Re: Remote Access and Outlook Web Access on SBS 2003



That's not normal behaviour, the SBS and the workstations are all on the
same subnet.

What are the DHCP options you show, did you manually set the scope and
options, or did SBS set them?

If OWA works, and RWW doesen't, then I'd guess there are some
'customizations' that have been done in IIS.

--
Les Connor [SBS Community Member - SBS MVP]
-----------------------------------------------------------
SBS Rocks !
----------------------
"Tell me and I'll forget. Show me and I'll remember. Involve me and I'll
understand." - Confucius


"Greg Kirkpatrick" <GregKirkpatrick@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:E7EECB55-2A14-4C27-87A7-8E02B9892418@xxxxxxxxxxxxxxxx
Well, I missed your response, sorry, it just got overlooked.

I turned off DHCP in the router, and reran CEICW -- but stations started
going offline, so I had to turn DHCP back on, in the router, at least
temporarily. Since the SBS has 1 NIC, and since the router is between the
SBS and the client stations, all of the stations' NICs "Obtain auto" point
to
the router (192.168.0.1) for Primary DNS. It seems to me, that I will
either
have to bow to getting a 2nd NIC for the SBS, and passing traffic through
it,
or else i'll have to put a static DNS on each station [ugh!]. I am losing
this fight, so I am going to give in and put a 2nd NIC in the SBS and pass
the traffic.

I still haven't been able to access RWW within the LAN (unless it's not
via
https://192.168.0.2/remote) -- I keep getting tossed to an error page
after
it prompts 3 times for name & password.

There's no chance of beefing up the server, unless someone hits the lotto,
but I do have several alternate routers, none of them as pretty as
SonicWall
or Watchguard or Firebox. One of them, which I had purchased for myself,
might help get this set up -- it's a NETGEAR Prosafe VPN Dual-WAN router.
If
it works to get Remote Access running, then I might persuade the owner
that
he *needs* it.


"Lanwench [MVP - Exchange]" wrote:


In news:AB071764-4D2E-470B-826F-23A0D632633E@xxxxxxxxxxxxx,
Greg Kirkpatrick <GregKirkpatrick@xxxxxxxxxxxxxxxxxxxxxxxxx> typed:
Regarding DHCP -- actually, I should have typed "No" after "DHCP
enabled" as the server is static IP'd to 192.168.0.2. You are right,
though, that the D-Link router should not be a DHCP server, and that
the SBS 2003 box should be...I will fix that.

Cool - it works better.

I am not sure I understand why it is important that there are no
external DNS servers, and that every box (even the SBS) points to the
SBS box for DNS.

This is a basic tenet of AD. Servers & clients must not directly point to
external DNS servers, or AD doesn't work right. This is a *must*.

I believe that, as of now, each of them points to
192.168.0.2 as the Primary DNS, but that one client station (and the
SBS server) has two secondary (alternate) DNS entries matching those
provided by the ISP.

Undo that.

It would seem efficient to do so, in the
(unlikely) event that the client and the server are not talking to
each other, and in order that communication to the Internet be
maintained regardless.

Don't. If you have good hardware, it is indeed unlikely.

If there is a reason to change that, I will
do so -- only one station is locally static IP'd, so it's not
difficult. However, this is off topic, since the client stations have
been turned off all weekend, and cannot have any bearing on why
Remote Access and Outlook Web Access are not working to the SBS 2003
server.

Possibly not, but fix your clients and server so they don't have any
external IPs. Make sure everything is fine internally, and you can use
RWW
and OWA inside, and then double check your port forwarding - if it's all
fine inside, and not from the Internet, either it's your router or your
ISP
is blocking ports or something. Do you have a spare router/firewall you
can
test with, if all looks fine from the inside?

I should have mentioned previously, that the SBS 2003 server is
running Standard (no ISA), and that yes, there is a firewall in the
D-Link DI-524 (which I have trusted more than using a software one
inside SBS),

ISA is fine; I agree that running it on your sole DC probably isn't the
best
thing, and I always use standard & one NIC myself.

and yes, there is only 1 NIC in the SBS server (because
I didn't want to flow traffic through it, and thus put a larger
burden or dependency on the server).

That's fine, but I don't know that the D-Link is the best firewall for
this
job - that's a home/consumer-grade device. Look into SonicWall or
Watchguard.

The primary role for the SBS
box, at this site, is as a file server, and it is minimally powered
for that job, due to the purchasing by the business owner.

Any chance you can beef it up at all?


"Lanwench [MVP - Exchange]" wrote:

Presuming this is correct, I see several problems.

If that's your server, why is it getting an IP address via DHCP? It
needs a static address.

You ought to be running DHCP from your SBS box, in addition - not
your router/firewall.

Also, in AD, all clients and servers *must* point only at the
internal DNS server (in this case, SBS, AD-integrated)'s lan IP for
DNS - *no* external DNS servers at all. The forwarders you configure
in the DNS server's properties should take care of external queries.





.



Relevant Pages

  • Re: Urgent! New router and big disaster
    ... Go back to pointing the external NIC DNS Servers to the SBS server IP ... make sure the DHCP Client Service is running on the server. ... Next I Select a local router device with an ip address. ...
    (microsoft.public.windows.server.sbs)
  • Re: network drops out every afternoon
    ... I've switched DHCP service and DNS services back on SBS. ... I may have missed it but did you say you have DNS also turned off on the SBS ... client PC's look to SBS for DNS only not the router. ... I too had two NIC's with one disabled on SBS server. ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS Setup Best Practice?
    ... OR Registrar DNS(depending who runs the authoritative DNS) that will point ... router you then forward everything you want to let through to your WAN SBS ... my web hosting provider's DNS to point to my server box correct? ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS2003 - Cannot restore GPO following Article 888943
    ... As to the second DNS setting, the system worked quite well prior to ... forwarders on the SBS server DNS. ... >another installation of SBS 2003? ... >This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • Re: Server/Network setup question
    ... currently the users are getting IP addresses from DHCP on the router. ... SBS server a static IP address in the same range as the router. ... be in a subnet that is different from the SBS LAN (with their own Internet ...
    (microsoft.public.windows.server.sbs)