Re: Added router, lost web site
From: davidcbrown (dcbrown1_at_removethis.frontiernet.net)
Date: 01/17/05
- Next message: Marina Roos [SBS-MVP]: "Re: SBS 2003 (Premium) with 2 NIC migrated from SBS4.5"
- Previous message: Marina Roos [SBS-MVP]: "Re: Weird DNS Problems"
- In reply to: Marina Roos [SBS-MVP]: "Re: Added router, lost web site"
- Next in thread: Marina Roos [SBS-MVP]: "Re: Added router, lost web site"
- Reply: Marina Roos [SBS-MVP]: "Re: Added router, lost web site"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 17 Jan 2005 08:41:43 -0500
> Did your ISP create a DNS record for your FQDN?
Yes.
> Are you using POP3 AND SMTP for retrieving email?
Yes, I set it up to receive SMTP directly, but I also have a backup mail
server with my ISP set to a higher MX value -- just in case the server is
down. Is this not a good idea?
> Why are you having these extra ports for IRC and HTTPS???
The outbound HTTPS seemed to be need for RealOne. I don't remember now why
the outbound IRC is there -- I can shut it off and see... Actually I can
shut both of these off for now.
> For the Time server you should check this for the packet filter because
yours is not right:
Just curious, but how could you tell? Mine is named "SBS NTP 123 Out
CustomFilter" and I had set it according to
http://www.smallbizserver.net/Default.aspx?tabid=156, which I just verified;
UDP Send Receive, all local, 123 remote. So I am not sure what is wrong
with it.
Thanks,
David
"Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> wrote in message
news:ujhzC0p#EHA.2104@TK2MSFTNGP14.phx.gbl...
> Hi David,
>
> Did your ISP create a DNS record for your FQDN? If not, fill in your
public
> IP for the web certificate.
> Are you using POP3 AND SMTP for retrieving email?
> Why are you having these extra ports for IRC and HTTPS???
> For the Time server you should check this for the packet filter because
> yours is not right:
>
> Smallbizserver.Net > SBS 2003 > Server issues > How to fix time
> synchronization errors:
> http://www.smallbizserver.net/Default.aspx?tabid=156
>
> --
> Regards,
>
> Marina
> Microsoft SBS-MVP
> One of the Magical M&M's
>
> "davidcbrown" <dcbrown1@removethis.frontiernet.net> schreef in bericht
> news:eyi6LLm%23EHA.4072@TK2MSFTNGP10.phx.gbl...
> > > Don't choose the router with local IP, choose the direct broadband
> > > connection.
> >
> > OK. Still same message box/icwlog error. (But with the router I don't
> > really have a direct connection. Is this for diagnosis or this is the
> > recommend setup for a router?)
> >
> > > Don't use the server.local for web certificate, fill in your public
IP.
> >
> >
> > Sorry again. It was/is someserver.somedomain.biz not .local.
> >
> > > Change the email settings as well, and make sure your emaildomain is
> > listed
> > > right.
> >
> >
> > Yes, somedomain.biz
> >
> > So still same error. Baffling. Below is a record of my last CEICW run.
> > Yes, I have unchecked wwwroot.
> >
> > Thanks, David
> > ------
> > Connection type: direct broadband connection
> > Internet connection information:
> > Connection name: Network Connection
> > IP address: 192.168.2.2
> > Subnet mask: 255.255.255.0
> > Default gateway: 192.168.2.1
> > Preferred DNS server: someisp DNS server address
> > Alternate DNS server: someisp alternate DNS server address
> >
> > Firewall: Enable
> > Additional services available through the firewall from users on the
> > Internet:
> > E-mail
> > Virtual Private Networking (VPN)
> > SBS NTP 123 Out CustomFilter
> > IRC TCP 6667 Out CustomFilter
> > HTTPS 443 Out CustomFilter
> > Web services on your server's default Web site to be available through
the
> > firewall to users on the Internet:
> > Outlook Web Access
> > Remote Web Workplace
> > Server performance and usage reports
> > Outlook Mobile Access
> > Outlook via the Internet
> > Windows SharePoint Services intranet site
> >
> > Do not change current Web server certificate
> > Email: Enable Exchange for Internet e-mail with the following settings:
> > E-mail delivery:
> > Route e-mail to the Internet via the following e-mail server at your
ISP:
> > smtp.someisp.net.
