that one is absolutely superior to the other, it just depends on what needs you have. In a lot of cases, hardware firewalls that just do basic NAT, a lot of people are very satisfied with those. Other customers feel they need to have more stateful inspection of packets, and more granular reporting on that type of activity. For those customers, maybe ISA or Small Business Server 2003 premium edition would fit the bill.

Ray: One of the advantages if you use ISA is that ISA is tightly integrated to the Active Directory. So you can actually set up ISA to allow traffic based on the user name or by user group. If you're using a hardware firewall, most likely you won't be able to run with the Active Directory.

Frank: There's also the ability of the ISA product to do caching of Web pages, which can help with bandwidth performance and that kind of thing. There are a number of different features within ISA that can enhance it, but hopefully that will answer it.

Otto: The next question: Is there any way to provide external RWW users with some sort of certificate that would be on something like a USB thumb drive, so they could only connect by using the drive as a key?

Ray: I don't believe so. That is not one of the design goals or features in the Remote Web Workplace. Maybe in the next release we may see something like that, or we may not. But in the current version of Remote Web Workplace, no, we cannot do that.

Otto: The next question: Can RWW be used by typing in an IP address, so that I don't have to change my A records to associate a named Web site with an IP address?

Ray: Yes. You can definitely use an IP address, so yes. If you like, you can connect by https://<ipaddress>/remote/. It will work fine, yes.

Otto: If we host our own Web DNS, can we set up a direct URL for RWW?

Ray: It depends on how you configure DNS. This is kind of too specific. If you like, you may want to post that question to the newsgroup so we can work out in detail exactly what you want to accomplish. Until we have exactly what you want, it is hard to describe whether it's possible or not.

Frank: In a lot of cases though, if you're, for instance, an internal user, you get there with the <servername>\remote, that is basically where it's going for the Remote Web Workplace site.

Ray: One quick description I can say is if you have ISA installed, you can create a Web publishing rule. What you could do is you can create a record, maybe like remote.domain.com, which redirects back to the FQDN\Remote. You can do that if you have ISA. Once again, until we know exactly what software you have, or how you want to do it, it's hard to describe step-by-step how to do it. But if you have ISA installed, yes, you could do something similar.

Otto: The next question: Can SBS 2003 host more than one e-mail domain? For instance, FQDN1.com and then FQDN2.com, and so on?

Ray: Yes, we could do that one. You'd need to go to the Exchange recipient policy and add the additional SMTP address, but once again, it is really outside of the topic for today. So if you need further assistance on that one, I strongly recommend you to post your question on microsoft.public.windows.server.sbs. But the quick answer is yes, you could do it. You just need to go the Exchange Recipient Policy and add the additional SMTP address.

Otto: Not having used Terminal Server before, I'm wondering if Remote Web Workplace would allow me to run programs remotely, and what are some of the options that we might be sacrificing?

Frank: First of all, to be able to do that you would have to have a separate terminal server, because Small Business Server 2003, although it supports Terminal Services, it's only supported in Remote Desktop mode, not in Application Server Mode. What you would have to do is basically purchase maybe a 2003 server, and configure that server as an application server in the SBS domain. After you do that, you could use Remote Web Workplace to connect to that terminal server through the Web page. But if you're trying to connect or run applications through Terminal Services on the SBS box, you won't be able to do that. Because, again, it doesn't support the Application Server Mode. Hopefully, that answers the question.

Otto: This next question, it looks like we do have some time to address this one. The question is a bit lengthy here. I'm going to ask it: I've installed the premium edition of SBS without ISA, and I'm having some difficulties allowing access to the Remote Web Workplace and, also, IMAP4 to remote users. We currently have a WatchGuard firewall, and the server has two network cards in it, which are presented as a fault-tolerant team. I've enabled all the ports mentioned in the WebCast here to the server in question from all external IP addresses, and I can actually watch the traffic come through the firewall without any problem.

Ray: One thing, as a troubleshooting step, you may want to do is simply disable the RRAS or stop the RRAS. Because you have one network card, there won't be any basic NAT firewall going on. You're simply going to have to disable RRAS, and then from a remote client see if you can connect to the IP address, for example, on port 25 or port 80. If you cannot connect from an external site, but you can do it internally, you need to make sure to double-check the router configuration. Because you are not using RRAS at all, the traffic just looks like it's coming from an internal client. You need to check the router settings.

