Re: Added router, lost web site
From: davidcbrown (dcbrown1_at_removethis.frontiernet.net)
Date: 01/17/05
- Next message: Marina Roos [SBS-MVP]: "Re: Added router, lost web site"
- Previous message: WalterT.: "Re: access to company web from internet???"
- In reply to: Marina Roos [SBS-MVP]: "Re: Added router, lost web site"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 17 Jan 2005 10:34:19 -0500
A follow-on note. Maybe I didn't "Google Groups" but only Googled first...
Thanks to a blog entry by Susan Bradley, I see that I am not the only one to
have encounted this problem. Google Groups for "returned from call to
Fixing the inheritance for root" to see all the discussion on this. It
seems to me that there may be bug in the CEICW that changes the IP directory
security settings in IIS. Resetting the default web site to default denied,
with only the server local area connection (198.162.16.2 in my case) and
localhost (127.0.0.1) permitted, followed by an iisreset, not only fixed the
CEICW error (when it is rerun), but I am now able to browse my web site
locally!
Note that this is not the same problem that KB888817 addresses where a
virtual directory alias contains a comma and CEICW hangs, but with a similar
icwlog error.
Marina, thank you for responding. If you have time, I still wouldn't mind
hearing what you think about my questions of POP3 AND SMTP, and the NTP
packet filter issue. Anyway, thank you for your willingness to look into
this! It is appreciated!
Learning about all the different community support options is making a big
difference in how I view attempting some independent consulting on SBS.
David
"Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> wrote in message
news:ujhzC0p#EHA.2104@TK2MSFTNGP14.phx.gbl...
> Hi David,
>
> Did your ISP create a DNS record for your FQDN? If not, fill in your
public
> IP for the web certificate.
> Are you using POP3 AND SMTP for retrieving email?
> Why are you having these extra ports for IRC and HTTPS???
> For the Time server you should check this for the packet filter because
> yours is not right:
>
> Smallbizserver.Net > SBS 2003 > Server issues > How to fix time
> synchronization errors:
> http://www.smallbizserver.net/Default.aspx?tabid=156
>
> --
> Regards,
>
> Marina
> Microsoft SBS-MVP
> One of the Magical M&M's
>
> "davidcbrown" <dcbrown1@removethis.frontiernet.net> schreef in bericht
> news:eyi6LLm%23EHA.4072@TK2MSFTNGP10.phx.gbl...
> > > Don't choose the router with local IP, choose the direct broadband
> > > connection.
> >
> > OK. Still same message box/icwlog error. (But with the router I don't
> > really have a direct connection. Is this for diagnosis or this is the
> > recommend setup for a router?)
> >
> > > Don't use the server.local for web certificate, fill in your public
IP.
> >
> >
> > Sorry again. It was/is someserver.somedomain.biz not .local.
> >
> > > Change the email settings as well, and make sure your emaildomain is
> > listed
> > > right.
> >
> >
> > Yes, somedomain.biz
> >
> > So still same error. Baffling. Below is a record of my last CEICW run.
> > Yes, I have unchecked wwwroot.
> >
> > Thanks, David
> > ------
> > Connection type: direct broadband connection
> > Internet connection information:
> > Connection name: Network Connection
> > IP address: 192.168.2.2
> > Subnet mask: 255.255.255.0
> > Default gateway: 192.168.2.1
> > Preferred DNS server: someisp DNS server address
> > Alternate DNS server: someisp alternate DNS server address
> >
> > Firewall: Enable
> > Additional services available through the firewall from users on the
> > Internet:
> > E-mail
> > Virtual Private Networking (VPN)
> > SBS NTP 123 Out CustomFilter
> > IRC TCP 6667 Out CustomFilter
> > HTTPS 443 Out CustomFilter
> > Web services on your server's default Web site to be available through
the
> > firewall to users on the Internet:
> > Outlook Web Access
> > Remote Web Workplace
> > Server performance and usage reports
> > Outlook Mobile Access
> > Outlook via the Internet
> > Windows SharePoint Services intranet site
> >
> > Do not change current Web server certificate
> > Email: Enable Exchange for Internet e-mail with the following settings:
> > E-mail delivery:
> > Route e-mail to the Internet via the following e-mail server at your
ISP:
> > smtp.someisp.net.
