Re: Remote Access and Outlook Web Access on SBS 2003



That's not normal behaviour, the SBS and the workstations are all on the
same subnet.

What are the DHCP options you show, did you manually set the scope and
options, or did SBS set them?

If OWA works, and RWW doesen't, then I'd guess there are some
'customizations' that have been done in IIS.

--
Les Connor [SBS Community Member - SBS MVP]
-----------------------------------------------------------
SBS Rocks !
----------------------
"Tell me and I'll forget. Show me and I'll remember. Involve me and I'll
understand." - Confucius


"Greg Kirkpatrick" <GregKirkpatrick@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:E7EECB55-2A14-4C27-87A7-8E02B9892418@xxxxxxxxxxxxxxxx
Well, I missed your response, sorry, it just got overlooked.

I turned off DHCP in the router, and reran CEICW -- but stations started
going offline, so I had to turn DHCP back on, in the router, at least
temporarily. Since the SBS has 1 NIC, and since the router is between the
SBS and the client stations, all of the stations' NICs "Obtain auto" point
to
the router (192.168.0.1) for Primary DNS. It seems to me, that I will
either
have to bow to getting a 2nd NIC for the SBS, and passing traffic through
it,
or else i'll have to put a static DNS on each station [ugh!]. I am losing
this fight, so I am going to give in and put a 2nd NIC in the SBS and pass
the traffic.

I still haven't been able to access RWW within the LAN (unless it's not
via
https://192.168.0.2/remote) -- I keep getting tossed to an error page
after
it prompts 3 times for name & password.

There's no chance of beefing up the server, unless someone hits the lotto,
but I do have several alternate routers, none of them as pretty as
SonicWall
or Watchguard or Firebox. One of them, which I had purchased for myself,
might help get this set up -- it's a NETGEAR Prosafe VPN Dual-WAN router.
If
it works to get Remote Access running, then I might persuade the owner
that
he *needs* it.


"Lanwench [MVP - Exchange]" wrote:


In news:AB071764-4D2E-470B-826F-23A0D632633E@xxxxxxxxxxxxx,
Greg Kirkpatrick <GregKirkpatrick@xxxxxxxxxxxxxxxxxxxxxxxxx> typed:
Regarding DHCP -- actually, I should have typed "No" after "DHCP
enabled" as the server is static IP'd to 192.168.0.2. You are right,
though, that the D-Link router should not be a DHCP server, and that
the SBS 2003 box should be...I will fix that.

Cool - it works better.

I am not sure I understand why it is important that there are no
external DNS servers, and that every box (even the SBS) points to the
SBS box for DNS.

This is a basic tenet of AD. Servers & clients must not directly point to
external DNS servers, or AD doesn't work right. This is a *must*.

I believe that, as of now, each of them points to
192.168.0.2 as the Primary DNS, but that one client station (and the
SBS server) has two secondary (alternate) DNS entries matching those
provided by the ISP.

Undo that.

It would seem efficient to do so, in the
(unlikely) event that the client and the server are not talking to
each other, and in order that communication to the Internet be
maintained regardless.

Don't. If you have good hardware, it is indeed unlikely.

If there is a reason to change that, I will
do so -- only one station is locally static IP'd, so it's not
difficult. However, this is off topic, since the client stations have
been turned off all weekend, and cannot have any bearing on why
Remote Access and Outlook Web Access are not working to the SBS 2003
server.

Possibly not, but fix your clients and server so they don't have any
external IPs. Make sure everything is fine internally, and you can use
RWW
and OWA inside, and then double check your port forwarding - if it's all
fine inside, and not from the Internet, either it's your router or your
ISP
is blocking ports or something. Do you have a spare router/firewall you
can
test with, if all looks fine from the inside?

I should have mentioned previously, that the SBS 2003 server is
running Standard (no ISA), and that yes, there is a firewall in the
D-Link DI-524 (which I have trusted more than using a software one
inside SBS),

ISA is fine; I agree that running it on your sole DC probably isn't the
best
thing, and I always use standard & one NIC myself.

and yes, there is only 1 NIC in the SBS server (because
I didn't want to flow traffic through it, and thus put a larger
burden or dependency on the server).

That's fine, but I don't know that the D-Link is the best firewall for
this
job - that's a home/consumer-grade device. Look into SonicWall or
Watchguard.

The primary role for the SBS
box, at this site, is as a file server, and it is minimally powered
for that job, due to the purchasing by the business owner.

Any chance you can beef it up at all?


"Lanwench [MVP - Exchange]" wrote:

Presuming this is correct, I see several problems.

If that's your server, why is it getting an IP address via DHCP? It
needs a static address.

You ought to be running DHCP from your SBS box, in addition - not
your router/firewall.

Also, in AD, all clients and servers *must* point only at the
internal DNS server (in this case, SBS, AD-integrated)'s lan IP for
DNS - *no* external DNS servers at all. The forwarders you configure
in the DNS server's properties should take care of external queries.





.