RE: ISA Error ID 21174
- From: v-edtian@xxxxxxxxxxxxxxxxxxxx (Edward Tian)
- Date: Tue, 25 Oct 2005 06:28:42 GMT
Hi Keith:
Thank you for posting here.
>From the description, I understand that after you run the CEICW Wizard,
many remote services such as RDP, OWA and Companyweb no longer worked. You
received an error 403 when accessing the OWA site. If I have misunderstood
your concern, please feel free to let me know.
Since there are many problems in this case, I would like to suggest that we
handle them one by one.
Regarding the error 403, this issue can occur if the URL you use in the Web
browser to access OWA, RWW and other web sites that does not match the name
in ISA server 2000 or 2004 web publishing rules. To resolve this issue, we
must run CEICW and specify the FQDN that you will use to access the sites
as the web server certificate. To do so:
1. On the SBS 2003 Server open the Server Management console. Go to
Standard Management\To Do List.
2. Click the "Connect to the Internet" link.
3. Choose not to change the connection type and click Next. On the Firewall
page, select "Enable firewall" and click Next (I suppose that you have 2
network adapters in SBS 2003).
4. On the "Services Configuration" page, select all the items and then
click Next.
5. On the "Web Services Configuration" page, make sure "Allow access to the
entire Web site from the Internet" is selected. If you select "Allow access
to only the following Web site services from the Internet", make sure both
the "Outlook Web Access" and "Remote Web Workplace" items are selected.
Click Next.
6. On the "Web Server Certificate" page, choose to create a new Web server
certificate and then type the public FQDN that you will use to access OWA
(for example, if your public FQDN that you use to access the sites is
mail.domain.com, you should type mail.domain.com as the new certificate
name). If you don't have a public FQDN yet, please enter the public IP
address of your SBS Server which can be reached by the external users.
7. Go through the remaining steps.
8. If you have a router or hardware firewall, configure it to forward
inbound traffic on TCP port 80 and 443 to the SBS server's external
address.
9. Then check if you can access OWA and RWW using
https://mail.domain.com/exchange and https://mail.domain.com/remote.
For more information regarding this problem, see:
842612 You receive a "403 Forbidden" message when you try to connect to a
Web
http://support.microsoft.com/?id=842612
Meanwhile, please help me gather the following information:
1. Can you access the OWA internally using https://servername/exchange?
2. Which version is the ISA Server, ISA 2000 or ISA 2004?
3. When did the problem occur? Did everything work fine before? If so, what
changes had you made to the SBS Server?
4. Type "ipconfig/all > d:\filename.txt" (without quotation mark) from the
command prompt, and then send the file to my mailbox:
v-edtian@xxxxxxxxxxxxx for further analysis.
5. You mentioned that Event ID 21174 appeared in the event log. Regarding
this event, I need more detailed configurations of your ISA Server. Since I
am not sure which version of ISA you are using, I provide both of the steps
to gather the ISA information:
If you are using the ISA 2000:
Help to gather the ISA info:
You can download this utility from:
http://www.isatools.org/isainfo.vbe
Run it on the ISA server. Then attach the ISAINFO report to me at your
earliest convenience.
If you are using the ISA 2004:
1) Download the file from the following URL:
http://www.isatools.org/isainfo/ISAInfo.zip
2) Extract all files to a folder on ISA server.
3) Double click Isainfo.js. This will generate 2 files
ISAInfo2004-<computer-name>.log and ISAInfo2004-<computer-name>.xml in the
current folder.
4) Please send these files to me.
Regarding the RDP and Remote service (I assume that it means VPN), I would
like to suggest that we troubleshoot these problems after the OWA issue is
resolved or create a new thread to work on these problems. Do you agree?
Hope the above information helps. Please feel free to let me know if there
is anything I can do for you.
Have a nice day!
Best Regards
Edward Tian(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: ISA Error ID 21174
| thread-index: AcXY7+voUDDC/pFoTjqwlsW2P+PAUw==
| X-WBNR-Posting-Host: 65.209.245.162
| From: "=?Utf-8?B?S2VpdGggUnVzc28=?="
<KeithRusso@xxxxxxxxxxxxxxxxxxxxxxxxx>
| Subject: ISA Error ID 21174
| Date: Mon, 24 Oct 2005 16:09:01 -0700
| Lines: 23
| Message-ID: <8B65DCF3-4161-4885-B432-7C665BD1B405@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:164171
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| I'm unable to access any of the remote services I've enabled during CEIW
| setup. RDP, OWA, Remote. When I try to connect I get of 403 Forbidden
instead
| of page not found. So I assume there is a connection happening because I
can
| view the certificate.
|
| In looking at the logs after a reboot I found this. Is this the soruce of
| the problem?
|
| Event Type: Error
| Event Source: Microsoft Firewall
| Event Category: None
| Event ID: 21174
| Date: 10/23/2005
| Time: 11:57:48 PM
| User: N/A
| Computer: SRV01
| Description:
| Server publishing rule [ISA24: Publish Companyweb] failed because there
was
| no valid network listener. For requests to reach the published server
there
| must be a network relationship between the selected listener networks and
the
| published server. Location 325.934.4.0.2163.213.
|
| TIA, Keith Russo
|
.
- Prev by Date: RE: SBS 2003 Server & XP clients
- Next by Date: SBS 2003 SP1 ISA 2004 problem
- Previous by thread: RE: SBS 2003 Server & XP clients
- Next by thread: SBS 2003 SP1 ISA 2004 problem
- Index(es):
Relevant Pages
|
Loading