> > E-mail retrieval:
> > Use the Microsoft Connector for POP3 Mailboxes to retrieve e-mail from
> POP3
> > mailboxes.
> > Use Exchange to retrieve SMTP e-mail.
> > Email retrieval method:
> > Route e-mail from the Internet directly to Exchange.
> > Registered Internet e-mail domain name: somedomain.biz.
> > Mail delivery schedule: Deliver mail for Exchange mailboxes and POP3
> > mailboxes by using the defined schedule.
> > E-mail attachments: Remove e-mail attachments from Internet e-mail as
> > specified in the wizard.
> >
> > "Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> wrote in
> message
> > news:O4XhX2l#EHA.1936@TK2MSFTNGP10.phx.gbl...
> > > Hi David,
> > >
> > > Don't choose the router with local IP, choose the direct broadband
> > > connection.
> > > Don't use the server.local for web certificate, fill in your public
IP.
> > > Change the email settings as well, and make sure your emaildomain is
> > listed
> > > right.
> > >
> > > --
> > > Regards,
> > >
> > > Marina
> > > Microsoft SBS-MVP
> > > One of the Magical M&M's
> > >
> > > "davidcbrown" <dcbrown1@removethis.frontiernet.net> schreef in bericht
> > > news:uTgjBrl%23EHA.3596@TK2MSFTNGP12.phx.gbl...
> > > > > Choose Full Broadband in the Network screen during CEICW.
> > > >
> > > > Yes and then "A local router device with an IP address".
> > > >
> > > > > Check that the LAT in ISA only displays your internal IP range.
> > > >
> > > > Yes, LAT is 192.168.16.0 to 192.168.16.255.
> > > >
> > > > > Do not check all services in the Firewall section. Certainly not
the
> > > > business root, only the services that you need.
> > > >
> > > > OK. I just tried this again. Went through Full Broadband, change
the
> > > > Firewall settings, no change to E-mail settings. I still get a
> message
> > > box
> > > > in the Firewall Configuration stage that says: An error occured
while
> > > > configuring a component. To continue with the wizard and configure
> > > > remaining components, click, OK. To end the wizard without
> configuring
> > > the
> > > > remaining components, click Cancel. Same error in the (new)
> icwlog.txt
> > > file
> > > > as in my original post.
> > > >
> > > > > What did you choose for the web certificate?
> > > >
> > > > Created a local certificate for someserver.somedomain.local as part
of
> > the
> > > > original install. No change has been made since.
> > > >
> > > > Thanks,
> > > >
> > > > David
> > > >
> > > > "Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> wrote in
> > > message
> > > > news:edRPNOl#EHA.608@TK2MSFTNGP15.phx.gbl...
> > > > > Hi David,
> > > > >
> > > > > Choose Full Broadband in the Network screen during CEICW. Check
that
> > the
> > > > LAT
> > > > > in ISA only displays your internal IP range. Do not check all
> services
> > > in
> > > > > the Firewall section. Certainly not the business root, only the
> > services
> > > > > that you need.
> > > > > Rename the current icwlog.txt and rerun CEICW after checking the
> LAT.
> > > What
> > > > > did you choose for the web certificate?
> > > > >
> > > > > --
> > > > > Regards,
> > > > >
> > > > > Marina
> > > > > Microsoft SBS-MVP
> > > > > One of the Magical M&M's
> > > > >
> > > > > "davidcbrown" <dcbrown1@removethis.frontiernet.net> schreef in
> bericht
> > > > > news:OoTX2Cl%23EHA.2016@TK2MSFTNGP15.phx.gbl...
> > > > > > Hello Marina,
> > > > > >
> > > > > > My original post said that I had an error on running CEICW and
> > > choosing
> > > > to
> > > > > > disable the firewall. That was incorrect. The only time I do
not
> > get
> > > > the
> > > > > > error is when I disable the firewall. Everytime I attempt to
> change
> > > the
> > > > > > firewall configuration, the CEICW errors on "Firewall
> Configuration"
> > > > (and
> > > > > > not "Secure Website Configuration").
