Re: New SBS2003 Premium no exteranl access to RWW/OWA
- From: "Les Connor [SBS Community Member - SBS MVP]" <les.connor@xxxxxxxxxxxx>
- Date: Sat, 24 Sep 2005 20:40:08 -0500
Hi Don,
You can just run the ceicw and enter the public IP to generate the
certificate. When you want to make a change to FQDN, run the wizard and
generate a new certificate with the fqdn.
--
Les Connor [SBS Community Member - SBS MVP]
-----------------------------------------------------------
SBS Rocks !
----------------------
"Tell me and I'll forget. Show me and I'll remember. Involve me and I'll
understand." - Confucius
"DonB" <nospam@xxxxxxx> wrote in message
news:O1El3fRwFHA.3720@xxxxxxxxxxxxxxxxxxxxxxx
> Hello Les,
>
> So the certificate must match the URL used. If this is the case then my
> problem may be that I was being too careful and when we are ready to go
> live
> I should just edit the DNS to point to the new system.
>
> The certificate was created with the FQDN but I was "testing" using the
> public IP because the DNS is currently pointing to the emergency backup
> systems.
>
> Knowing ISA 2000 was only slightly helpful with ISA 2004 and my experience
> with SBS 2003 has only been with the Standard version and have never had a
> problem with the systems I have in place. This particular installation
> was
> the last of my SBS 2000 systems and the only one that included ISA 2000.
>
> Thanks for the input...
>
> DB...
>
>
> So "Les Connor [SBS Community Member - SBS MVP]" <les.connor@xxxxxxxxxxxx>
> wrote in message news:OdJa5uKwFHA.3588@xxxxxxxxxxxxxxxxxxxxxxx
>> Hi DonB,
>>
>> I haven't read in detail, but a couple of things immediately caught my
> eye.
>>
>> First thing:
>>
>> > The page cannot be displayed etc etc. Error Code: 403 Forbidden. The
>> > server
>> > denied the specified Uniform Resource Locator (URL). Contact the server
>> > administrator. (12202)
>>
>> That's a classic 'does not match' issue. What is the name you entered in
>> CEICW to generate the certificate, and what is the exact URL you are
>> using
>> to access the server RWW or OWA? If you access by IP, then only the IP
>> should be used for certificate name. If you access by FQDN, then only the
>> FQDN should be used for certificate name.
>>
>> i.e. https://1.2.3.4/remote, where cert name used is 1.2.3.4 will
>> succeed.
>> (1.2.3.4 is your public IP)
>> https://domain.com/remote, where cert name used is domain.com will
> succeed.
>> (domain.com resolves to your public IP)
>>
>> Second thing:
>>
>> Be VERY careful applying Dr. Shindlers ISA methods to SBS, especially
>> when
>> he mentions SBS by name. No disrespect, but be has a lot to learn about
> SBS,
>> as evidenced by three recent articles on his site. You need to know both
> ISA
>> *and* SBS to stray very far from the wizards; knowing one or the other
> isn't
>> enough.
>>
>> --
>> Les Connor [SBS Community Member - SBS MVP]
>> -----------------------------------------------------------
>> SBS Rocks !
>> ----------------------
>> "Tell me and I'll forget. Show me and I'll remember. Involve me and I'll
>> understand." - Confucius
>>
>>
>> "DonB" <nospam@xxxxxxx> wrote in message
>> news:%23Doab2IwFHA.2292@xxxxxxxxxxxxxxxxxxxxxxx
>> > Greetings...
>> >
>> > Just before packing up and running from Hurricane Katrina all of the
>> > DNS
>> > records were changed to point to a remote data center which has kept
>> > the
>> > mail flowing since the storm. For several months the topic of
>> > upgrading
>> > form SBS 2000 to SBS 2003 had been discussed mostly because of RWW.
