Re: Remote web workplace won't work

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Les Connor [SBS Community Member - SBS MVP] (les.connor_at_DEL.cfive.ca)
Date: 02/21/05

• Next message: Wade Baird: "Re: Routing Remote Desktop"
• Previous message: David Copeland [MSFT]: "Re: Where does SBS's webserver store documents?"
• In reply to: Joe: "Re: Remote web workplace won't work"
• Messages sorted by: [ date ] [ thread ]

---

Date: Sun, 20 Feb 2005 23:40:33 -0600

It's not strange at all.

If you have a public dns record that resolves to your public IP address, you
can use that instead. Just make sure you use the same one for both the
certificate generation, and to access the RWW from a remote computer.

That is the way it is, that is the way it works.

-- 
Les Connor [SBS Community Member - SBS MVP]
-----------------------------------------------------------
SBS Rocks !
"Joe" <Joe@discussions.microsoft.com> wrote in message 
news:AFEBCD92-7B1B-4B26-BAD6-445B2DAE4E16@microsoft.com...
> Marina, thanks for you help. Les Conner had the solution in
> http://support.microsoft.com/?kbid=842612 (see dialog following this) As
> greatfull as I am to get it resolved I feel that there is an underlying
> problem elsewhere,  In the actual way SBS is handleing the external
> certificate. It seems really strange having to put your public IP address 
> in
> the box for the "Web server name".
>
> "Marina Roos [SBS-MVP]" wrote:
>
>> Hi Joe,
>>
>> If it is working inside your network, you will have to check the router
>> again. Make sure it is forwarding port 4125 to your external nic IP. What 
>> is
>> the exact errormessage?
>>
>> -- 
>> Regards,
>>
>> Marina
>> Microsoft SBS-MVP
>> One of the Magical M&M's
>>
>> "Joe" <Joe@discussions.microsoft.com> schreef in bericht
>> news:2B601971-935C-43F1-90A1-3B94835C277C@microsoft.com...
>> > Yes, the public IPs are in all the sets. I turned on ports 20 to 5000 
>> > as a
>> > test to try to eliminate the gatway setup as a problem.
>> >
>> > My problem appears to be  the way ISA handles an incoming packet from 
>> > the
>> > "gateway router".
>> >
>> > If you are on the inside network or the "WAN" side of SBS, NOT comming 
>> > in
>> > through the router from the internet everything works great. If I am on 
>> > a
>> > local network computer in the same network segment as the SBS's 
>> > external
>> NIC
>> > and I type https://IP of SBS/remote I get the certificate screen and 
>> > when
>> I
>> > click yes I get the RWW log on screen.
>> >
>> > When comming in trrough the Router from the ethernet the router routes
>> > trrough to SBS and I get the same certificate screen but when I click
>> "yes"
>> > it denys me entry to the logon screen.
>> >
>> > When I use VPN from the ethernet it work great. I can log in and run a
>> > terminal server adminsession.
>> >
>> > "Marina Roos [SBS-MVP]" wrote:
>> >
>> > > Hi Joe,
>> > >
>> > > Did you fill in your public IP in the webcertificate during CEICW? 
>> > > Can
>> you
>> > > check in ISA, Destination sets, if that public IP is in all those 
>> > > sets?
>> > > And what is that about forwarding a range from 20 - 5000???? You only
>> need
>> > > 25 for SMTP, 443, 444 for Companyweb, 1723 for VPN, 4125 for RWW and
>> 3389
>> > > for TS. Do not forward ports you don't need.
>> > >
>> > > -- 
>> > > Regards,
>> > >
>> > > Marina
>> > > Microsoft SBS-MVP
>> > > One of the Magical M&M's
>> > >
>> > > "Joe" <Joe@discussions.microsoft.com> schreef in bericht
>> > > news:C3129170-BDF9-498E-84C5-3DB4AE0040C7@microsoft.com...
>> > > > I said ISA server might be the problem but wouldn't it stop me from
>> doing
>> > > a
>> > > > remote connect via VPN ? Isn't web proxy perhaps the problem? By 
>> > > > the
>> way I
>> > > > forgot to tell you this is the premium package in both cases.
>> > > >
>> > > > "Marina Roos [SBS-MVP]" wrote:
>> > > >
>> > > > > Hi Joe,
>> > > > >
>> > > > > From inside the network you would use servername/remote, from
>> outside
>> > > > > https://ip/remote. Did you forward port 443 and 4125 from the 
>> > > > > router
>> to
>> > > the
>> > > > > external nic IP? Do you have Standard or Premium? What is the 
>> > > > > exact
>> > > error
>> > > > > message?
>> > > > >
>> > > > > -- 
>> > > > > Regards,
>> > > > >
>> > > > > Marina
>> > > > > Microsoft SBS-MVP
>> > > > > One of the Magical M&M's
>> > > > >
>> > > > > "Joe" <Joe@discussions.microsoft.com> schreef in bericht
>> > > > > news:698E5FD9-D536-4D9E-856B-F014F6A4AA67@microsoft.com...
>> > > > > > I'm back with 1/2 of the same question!
>> > > > > >
>> > > > > > So far I'm not using a FQDN. I am just using the fixed IP 
>> > > > > > address
>> IE.
>> > > > > > https://.xxx.xxx.xxx.xxx/remote to connect. I use this when the
>> > > customer
>> > > > > has
>> > > > > > his web and mail server at the ISP and does not want/need 
>> > > > > > another
>> > > FDQN.
>> > > > > > Meanwhile on the SBS site I use the .local as per microsofts
>> > > suggestion.
>> > > > > >
>> > > > > > When I said it was working in my last reply I was inside the
>> network
>> > > where
>> > > > > I
