RE: access internal resources using external fqdn

Hello Loane,

Thank you for posting to the SBS Newsgroup.

I am sorry for the delayed response due to weekend. Please understand that
the newsgroups are staffed weekdays by Microsoft Support professionals to
answer your systems and applications questions. Your understanding is
greatly appreciated!

I am sorry that from your description, I cannot have a clear image what
exact issue you are experiencing. I assume that you want to use your public
FQDN to access your SBS resources from the Internet. If I have
misunderstood your concern, please feel free to let me now.

If my assumption is right, you should have a registered public domain name
such as Mycompany.com first and ask your ISP to create an A record such as
mail.mycompany.com to point to your SBS server's public IP. Then run
Configure E-mail and Internet Connection Wizard (CEICW) to create a
mail.mycompany.com certificate and publish the sites. Thus, you can use
mail.mycompany.com to access OWA, RWW and other published sites. To use SBS
to receive Internet emails through SMTP, your ISP should create a MX record
and point it to the A record.

Please see my following steps to rerun CEICW Wizard.

1. Log in the server as Administrator.

2. Expand Server Management\Standard Management\To Do List.

3. Click the "Connect to the Internet" link.

4. Choose the correct connect type and configure your network. You can
choose Do not change connection type if you have correctly configured it
before.

5. Proceed to the Firewall page, select "Enable firewall" and click Next.

6. Proceed to Services Configuration page, select all the items and then
click Next.

7. In the Web Services Configuration page, make sure that "Allow access to
the entire Web site from the Internet" is selected. If you select "Allow
access to only the following Web site services from the internet", make
sure both of the "Outlook Web Access" and "Remote Web Workplace" items are
selected. Click OK.

8. On the "Web Server Certificate" page, choose to create a new Web server
certificate and then type the public FQDN that you will use to access OWA
(for example, if your public FQDN that you use to access the sites is
mail.domain.com, you should type mail.domain.com as the new certificate
name). If you already requested a certificate with the name
"mail.domain.com" from a third party CA, you can choose "Use a Web server
certificate from a trusted authority" and then import the certificate.

9. Go through the remaining steps. The wizard will automatically configure
the SBS 2003 Basic Firewall to securely publish the two sites.

10. If you have a router or hardware firewall, configure it to forward
inbound traffic on TCP port 80 and 443 to the SBS server's external address.

11. Check if you can access OWA and RWW using
https://mail.domain.com/exchange and https://mail.domain.com/remote.

For more detail steps, please see:

825763 How to configure Internet access in Windows Small Business Server
2003
http://support.microsoft.com/?id=825763

I also suggest that you have a look the following KB article regarding
domain name we recommend for SBS:

Generally, it is no limitation that to name your internal and external
domain. However, it is recommend that you use .local suffix for your
internal domain name, since .local is not allowed to use on the internet
and it can protect your internal resource from exposing to the internet.

296250 The Domain Name System Name Recommendations for Small Business Server
http://support.microsoft.com/?id=296250

=================

If the issue persists, please help to gather following information for us
to perform further research:

So please help to gather following information for further research:

1. Your thread subject is "access internal resources using external fqdn",
I have following questions:

a. How did you access? For example, RWW, OWA, VPN?

b. What is the "internal resources" you are trying to access? For example,
SharePoint, Server or Client workstation desktop?

c. What is the "external fqdn"?

d. Does your issue is - you cannot access internal resources using external
FQDN from the Internet?

e. Can you access "internal resources" in LAN?

2. In your email body, you mentioned "I'm trying to access internal
resources using our fully qualified domain name on our SBS 2003 network."
Does this "fully qualified domain name" is the FQDN you registered in your
ISP?

3. You mentioned "SMTP server, bypassing Exchange", I assume that you are
using the third party SMTP Server, for example, ISP SMTP Server. Am I
right?

4. I need to know how you "refer to the FQDN in the SMTP and POP server".
Do you mean:

a. Open Outlook -> Tools -> E-mail Accounts.

b. Add a new e-mail account.

c. Server Type: POP3.

d. In the Internet E-mail Settings (POP3) page, you input your ISP SMTP
Server FQDN in the Server Information blanks.

Am I right?

Please take your time to perform the steps and gather the information. If
anything is unclear, please feel free to let me know. I am looking forward
to hearing from you!

Best regards,

Brandy Nee

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.



--------------------
>From: "Loane Sharp" <look_sharp_not@xxxxxxxxxxx>
>Subject: access internal resources using external fqdn
>Date: Sat, 26 Nov 2005 02:05:30 +0200
>Lines: 26
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
>X-RFC2646: Format=Flowed; Original
>Message-ID: <uLezf0h8FHA.3380@xxxxxxxxxxxxxxxxxxxx>
>Newsgroups: microsoft.public.windows.server.sbs
>NNTP-Posting-Host: rbmf-ip-nas-1-p372.telkom-ipnet.co.za 155.239.97.116
>Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
>Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:225610
>X-Tomcat-NG: microsoft.public.windows.server.sbs
>
>Hi there
>
>I'm trying to access internal resources using our fully qualified domain
>name on our SBS 2003 network. For example, I sometimes send mails
(directly
>from the SMTP server, bypassing Exchange) from the office, from home, and
on
>the road and I need to refer to the FQDN in the SMTP and POP server
details
>so that this setting works both out of the office and in the office. To
give
>another example, I need to be able to test HTTP uploads using the BITS
>service using our FQDN, since our clients will obviously not have access
to
>the internal network name when making these uploads.
>
>I've consulted several KB articles ... KB828054 ("You cannot open a Web
page
>that is on a Windows Small Business Server 2003-based server by using its
>FQDN"), KB300679 ("Internal Web clients are unable to access an
>externally-hosted Web site") and KB829039 ("Internal client computers
cannot
>connect to the externally accessible fully qualified domain name of the
>Windows Small Business Server 2003-based server").
>
>Am I totally off track?
>
>Please help
>
>Best regards
>Loane
>
>
>

.

Relevant Pages

  • Re: Internal vs External www access
    ... You have to rerun the CEICW to make sure your SBS 2003 server have ... How to configure Internet access in Windows Small Business Server 2003 ... Please point all internal clients' DNS to SBS NIC address. ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • Re: Port 443 for OUTLOOK WEB ACCESS
    ... > Thank you for posting in SBS newsgroup. ... Click To Do List and then click "Connect to the Internet". ... Go through the steps until the Web Server Certificate page is showed. ...
    (microsoft.public.windows.server.sbs)
  • Re: RPC over HTTP scenario
    ... Les Connor [SBS Community Member - SBS MVP] ... The firewall, an external device to the server, is what has the ... internet, it is exactly the name you would use for the certificate. ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • Re: R2 w/ISA User type account cannot use my companys internal website
    ... Alerts\Core Server Alerts ... Microsoft CSS Online Newsgroup Support ... And our product group is still reviewing the impact of the upgrade SBS ...
    (microsoft.public.windows.server.sbs)
  • Re: Internal vs External www access
    ... You have to rerun the CEICW to make sure your SBS 2003 server have ... How to configure Internet access in Windows Small Business Server 2003 ... Please point all internal clients' DNS to SBS NIC address. ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)