> When
>> > the T1 came back up a few days ago a shiny new "clean" install of SBS
> 2003
>> > Premium was ready to run except RWW and OWA will not work from the
> outside
>> > world. You can Telnet into Exchange and all internal systems and the
>> > server
>> > can surf the net and outbound mail is working. You can connect to RWW
> and
>> > OWA from internal systems using the local IP address/remote or exchange
>> > but
>> > when you try to connect using the external IP address/remote or
>> > exchange
>> > you
>> > get only the infamous:
>> >
>> > The page cannot be displayed etc etc. Error Code: 403 Forbidden. The
>> > server
>> > denied the specified Uniform Resource Locator (URL). Contact the server
>> > administrator. (12202)
>> >
>> > Here was the configuration used on the old SBS 2000/ISA2000 system
> before
>> > the storm and the same configuration was used on the new SBS 2003
> system:
>> >
>> > ISP router with static IP range of 2xx.xxx.xxx.xx6/29 Router IP is
>> > 2xx.xxx.xxx.xx7
>> >
>> > Netscreen 5XP with WAN IP 2xx.xxx.xxx.xx8 Gateway IP
> 2xxx.xxx.xxx.xx7
>> > LAN IP 192.168.200.1
>> > NOTE: The netscreen was originally set-up for SBS2000/ISA2000 and
> allowed
>> > 25, 80, 110, 443, 3389 & 4125
>> >
>> > SBS 2003 EXT NIC IP 192.168.200.10 Gateway IP 192.168.200.1
>> > SBS 2003 INT NIC IP 192.168.100.10 NO Gateway
>> > Internal systems get addresses from DHCP server and have a Gateway of
>> > 192.168.100.10
>> >
>> > Here is IPCONFIG info
>> >
>> > Windows IP Configuration
>> >
>> > Host Name . . . . . . . . . . . . : servername
>> > Primary Dns Suffix . . . . . . . : domainname.local
>> > Node Type . . . . . . . . . . . . : Unknown
>> > IP Routing Enabled. . . . . . . . : Yes
>> > WINS Proxy Enabled. . . . . . . . : Yes
>> > DNS Suffix Search List. . . . . . : domainname.local
>> >
>> > Ethernet adapter WAN:
>> > Connection-specific DNS Suffix . :
>> > Description . . . . . . . . . . . : Ethernet Adapter (Generic)
>> > Physical Address. . . . . . . . . : 00-00-00-00-00-00 edited
>> > DHCP Enabled. . . . . . . . . . . : No
>> > IP Address. . . . . . . . . . . . : 192.168.200.10
>> > Subnet Mask . . . . . . . . . . . : 255.255.255.0
>> > Default Gateway . . . . . . . . . : 192.168.200.1
>> > DNS Servers . . . . . . . . . . . : 192.168.100.10
>> > Primary WINS Server . . . . . . . : 192.168.100.10
>> > NetBIOS over Tcpip. . . . . . . . : Disabled
>> >
>> > Ethernet adapter LAN:
>> > Connection-specific DNS Suffix . :
>> > Description . . . . . . . . . . . : Fast Ethernet NIC
>> > Physical Address. . . . . . . . . : 00-00-00-00-00-00 edited
>> > DHCP Enabled. . . . . . . . . . . : No
>> > IP Address. . . . . . . . . . . . : 192.168.100.10
>> > Subnet Mask . . . . . . . . . . . : 255.255.255.0
>> > Default Gateway . . . . . . . . . :
>> > DNS Servers . . . . . . . . . . . : 192.168.100.10
>> > Primary WINS Server . . . . . . . : 192.168.100.10
>> >
>> > Only the wizards were used for this set-up except for the ALL OPEN,
>> > DHCP
>> > and
>> > DNS rules indicated in the Shinder ISA Server 2004 book.
>> >
>> > I have looked through this group and found others with this type of
>> > problem
>> > and the fix is related to the Server Certificate. Since all DNS
>> > records
>> > currently point to the Plan B systems is this the problem even though I
> am
>> > not connecting using a domain name. I seem to remember being able to
>> > connect to another SBS 2003 Standard system that to this day does not
> have
>> > a
>> > DNS record associated with it but it also does not have ISA 2004...
>> >
>> > I have been around since Proxy 1.0 and just when I start to get
>> > comfortable
>> > the new version comes out and I start over again but the one thing I do
>> > know
>> > is when to stop and ask someone else who knows more.
>> >
>> > Now Rita is knocking on the door so its time to pack up and run to
> higher
>> > ground again for hopefully only a day or so this time which means I
>> > have
> a
>> > day or so to find out what is wrong and make it right...
>> >
>> > Thanks in advance for any help or pointing in the right direction you
> can
>> > give me...
>> >
>> > DB...
>> >
>> >
>> >
>> >
>> >
>> >
>>
>>
>
>
.
- References:
- New SBS2003 Premium no exteranl access to RWW/OWA
- From: DonB
- Re: New SBS2003 Premium no exteranl access to RWW/OWA
- From: Les Connor [SBS Community Member - SBS MVP]
- New SBS2003 Premium no exteranl access to RWW/OWA
- Prev by Date: Re: SBS Domain Controller without DHCP possible?
- Next by Date: Re: SBS Domain Controller without DHCP possible?
- Previous by thread: Re: New SBS2003 Premium no exteranl access to RWW/OWA
- Next by thread: reestablish the trust with sbs 2003
- Index(es):
Relevant Pages
|