>> > > > > > used the inside server ip address in
>> https://.xxx.xxx.xxx.xxx/remote.
>> > > > > Worked
>> > > > > > great. Now I'm home and its the same thing all over. The
>> certificate
>> > > comes
>> > > > > up
>> > > > > > but I'm denied access to the web page. Remote vpn connection 
>> > > > > > works
>> > > great.
>> > > > > Am
>> > > > > > I missing an open port on my router maybe? Or is it the server
>> itself?
>> > > > > >
>> > > > > > Thanks for you help so far, It has been most appreciated.
>> > > > > >
>> > > > > > Joe
>> > > > > >
>> > > > > > "Marina Roos [SBS-MVP]" wrote:
>> > > > > >
>> > > > > > > Hi Joe,
>> > > > > > >
>> > > > > > > Almost. Did your ISP create a DNS record for your FQDN
>> > > > > > > servername.domain.local? If not, just fill in your public IP.
>> > > > > > >
>> > > > > > > -- 
>> > > > > > > Regards,
>> > > > > > >
>> > > > > > > Marina
>> > > > > > > Microsoft SBS-MVP
>> > > > > > > One of the Magical M&M's
>> > > > > > >
>> > > > > > > "Joe" <Joe@discussions.microsoft.com> schreef in bericht
>> > > > > > > news:DBC7FF2D-FE07-4ADD-8B89-C3DABCFB9941@microsoft.com...
>> > > > > > > > I found the problem!!!!!!!!!!!!!!!!!!!!  It has to be setup 
>> > > > > > > > as
>> > > > > > > > "servername.domainname.local". All I had was
>> "domainname.local".
>> > > > > Thanks
>> > > > > > > for
>> > > > > > > > pointing me in the correct direction. I've benn running 
>> > > > > > > > around
>> the
>> > > > > problem
>> > > > > > > > for several days but had not fully engagued my brain yet!!!
>> > > > > > > >
>> > > > > > > > "Marina Roos [SBS-MVP]" wrote:
>> > > > > > > >
>> > > > > > > > > Hi Joe,
>> > > > > > > > >
>> > > > > > > > > Don't use the Certificate Services. Run CEICW, enable the
>> > > Firewall,
>> > > > > and
>> > > > > > > fill
>> > > > > > > > > in your public IP or your public FQDN for the web
>> certificate.
>> > > > > > > > >
>> > > > > > > > > -- 
>> > > > > > > > > Regards,
>> > > > > > > > >
>> > > > > > > > > Marina
>> > > > > > > > > Microsoft SBS-MVP
>> > > > > > > > > One of the Magical M&M's
>> > > > > > > > >
>> > > > > > > > > "Joe" <Joe@discussions.microsoft.com> schreef in bericht
>> > > > > > > > > news:A7D40179-57BC-485C-865B-3811D2EE17B2@microsoft.com...
>> > > > > > > > > > Reply #2. I found the directions in help as to how to
>> rerun
>> > > the
>> > > > > > > "connect
>> > > > > > > > > to
>> > > > > > > > > > the internet wizard" and followed them to create a new
>> > > > > certificate. It
>> > > > > > > > > still
>> > > > > > > > > > won't work. I looked in services and when I click on
>> > > "Microsoft
>> > > > > > > > > Certificate
>> > > > > > > > > > Services, it says The specifified service does not 
>> > > > > > > > > > exist
>> as an
>> > > > > > > installed
>> > > > > > > > > > service. m0x424 (win32: 1060).
>> > > > > > > > > >
>> > > > > > > > > > ????
>> > > > > > > > > >
>> > > > > > > > > >
>> > > > > > > > > > "Susan Bradley, CPA aka Ebitz - SBS Rocks" wrote:
>> > > > > > > > > >
>> > > > > > > > > > > You've mismatched the domain name with the cert name.
>> > > > > > > > > > >
>> > > > > > > > > > > ISA is "very" particular and the cert "has" to match 
>> > > > > > > > > > > the
>> > > link
>> > > > > you
>> > > > > > > are
>> > > > > > > > > > > coming in on.
>> > > > > > > > > > >
>> > > > > > > > > > >
>> > > > > > > > > > > Joe wrote:
>> > > > > > > > > > > > I have two new installs of SBS2003 but I can't get
>> remote
>> > > web
>> > > > > > > > > workplace to
>> > > > > > > > > > > > work on either of them. When I log in I get the
>> > > certificate
>> > > > > > > screen -
>> > > > > > > > > do you
>> > > > > > > > > > > > want to proceed? but when I say yes (after 
>> > > > > > > > > > > > installing
>> the
>> > > > > > > certificate)
>> > > > > > > > > I get:
>> > > > > > > > > > > >  "The page cannot be displayed . There is a problem
>> with
>> > > the
>> > > > > page
>> > > > > > > you
>> > > > > > > > > are
>> > > > > > > > > > > > trying to reach and it cannot be displayed. .......
>> 403
>> > > > > > > Forbidden -
>> > > > > > > > > The
>> > > > > > > > > > > > server denies the specified Uniform Resource 
>> > > > > > > > > > > > Locator
>> > > (URL).
>> > > > > > > Contact
>> > > > > > > > > the
>> > > > > > > > > > > > server administrator. (12202)
>> > > > > > > > > > > > Internet Security and Acceleration Server"
>> > > > > > > > > > > >
>> > > > > > > > > > > > Incidently, I can log on to either using remote
>> desktop
>> > > > > (terminal
>> > > > > > > > > services)
>> > > > > > > > > > > > just fine.
>> > > > > > > > > > > > I've missed something, any Ideas.
>> > > > > > > > > > > >
>> > > > > > > > > > > > Your help would be appreciated !!!!
>> > > > > > > > > > >
>> > > > > > > > > > > -- 
>> > > > > > > > > > > An open letter to the Security Community::
>> > > > > > > > > > > http://msmvps.com/bradley/archive/2004/12/12/23540.aspx
>> > > > > > > > > > >
>> > > > > > > > >
>> > > > > > > > >
>> > > > > > > > >
>> > > > > > >
>> > > > > > >
>> > > > > > >
>> > > > >
>> > > > >
>> > > > >
>> > >
>> > >
>> > >
>>
>>
>> 

