RE: Help with Internet and Email wizard

Hello Mark,

Thank you for posting in the SBS newsgroup.

According to your description, I understand that you would like to allow
the OWA can be connected via a VPN connection into the Office. If I have
misunderstood the problem, please don't hesitate to let me know.

As you mentioned, you don't want to set up an external internet access,
only access the SBS service by VPN, considering this condition, let me
explain the CEICW option:

1. On SBS Server, run the CEICW, go through "Connection Type" page, on
the Firewall page, check the "Enable firewall" check box and click Next.

2. Since we don't want to set up an external internet access, only access
the SBS service by VPN, we can uncheck the "E-mail" and other appropriate
services, then click Next.

3. Since we don't want to set up an external internet access, only access
the SBS service by VPN, we can uncheck the "Outlook Web Access" and other
appropriate Web site services, then click Next.

4. On the "Web Server Certificate" page,

1) We can select Option one "Create a new Web server certificate" to
recreate SBS self-assigned certificate.

If the user selects this option, the component will create a self-signed
certificate. The certificate will have the default expiration period (five
years). The certificate will use the user-provided Internet server name for
the SBS server. This value will then be stored in the InternetServerName
regkey for other components. IIS will then be configured to use this
certificate to create encrypted sessions with Web clients. The certificate
that the component creates will also have to be saved to
%sbsserver%\clientapps\SBScert\sbscert.cer so it will be available for
Client Setup to install on the client computers.

If a certificate already exists on the computer, the user will be prompted
to see if he/she wants to revoke or replace the existing certificate. If
not, then the user will be prompted to select ¡°Do not change.¡±

2) If we select Option two "Use a Web server certificate from a trusted
authority":?

If the user has his/her own certificate created by a trusted third-party
source such as Verisign, then the wizard will take that certificate file
and configure IIS to use that certificate for SSL. There is no need to ask
the user for a server name nor is it necessary to save it to a location for
Client Setup since it is already a trusted certificate.

In the scenario where ISA is being used for firewall and Web publishing,
the certificate must also be added to the ISA server in order to allow ISA
to respond to SSL requests.

Important: Please note that this certificate is used to enable (Secure
Sockets Layer) SSL connection between clients and Web Server site. However,
since we don't want to set up an external internet access, only access the
SBS service by VPN, all web server access only occur in the internal and
VPN tunnel, we don't need to create this certificate.

Note: We also can click "More Information" button to get more detailed
information on the "Web Server Certificate" page.

5. In the Internet E-mail tab, please click to "Enable Internet E-mail".

6. In the Email Delivery method page, please choose the correct email
delivery method. If you need to forward internet email to your ISP
Smarthost, please input the Smarthost address correctly. If you use DNS to
route emails, please choose this option.

Note: If you choose to forward emails to the ISP's email server (smart
host), you need to type the FQDN of the ISP's email server. If your ISP
provides you the IP address of their email server, for example,
12.34.56.78, you should type the IP address as "[12.34.56.78]" (without the
quotation marks) on the connector's properties page.

7. In the E-mail Retrieval Method page, specify to receive e-mail
using one or both of the following methods:

- POP3 Mailboxes (Use POP3 Connector to retrieve incoming email from ISP
POP3 mailboxes)
- Exchange (Incoming email are directly delivered to SBS Server via SMTP
service)

Click Next.

8. In the E-mail Domain Name page, enter your registered e-mail
Internet domain name, (i.e. domain.com). The e-mail domain name should
match the mail exchanger (MX) resource record maintained at your ISP. This
must be a registered Internet domain name. If you do not have your own
registered Internet domain name, leave the box blank.

9. If you are using the POP3 Connector to retrieve incoming email, in
the POP3 Mailbox Accounts page, click Add and add the appropriate POP3
mailbox accounts, then click Next.

10. Input the correct information in the rest page and finish the
wizard.

For delivering the internet emails, if you have hardware router, you should
make sure the Outbound TCP port 25 is opening. For your ISP configuration,
you ISP should allow TCP port 25 outbound communication.

If your SBS server uses ISP smarthost, I would like to bring the following
article to your attention

827601 Cannot send external mail when your smart host server is different
from
http://support.microsoft.com/?id=827601

825763 How to configure Internet access in Windows Small Business Server
2003
http://support.microsoft.com/?id=825763

To get additional detailed information, you may refer to the following KB
article:

825763 How to configure Internet access in Windows Small Business Server
2003
http://support.microsoft.com/?id=825763

How to configure the server for Internet access [Author Mari?tte Knap]
http://www.smallbizserver.net/Default.aspx?tabid=185

NOTE: This response contains a reference to a third party World Wide Web
site. Microsoft is providing this information as a convenience to you.
Microsoft does not control these sites and has not tested any software or
information found on these sites; therefore, Microsoft cannot make any
representations regarding the quality, safety, or suitability of any
software or information found there. There are inherent dangers in the use
of any software found on the Internet, and Microsoft cautions you to make
sure that you completely understand the risk before retrieving any software
from the Internet.

I appreciate your time and cooperation. If anything is unclear, please feel
free to let me know. I am looking forward to hearing from you.

Best regards,

Nathan Liu (MSFT)
Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.


--------------------
>From: "Mark Wallace" <mark.wallace@xxxxxxxxxxxxxxxxxxxxxx>
>Newsgroups: microsoft.public.windows.server.sbs
>Subject: Help with Internet and Email wizard
>Date: 1 Dec 2005 08:53:50 -0800
>Organization: http://groups.google.com
>Lines: 17
>Message-ID: <1133456030.076688.64740@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
>NNTP-Posting-Host: 80.176.82.50
>Mime-Version: 1.0
>Content-Type: text/plain; charset="iso-8859-1"
>X-Trace: posting.google.com 1133456035 2506 127.0.0.1 (1 Dec 2005 16:53:55
GMT)
>X-Complaints-To: groups-abuse@xxxxxxxxxx
>NNTP-Posting-Date: Thu, 1 Dec 2005 16:53:55 +0000 (UTC)
>User-Agent: G2/0.2
>X-HTTP-UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET
CLR 1.1.4322),gzip(gfe),gzip(gfe)
>Complaints-To: groups-abuse@xxxxxxxxxx
>Injection-Info: g47g2000cwa.googlegroups.com; posting-host=80.176.82.50;
> posting-account=qwFsTg0AAABlG9RShrWOm5Sv0h05zAH1
>Path:
TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.sul.t-online.de!t-onli
ne.de!border2.nntp.dca.giganews.com!border1.nntp.dca.giganews.com!nntp.gigan
ews.com!postnews.google.com!g47g2000cwa.googlegroups.com!not-for-mail
>Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:227035
>X-Tomcat-NG: microsoft.public.windows.server.sbs
>
>I am setting up a Win 2003 SBS and have got stuck with the internet and
>email wizard.
>
>I want users to be able to access Outlook Web services over a VPN
>connection into the office.
>At the Web Service configuation page of the wizard I therfrore selct
>the "Outlook web access" option and hit "next".
>
>the wizard then goes to a Web Server cerifacte page.
>
>Option one is:- enter the web address e.g www.microsoft.com
>
>Oprion two is:- Obtain a web server certifcate.
>
>Could someone explain which option I should choose. I do not want to
>set up an external internet address, only access the service by VPN.
>
>

.