If you want to go a little bit further, I suggest you pose question in the newsgroup, or better yet, contact PSS. We'll maybe take a look at a Network Monitor trace to find out what is blocking the port. But if you stop the RRAS, there won't be any restriction coming from the SBS box itself. That's the way to tell: is it coming from the ISA? Or is it coming from SBS? Or is something coming from your hardware router configuration?

Otto: Overall, just to further clarify on a previous question, and, of course, this one: Are there any general issues with Remote Web Workplace running on a server with only one NIC?

Ray: No, one NIC, two NICs, it all works fine. You don't have to use two NICs to run Remote Web Workplace. I haven't heard of any issues with a one-NIC scenario. In fact, one-NIC or two-NIC scenarios are supported scenarios. So it will be fine.

Otto: The next question: Assuming we have similar hardware here, are there any real benefits or disadvantages to using RWW to a client machine or Terminal Server for a basic application for a single user? Or is that maybe a licensing issue, or server software cost issue? Or are there other reasons that we would go to the terminal server for a single user? I'm assuming that Terminal Server is required for multiple, concurrent users.

Frank: For a single user, certainly, if they have a Windows XP workstation, probably the best thing to do would be just to use Remote Web Workplace and create that Terminal Server connection through the Web site to that user's desktop, and then they can access all their functionality. There are no licensing issues there. It's, basically, just connect to the desktop using the Remote Web Workplace. The user then is authenticated as if they were logged on to — at that point, they would then be logged on to their corporate network, and they can access the resources that are installed on their workplace desktop.

Otto: It appears that we've addressed all the questions that were submitted to the queue today. I'm going to leave the message queue open here for another couple of minutes, just in case anybody is typing any last minute questions in. In the meantime, while we're waiting for any last minute questions, I'd like to solicit some feedback from our listeners. We certainly appreciate any feedback that you'd like to provide to us about our shows, and the content that we provide here. Feel free to submit any of those comments or even suggestions for future topics to support.microsoft.com/servicedesks/webcasts/feedback.asp.

It looks like we did have another couple of questions come in here, so we'll address these: Will RWW not run remote programs, not even on the remote desktops?

Ray: It depends on what program you're talking about. If you're thinking about the program that you actually install at the client, the only way you can run that program is by connecting to the local machine through the Remote Desktop. People sometimes get confused about Remote Web Workplace. They are thinking it's the same as the Terminal Server Application Server; it's not. Remote Web Workplace is simply the place for you to access different resources. So if you want to set up some application to share among everybody, you will need to install a second server running Terminal Services in Application Sharing Mode, or you can connect it directly back to your client to do it that way.

Otto: The next question: I'm having some trouble getting Remote Access Service to work. I ran the Remote Access Wizard, installing Remote Access components on the client, but when I actually try to connect, I get "remote computer is not responding, error 721" after the connection status goes to verifying password. We are currently using a Linksys router, and I have port 1723 open, multicast. I have multicast IPSec and PPTP pass-through enabled. Is there anything that seems like we might be missing here?

Frank: Again, this is not quite related to Remote Web Workplace, but what you want to do is, obviously, verify that any router or ISA server or whatever is configured to allow both TCP port 1723 as well as GRE packets, which is IP protocol 47, through any kind of firewall. In a lot of cases, those are being blocked by maybe a router or something of that nature.

One of the tools that is available for you to do some testing is a utility called PPTP Ping. If you install the optional support tools, there's information on how to use those utilities. That can at least tell you if those ports are open and, in most cases, it will give you a definite indication if you need to open them or if you need to troubleshoot in a different area, but at least that's a start.

Ray: Yes. As a troubleshooting step, what you could do is on an internal client, see if you can VPN into the internal server by the internal IP address. If it works, you know your SBS is accepting VPN connections. Then from a remote location, don't use the Connection Manager; just simply manually create a VPN connection and see if you can connect. You may have some incorrect settings in the Connection Manager package, or maybe you have some TCP communication problems between the server and the client. So there are two troubleshooting steps that you may want use to isolate the problem.

Otto: Great. Thank you, guys. It looks like that was the final question in the queue, so I'm going to wrap up our session.

I certainly wanted to thank Frank and Ray for coming out and giving us a great presentation. Of course, as always, we'd like to thank you, our listeners, for attending today's event. We certainly hope that this information proves helpful to you and your business.

We look forward to seeing you again in the near future. Thanks, everyone, and have a great day.