---

• Next message: Wade Baird: "Re: Routing Remote Desktop"
• Previous message: David Copeland [MSFT]: "Re: Where does SBS's webserver store documents?"
• In reply to: Joe: "Re: Remote web workplace won't work"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: Networking Question - VLANs on SBS 2003 Premium SP1 ... Ensure you connect the SBS external NIC to one LAN port of the router. ... On the Connection Type page, click Broadband, and then click Next. ... Internet access and the local network check box, ... (microsoft.public.windows.server.sbs) Re: ISA Help Needed ... If you have no more ports on the router ... Connect the external nic of the SBS to this hub/switch, ... >internet connectivity same as the other boxes. ... They'll get their network settings from ... (microsoft.public.windows.server.sbs) Re: moving sbs network ... The SBS network is connected to the LAN port. ... so the public wireless router is the DHCP ... (microsoft.public.windows.server.sbs) Re: Networking Question - VLANs on SBS 2003 Premium SP1 ... Finally was able to get some network downtime to make the change in routers ... wireless router, but - once connected to the SBS box and I've run CEICW, the ... I ran the ISA and SBS BPA's and didn't see anything. ... I put the old router back in service so I could work on this some more. ... (microsoft.public.windows.server.sbs) Re: VPN Question ... the laptop I'm using as the VPN client is sitting ... internal router and DHCP is handled by the SBS server. ... The SBS network is domain B. ... (microsoft.public.windows.server.sbs)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.sbs  > 2005-02