> > E-mail retrieval:
> > Use the Microsoft Connector for POP3 Mailboxes to retrieve e-mail from
> POP3
> > mailboxes.
> > Use Exchange to retrieve SMTP e-mail.
> > Email retrieval method:
> > Route e-mail from the Internet directly to Exchange.
> > Registered Internet e-mail domain name: somedomain.biz.
> > Mail delivery schedule: Deliver mail for Exchange mailboxes and POP3
> > mailboxes by using the defined schedule.
> > E-mail attachments: Remove e-mail attachments from Internet e-mail as
> > specified in the wizard.
> >
> > "Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> wrote in
> message
> > news:O4XhX2l#EHA.1936@TK2MSFTNGP10.phx.gbl...
> > > Hi David,
> > >
> > > Don't choose the router with local IP, choose the direct broadband
> > > connection.
> > > Don't use the server.local for web certificate, fill in your public
IP.
> > > Change the email settings as well, and make sure your emaildomain is
> > listed
> > > right.
> > >
> > > --
> > > Regards,
> > >
> > > Marina
> > > Microsoft SBS-MVP
> > > One of the Magical M&M's
> > >
> > > "davidcbrown" <dcbrown1@removethis.frontiernet.net> schreef in bericht
> > > news:uTgjBrl%23EHA.3596@TK2MSFTNGP12.phx.gbl...
> > > > > Choose Full Broadband in the Network screen during CEICW.
> > > >
> > > > Yes and then "A local router device with an IP address".
> > > >
> > > > > Check that the LAT in ISA only displays your internal IP range.
> > > >
> > > > Yes, LAT is 192.168.16.0 to 192.168.16.255.
> > > >
> > > > > Do not check all services in the Firewall section. Certainly not
the
> > > > business root, only the services that you need.
> > > >
> > > > OK. I just tried this again. Went through Full Broadband, change
the
> > > > Firewall settings, no change to E-mail settings. I still get a
> message
> > > box
> > > > in the Firewall Configuration stage that says: An error occured
while
> > > > configuring a component. To continue with the wizard and configure
> > > > remaining components, click, OK. To end the wizard without
> configuring
> > > the
> > > > remaining components, click Cancel. Same error in the (new)
> icwlog.txt
> > > file
> > > > as in my original post.
> > > >
> > > > > What did you choose for the web certificate?
> > > >
> > > > Created a local certificate for someserver.somedomain.local as part
of
> > the
> > > > original install. No change has been made since.
> > > >
> > > > Thanks,
> > > >
> > > > David
> > > >
> > > > "Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> wrote in
> > > message
> > > > news:edRPNOl#EHA.608@TK2MSFTNGP15.phx.gbl...
> > > > > Hi David,
> > > > >
> > > > > Choose Full Broadband in the Network screen during CEICW. Check
that
> > the
> > > > LAT
> > > > > in ISA only displays your internal IP range. Do not check all
> services
> > > in
> > > > > the Firewall section. Certainly not the business root, only the
> > services
> > > > > that you need.
> > > > > Rename the current icwlog.txt and rerun CEICW after checking the
> LAT.
> > > What
> > > > > did you choose for the web certificate?
> > > > >
> > > > > --
> > > > > Regards,
> > > > >
> > > > > Marina
> > > > > Microsoft SBS-MVP
> > > > > One of the Magical M&M's
> > > > >
> > > > > "davidcbrown" <dcbrown1@removethis.frontiernet.net> schreef in
> bericht
> > > > > news:OoTX2Cl%23EHA.2016@TK2MSFTNGP15.phx.gbl...
> > > > > > Hello Marina,
> > > > > >
> > > > > > My original post said that I had an error on running CEICW and
> > > choosing
> > > > to
> > > > > > disable the firewall. That was incorrect. The only time I do
not
> > get
> > > > the
> > > > > > error is when I disable the firewall. Everytime I attempt to
> change
> > > the
> > > > > > firewall configuration, the CEICW errors on "Firewall
> Configuration"
> > > > (and
> > > > > > not "Secure Website Configuration").