> > > > > >
> > > > > > In brief. All was fine before I added a router and reran CEICW
to
> > > > change
> > > > > > the network settings to a router configuration. But a couple of
> > days
> > > > > later,
> > > > > > I noticed that I could not browse my own web site (internally).
> The
> > > > CEICW
> > > > > > firewall error showed up when I attempted to correct the
browsing
> > > > problem
> > > > > by
> > > > > > re-running CEICW. Now that CEICW error will not go away. But
> there
> > > > never
> > > > > > have been any events in the application/system logs indicating a
> > > > problem.
> > > > > > It does appear that ISA is running fine. IIS is running but I
> still
> > > > > cannot
> > > > > > browse my own web site.
> > > > > >
> > > > > > It seems like this would be a simple problem. But the icwlog
> error
> > is
> > > > > > baffling. If I were under pressure, I would probably just call
> > > > Microsoft.
> > > > > > But I would like to understand why this has happened.
> > > > > >
> > > > > > ipconfig/all follows. (I also greatly appreciate your web
site.)
> > > > > >
> > > > > > Thanks,
> > > > > >
> > > > > > David
> > > > > >
> > > > > > Windows IP Configuration
> > > > > > Host Name . . . . . . . . . . . . : someserver
> > > > > > Primary Dns Suffix . . . . . . . : somedomain.local
> > > > > > Node Type . . . . . . . . . . . . : Unknown
> > > > > > IP Routing Enabled. . . . . . . . : Yes
> > > > > > WINS Proxy Enabled. . . . . . . . : Yes
> > > > > > DNS Suffix Search List. . . . . . : somedomain.local
> > > > > >
> > > > > > Ethernet adapter Server Local Area Connection:
> > > > > > Connection-specific DNS Suffix . :
> > > > > > Description . . . . . . . . . . . : Intel(R) PRO/1000 MTW
> Network
> > > > > > Connection
> > > > > > Physical Address. . . . . . . . . : 00-0D-56-0E-62-E2
> > > > > > DHCP Enabled. . . . . . . . . . . : No
> > > > > > IP Address. . . . . . . . . . . . : 192.168.16.2
> > > > > > Subnet Mask . . . . . . . . . . . : 255.255.255.0
> > > > > > Default Gateway . . . . . . . . . :
> > > > > > DNS Servers . . . . . . . . . . . : 192.168.16.2
> > > > > > Primary WINS Server . . . . . . . : 192.168.16.2
> > > > > >
> > > > > > Ethernet adapter Network Connection:
> > > > > > Connection-specific DNS Suffix . :
> > > > > > Description . . . . . . . . . . . : 3Com 3C905TX-based
Ethernet
> > > > Adapter
> > > > > > (Generic)
> > > > > > Physical Address. . . . . . . . . : 00-60-08-B0-F7-41
> > > > > > DHCP Enabled. . . . . . . . . . . : No
> > > > > > IP Address. . . . . . . . . . . . : 192.168.2.2
> > > > > > Subnet Mask . . . . . . . . . . . : 255.255.255.0
> > > > > > Default Gateway . . . . . . . . . : 192.168.2.1
> > > > > > DNS Servers . . . . . . . . . . . : 192.168.16.2
> > > > > > NetBIOS over Tcpip. . . . . . . . : Disabled
> > > > > >
> > > > > > "Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com>
wrote
> in
> > > > > message
> > > > > > news:#qhEe7Y#EHA.3236@TK2MSFTNGP15.phx.gbl...
> > > > > > > Hi David,
> > > > > > >
> > > > > > > Rerun CEICW and do enable the firewall.
> > > > > > > Can you post the ipconfig/all from the server?
