Re: Problems accessing SBS 2003 Welcome screen from Internet

From: hmartello (hmartello_at_discussions.microsoft.com)
Date: 03/11/05 

Date: Fri, 11 Mar 2005 09:23:02 -0800

I followed your diagram in the link you mentioned to set up the network
hardware with the router. In the router, I opened the ports that you
suggested.

Next I established a DDNS account with no-ip.com and installed their client
software on my server.

Then I started CEICW, enabled the firewall, selected the appropriate
services, and used the account domain name as the FQDN to create the
certificate required by RWW.

Now, I can access RWW from the SBS LAN by typing, http://ecfeserver/remote.
However,
when I try to access the SBS LAN from any Internet connected computer by
using https://ecfe.no-ip.org/remote or https://216.37.216.122/remote, I get
an error message in my browser.

Any other ideas would be appreciated.

Information from "ipconfig /all", the browser error message, and the router
forwarding screen follows:

==========================================================

Windows IP Configuration
   Host Name . . . . . . . . . . . . : ecfeserver
   Primary Dns Suffix . . . . . . . : ECFE.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : ECFE.local
                                                 domain.invalid

Ethernet adapter Server Local Area Connection:
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 CT Network Connection
   Physical Address. . . . . . . . . : 00-11-11-AD-CF-0C
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 10.0.0.16
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 10.0.0.16
   Primary WINS Server . . . . . . . : 10.0.0.16

Ethernet adapter Network Connection:
   Connection-specific DNS Suffix . : domain.invalid
   Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection
   Physical Address. . . . . . . . . : 00-11-11-AD-CF-0A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IP Address. . . . . . . . . . . . : 192.168.254.1
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.254.254
   DHCP Server . . . . . . . . . . . : 192.168.254.254
   DNS Servers . . . . . . . . . . . : 10.0.0.16
   NetBIOS over Tcpip. . . . . . . . : Disabled
   Lease Obtained. . . . . . . . . . : Thursday, March 10, 2005 6:41:44 PM
   Lease Expires . . . . . . . . . . : Monday, January 18, 2038 10:14:07 PM

==========================================================

The page cannot be displayed
The page you are looking for is currently unavailable. The Web site
might be experiencing technical difficulties, or you may need to adjust
your brower settings.

...

Cannot find server or DNS Error
Internet Explorer

===========================================================

   Current Port Forwarding Configuration

Protocol Port Redirected to IP Address
TCP SMTP / 25 192.168.254. 1
TCP 4125 192.168.254. 1
UDP 4125 192.168.254. 1
TCP 443 - 444 192.168.254. 1
UDP 443 - 444 192.168.254. 1
TCP 3389 192.168.254. 1
UDP 3389 192.168.254. 1

==========================================================

"Merv Porter [SBS-MVP]" wrote:

> If you haven't already, follow the diagram in the link I mentioned to set up
> the network hardware with the router (just the diagram; the text is mostly
> for SBS 2000). Then in your router, forward the appropriate ports (4125 for
> RWW, 443 for SSL/RWW, 3389 for TS and maybe 25 if you intend to host your
> own Exchange email server; do not open port 80 unless you are hosting your
> own web server for public consumption - which may not be the best idea with
> SBS).
>
> Once you have this done, run CEICW from the Server Management console.
> Enable the firewall and select the services you need so that the ISA 2000
> firewall is set up (if you currently have any custom packet filters, these
> will be disabled, so you'll need to re-enable them after CEICW).
>
> Now, with a dynamic IP address, you'll want to establish a DDNS (Dynamic
> DNS) account at one of the free providers (dyndns.org, no-ip.com, etc.).
> TZO.com is also very good but unfortunately is not free. This account will
> map the dynamic WAN address you get from your ISP to an account at the DDNS
> provider (something like: mycompanyname.dyndns.org). You'll then use this
> account domain name as the FQDN to create the certificate required by Remote
> Web Access (RWW). If you choose to forego the DDNS account, then use the
> dynamic WAN IP address from your ISP as the FQDN when you create the
> certificate.
>
> Once CEICW has been run, you should be all set to access your SBS network
> via RWW by typing (from any Internet connected computer):
> https://mycompanyname.dyndns.org/remote
>
> To access it from the SBS LAN, type: http://SBSservername/remote
>
> --
> Merv Porter [SBS MVP]
> ===================================
>
> "hmartello" <hmartello@discussions.microsoft.com> wrote in message
> news:AD158E16-341B-4D8F-B871-A3AA054C81E6@microsoft.com...
> > Your picture of our network configuration is correct. Moreover, our
> broadband
> > modem is also router but I turned that feature 'off' to rule out the
> router
> > as the problem.
> >
> >
> > "Merv Porter [SBS-MVP]" wrote:
> >
> > > I think you have a misconfigured network. It look slike your External
> NIC
> > > is not picking up a dynamci IP address from your ISP. However, the PPP
> > > adapter appears to be assigned a Public IP address (should be a private
> IP
> > > address assigned by the SBS server).
> > >
> > > Is this a picture of your network configuration? If not, what is your
> > > configuration?
> > >
> > > Internet
> > > |
> > > Broadband Modem
> > > |
> > > SBS External NIC (set to acquire an IP dynamically from your ISP)
> > > ||
> > > SBS Internal NIC (10.0.0.16)
> > > |
> > > Switch
> > > | | | | |
> > > Workstations (10.0.0.x via DHCP from SBS)
> > >
> > >
> > > Also, it would be preferable to buy a cheap router and add it to the
> > > network. This can add a layer of security to your network, reduce some
> of
> > > the load on the SBS server and make troubleshooting a little easier.
> You
> > > can set it up according to the diagram at:
> > >
> > > Two Nics, a dynamic IP address, ISA, router
> > > http://www.smallbizserver.net/Default.aspx?tabid=50
> > >
> > >
> > > --
> > > Merv Porter [SBS MVP]
> > > ===================================
> > > "hmartello" <hmartello@discussions.microsoft.com> wrote in message
> > > news:41A9319B-44D5-442C-A787-1BAD77E22FE7@microsoft.com...
> > > > We are using SBS 2003 with ISA Server 2000 and are having a problem
> > > accessing
> > > > the SBS 2003 "Welcome to Windows Small Business Server 2003" screen
> from a
> > > PC
> > > > on the internet.
> > > >
> > > > Now if we use a computer that is on the SBS 2003 LAN, we can access
> the
> > > SBS
> > > > 2003 Welcome screen by using the static private IP address for the
> local
> > > area
> > > > connection adapter that resides in the LAN (in our case
> http://10.0.0.16).
> > > >
> > > > However, if we use the dynamic IP address assigned to us by our DSL
> > > provider
> > > > (in our case http://216.37.202.10) from a PC on the internet, we get
> an
> > > error
> > > > message in our browser. (We can successfully ping and telnet to the
> server
> > > > using
> > > > the dynamic IP address.)
> > > >
> > > > Any help? The browser error message and the results of "ipconfig /all"
> are
> > > > as follows:
> > > >
> > > > =====================================================
> > > >
> > > > The page cannot be displayed
> > > > There is a problem with the page you are trying to reach and it cannot
> be
> > > > displayed.
> > > >
> > >
> > --------------------------------------------------------------------------
> > > ------
> > > >
> > > > Please try the following:
> > > >
> > > > Click the Refresh button, or try again later.
> > > >
> > > > Open the Web site home page, and then look for links to the
> information
> > > you
> > > > want.
> > > > If you believe you should be able to view this directory or page,
> please
> > > > contact
> > > > the Web site administrator by using the e-mail address or phone number
> > > > listed on
> > > > the Web site home page.
> > > > 10061 - Connection refused
> > > > Internet Security and Acceleration Server
> > > >
> > >
> > --------------------------------------------------------------------------
> > > ------
> > > >
> > > > Technical Information (for support personnel)
> > > >
> > > > Background:
> > > > The server you are attempting to access has refused the connection
> with
> > > the
> > > > gateway.
> > > > This usually results from trying to connect to a service that is
> inactive
> > > on
> > > > the server.
> > > >
> > > > ISA Server: ecfeserver.ECFE.local
> > > > Via:
> > > >
> > > > Time: 3/8/2005 3:16:57 PM GMT
> > > >
> > > > ====================================================
> > > >
> > > >
> > > >
> > > >
> > > > Windows IP Configuration
> > > > Host Name . . . . . . . . . . . . : ecfeserver
> > > > Primary Dns Suffix . . . . . . . : ECFE.local
> > > > Node Type . . . . . . . . . . . . : Unknown
> > > > IP Routing Enabled. . . . . . . . : Yes
> > > > WINS Proxy Enabled. . . . . . . . : Yes
> > > > DNS Suffix Search List. . . . . . : ECFE.local
> > > >
> > > > Ethernet adapter Network Connection:
> > > > Connection-specific DNS Suffix . :
> > > > Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network
> > > Connection
> > > > Physical Address. . . . . . . . . : 00-11-11-AD-CF-0A
> > > > DHCP Enabled. . . . . . . . . . . : Yes
> > > > Autoconfiguration Enabled . . . . : Yes
> > > > Autoconfiguration IP Address. . . : 169.254.31.192
> > > > Subnet Mask . . . . . . . . . . . : 255.255.0.0
> > > > Default Gateway . . . . . . . . . :
> > > > DNS Servers . . . . . . . . . . . : 10.0.0.16
> > > > NetBIOS over Tcpip. . . . . . . . : Disabled
> > > >
> > > > Ethernet adapter Server Local Area Connection:
> > > > Connection-specific DNS Suffix . :
> > > > Description . . . . . . . . . . . : Intel(R) PRO/1000 CT Network
> > > Connection
> > > > Physical Address. . . . . . . . . : 00-11-11-AD-CF-0C
> > > > DHCP Enabled. . . . . . . . . . . : No
> > > > IP Address. . . . . . . . . . . . : 10.0.0.16
> > > > Subnet Mask . . . . . . . . . . . : 255.255.255.0
> > > > Default Gateway . . . . . . . . . :
> > > > DNS Servers . . . . . . . . . . . : 10.0.0.16
> > > > Primary WINS Server . . . . . . . : 10.0.0.16
> > > >
> > > > PPP adapter Small Business Broadband Connection:
> > > > Connection-specific DNS Suffix . :
> > > > Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
> > > > Physical Address. . . . . . . . . : 00-53-45-00-00-00
> > > > DHCP Enabled. . . . . . . . . . . : No
> > > > IP Address. . . . . . . . . . . . : 216.37.202.10
> > > > Subnet Mask . . . . . . . . . . . : 255.255.255.255
> > > > Default Gateway . . . . . . . . . : 0.0.0.0
> > > > DNS Servers . . . . . . . . . . . : 199.224.64.20
> > > > 199.224.86.15
> > > > NetBIOS over Tcpip. . . . . . . . : Disabled
> > > >
> > > >
> > >
> > >
> > >
>
>
>