> > > > > >
> > > > > > In brief. All was fine before I added a router and reran CEICW
to
> > > > change
> > > > > > the network settings to a router configuration. But a couple of
> > days
> > > > > later,
> > > > > > I noticed that I could not browse my own web site (internally).
> The
> > > > CEICW
> > > > > > firewall error showed up when I attempted to correct the
browsing
> > > > problem
> > > > > by
> > > > > > re-running CEICW. Now that CEICW error will not go away. But
> there
> > > > never
> > > > > > have been any events in the application/system logs indicating a
> > > > problem.
> > > > > > It does appear that ISA is running fine. IIS is running but I
> still
> > > > > cannot
> > > > > > browse my own web site.
> > > > > >
> > > > > > It seems like this would be a simple problem. But the icwlog
> error
> > is
> > > > > > baffling. If I were under pressure, I would probably just call
> > > > Microsoft.
> > > > > > But I would like to understand why this has happened.
> > > > > >
> > > > > > ipconfig/all follows. (I also greatly appreciate your web
site.)
> > > > > >
> > > > > > Thanks,
> > > > > >
> > > > > > David
> > > > > >
> > > > > > Windows IP Configuration
> > > > > > Host Name . . . . . . . . . . . . : someserver
> > > > > > Primary Dns Suffix . . . . . . . : somedomain.local
> > > > > > Node Type . . . . . . . . . . . . : Unknown
> > > > > > IP Routing Enabled. . . . . . . . : Yes
> > > > > > WINS Proxy Enabled. . . . . . . . : Yes
> > > > > > DNS Suffix Search List. . . . . . : somedomain.local
> > > > > >
> > > > > > Ethernet adapter Server Local Area Connection:
> > > > > > Connection-specific DNS Suffix . :
> > > > > > Description . . . . . . . . . . . : Intel(R) PRO/1000 MTW
> Network
> > > > > > Connection
> > > > > > Physical Address. . . . . . . . . : 00-0D-56-0E-62-E2
> > > > > > DHCP Enabled. . . . . . . . . . . : No
> > > > > > IP Address. . . . . . . . . . . . : 192.168.16.2
> > > > > > Subnet Mask . . . . . . . . . . . : 255.255.255.0
> > > > > > Default Gateway . . . . . . . . . :
> > > > > > DNS Servers . . . . . . . . . . . : 192.168.16.2
> > > > > > Primary WINS Server . . . . . . . : 192.168.16.2
> > > > > >
> > > > > > Ethernet adapter Network Connection:
> > > > > > Connection-specific DNS Suffix . :
> > > > > > Description . . . . . . . . . . . : 3Com 3C905TX-based
Ethernet
> > > > Adapter
> > > > > > (Generic)
> > > > > > Physical Address. . . . . . . . . : 00-60-08-B0-F7-41
> > > > > > DHCP Enabled. . . . . . . . . . . : No
> > > > > > IP Address. . . . . . . . . . . . : 192.168.2.2
> > > > > > Subnet Mask . . . . . . . . . . . : 255.255.255.0
> > > > > > Default Gateway . . . . . . . . . : 192.168.2.1
> > > > > > DNS Servers . . . . . . . . . . . : 192.168.16.2
> > > > > > NetBIOS over Tcpip. . . . . . . . : Disabled
> > > > > >
> > > > > > "Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com>
wrote
> in
> > > > > message
> > > > > > news:#qhEe7Y#EHA.3236@TK2MSFTNGP15.phx.gbl...
> > > > > > > Hi David,
> > > > > > >
> > > > > > > Rerun CEICW and do enable the firewall.
> > > > > > > Can you post the ipconfig/all from the server?
> > > > > > >
> > > > > > > --
> > > > > > > Regards,
> > > > > > >
> > > > > > > Marina
> > > > > > > Microsoft SBS-MVP
> > > > > > > One of the Magical M&M's
> > > > > > >
> > > > > > > "davidcbrown" <dcbrown1@removethis.frontiernet.net> schreef in
> > > bericht
> > > > > > > news:%2370Jm7O%23EHA.3700@tk2msftngp13.phx.gbl...