> > > > > > >
> > > > > > > --
> > > > > > > Regards,
> > > > > > >
> > > > > > > Marina
> > > > > > > Microsoft SBS-MVP
> > > > > > > One of the Magical M&M's
> > > > > > >
> > > > > > > "davidcbrown" <dcbrown1@removethis.frontiernet.net> schreef in
> > > bericht
> > > > > > > news:%2370Jm7O%23EHA.3700@tk2msftngp13.phx.gbl...
> > > > > > > > First, yes it is true that I have a web site published on a
> SBS
> > > 2003
> > > > > > > Premium
> > > > > > > > system, but this is an isolated test server and not a
> production
> > > > > server.
> > > > > > > >
> > > > > > > > SBS 2003 was running fine with a direct connection to a DSL
> > modem.
> > > > > > CEICW
> > > > > > > > Web Services Configuration had "allow access to only the
> > following
> > > > Web
> > > > > > > site
> > > > > > > > services" and all services checked.
> > > > > > > > I could browse all web sites; default, companyweb,
sharepoint
> > and
> > > my
> > > > > own
> > > > > > > web
> > > > > > > > site (locally and externally).
> > > > > > > >
> > > > > > > > Added a router and reran CEICW for "a local router with an
IP
> > > > > address".
> > > > > > > Did
> > > > > > > > not change the firewall settings. (Was that a mistake?)
> While
> > I
> > > > can
> > > > > > > browse
> > > > > > > > all SBS supplied web sites; default, companyweb, and
> sharepoint,
> > > now
> > > > > > > cannot
> > > > > > > > browse my web site (locally). I get a 10060 - Connection
> > timeout.
> > > > > > > >
> > > > > > > > So I went back to the CEICW (right?) and attempted to change
> the
> > > > > > firewall
> > > > > > > > configuration by excluding wwwroot from the Web Services
> > > > > Configuration.
> > > > > > > > Everytime I attempt to change the firewall configuration,
the
> > > CEICW
> > > > > > errors
> > > > > > > > on "Firewall Configuration" (and not "Secure Website
> > > > Configuration").
> > > > > > The
> > > > > > > > log always shows:
> > > > > > > > ...
> > > > > > > > Call to Creating A record for publishing () returned ok.
> > > > > > > > RUP is published
> > > > > > > > Error 0x80005006 returned from call to Fixing the
inheritance
> > for
> > > > root
> > > > > > > > dir().
> > > > > > > > Error 0x80005006 returned from call to Committing Web
> publishing
> > > > > > rules().
> > > > > > > > Error 0x80005006 returned from call to
CCometCommit::Commit().
> > > > > > > > ...
> > > > > > > > No application or system events.
> > > > > > > >
> > > > > > > > So I tried disabling the firewall in CEICW. That worked
with
> > > error.
> > > > > > Then
> > > > > > > I
> > > > > > > > tried to re-enable it and it says that ISA is installed but
> not
> > > > > > running...
> > > > > > > > do I want to use it? Yes, but I still get the firewall
> > > > configuration
> > > > > > > error.
> > > > > > > > I can manually start the ISA services. Still, no
application
> or
> > > > > system
> > > > > > > > events.
> > > > > > > >
> > > > > > > > I have made no changed "under the hood". I did try using
> "all
> > > > > > > unassigned"
> > > > > > > > for the web site IP address, just to see if it made any
> > > difference.
> > > > > It
> > > > > > > did
> > > > > > > > not, so I changed it back the internal IP address
> > (192.168.16.2).
> > > > > > > >
> > > > > > > > So which "root dir" is this? wwwroot? If my default site
can
> > see
> > > > > > > wwwroot,
> > > > > > > > what's wrong with it? My web site is directly under wwwroot
> and
> > I
> > > > can
> > > > > > > > "Explore" both. Or is there something else wrong?
> > > > > > > >
> > > > > > > > I don't want to start over just because I've added a router.
> > > > > > > >
> > > > > > > > David
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
- Next message: Marina Roos [SBS-MVP]: "Re: Added router, lost web site"
- Previous message: WalterT.: "Re: access to company web from internet???"
- In reply to: Marina Roos [SBS-MVP]: "Re: Added router, lost web site"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