> > > > > > > > First, yes it is true that I have a web site published on a
> SBS
> > > 2003
> > > > > > > Premium
> > > > > > > > system, but this is an isolated test server and not a
> production
> > > > > server.
> > > > > > > >
> > > > > > > > SBS 2003 was running fine with a direct connection to a DSL
> > modem.
> > > > > > CEICW
> > > > > > > > Web Services Configuration had "allow access to only the
> > following
> > > > Web
> > > > > > > site
> > > > > > > > services" and all services checked.
> > > > > > > > I could browse all web sites; default, companyweb,
sharepoint
> > and
> > > my
> > > > > own
> > > > > > > web
> > > > > > > > site (locally and externally).
> > > > > > > >
> > > > > > > > Added a router and reran CEICW for "a local router with an
IP
> > > > > address".
> > > > > > > Did
> > > > > > > > not change the firewall settings. (Was that a mistake?)
> While
> > I
> > > > can
> > > > > > > browse
> > > > > > > > all SBS supplied web sites; default, companyweb, and
> sharepoint,
> > > now
> > > > > > > cannot
> > > > > > > > browse my web site (locally). I get a 10060 - Connection
> > timeout.
> > > > > > > >
> > > > > > > > So I went back to the CEICW (right?) and attempted to change
> the
> > > > > > firewall
> > > > > > > > configuration by excluding wwwroot from the Web Services
> > > > > Configuration.
> > > > > > > > Everytime I attempt to change the firewall configuration,
the
> > > CEICW
> > > > > > errors
> > > > > > > > on "Firewall Configuration" (and not "Secure Website
> > > > Configuration").
> > > > > > The
> > > > > > > > log always shows:
> > > > > > > > ...
> > > > > > > > Call to Creating A record for publishing () returned ok.
> > > > > > > > RUP is published
> > > > > > > > Error 0x80005006 returned from call to Fixing the
inheritance
> > for
> > > > root
> > > > > > > > dir().
> > > > > > > > Error 0x80005006 returned from call to Committing Web
> publishing
> > > > > > rules().
> > > > > > > > Error 0x80005006 returned from call to
CCometCommit::Commit().
> > > > > > > > ...
> > > > > > > > No application or system events.
> > > > > > > >
> > > > > > > > So I tried disabling the firewall in CEICW. That worked
with
> > > error.
> > > > > > Then
> > > > > > > I
> > > > > > > > tried to re-enable it and it says that ISA is installed but
> not
> > > > > > running...
> > > > > > > > do I want to use it? Yes, but I still get the firewall
> > > > configuration
> > > > > > > error.
> > > > > > > > I can manually start the ISA services. Still, no
application
> or
> > > > > system
> > > > > > > > events.
> > > > > > > >
> > > > > > > > I have made no changed "under the hood". I did try using
> "all
> > > > > > > unassigned"
> > > > > > > > for the web site IP address, just to see if it made any
> > > difference.
> > > > > It
> > > > > > > did
> > > > > > > > not, so I changed it back the internal IP address
> > (192.168.16.2).
> > > > > > > >
> > > > > > > > So which "root dir" is this? wwwroot? If my default site
can
> > see
> > > > > > > wwwroot,
> > > > > > > > what's wrong with it? My web site is directly under wwwroot
> and
> > I
> > > > can
> > > > > > > > "Explore" both. Or is there something else wrong?
> > > > > > > >
> > > > > > > > I don't want to start over just because I've added a router.
> > > > > > > >
> > > > > > > > David
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
- Next message: Marina Roos [SBS-MVP]: "Re: SBS 2003 (Premium) with 2 NIC migrated from SBS4.5"
- Previous message: Marina Roos [SBS-MVP]: "Re: Weird DNS Problems"
- In reply to: Marina Roos [SBS-MVP]: "Re: Added router, lost web site"
- Next in thread: Marina Roos [SBS-MVP]: "Re: Added router, lost web site"
- Reply: Marina Roos [SBS-MVP]: "Re: Added router, lost web site"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
