RE: Can't access /Exchange or /Remote after ISA 2004 installed

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

Hi Andrew,

Thank you for posting in SBS newsgroup.

From the description, I understand the issue to be: MyComputer can not
access access.mydomain.com/Exchange or access.mydomain.com/Remote after ISA
2004 has been installed on SBS. However you can access all after you
connect the MyComputer to the external NIC of SBS. As I know, the problem
should be caused by the configuration of router. Because we are not
familiar with third party hardware, you may need to consult the hardware
vendor and troubleshoot the issue.

Thanks for your understanding!

Best regards,

Crina Li (MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.

=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "Andrew Meador - ASCPA, MCSE, MCP+I, Network+, A+"
<ameador1@xxxxxxxxxxxxxxx>
| Newsgroups: microsoft.public.windows.server.sbs
| Subject: Can't access /Exchange or /Remote after ISA 2004 installed
| Date: 1 Mar 2006 08:02:21 -0800
| Organization: http://groups.google.com
| Lines: 70
| Message-ID: <1141228941.641641.236190@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
| NNTP-Posting-Host: 70.126.45.238
| Mime-Version: 1.0
| Content-Type: text/plain; charset="iso-8859-1"
| X-Trace: posting.google.com 1141228947 5303 127.0.0.1 (1 Mar 2006
16:02:27 GMT)
| X-Complaints-To: groups-abuse@xxxxxxxxxx
| NNTP-Posting-Date: Wed, 1 Mar 2006 16:02:27 +0000 (UTC)
| User-Agent: G2/0.2
| X-HTTP-UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1;
NET CLR 1.1.4322),gzip(gfe),gzip(gfe)
| Complaints-To: groups-abuse@xxxxxxxxxx
| Injection-Info: z34g2000cwc.googlegroups.com; posting-host=70.126.45.238;
| posting-account=MWj-zw0AAABafw4r1aEmDwYweqJkWrLo
| Path:
TK2MSFTNGXA03.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.sul.t-online.de!t-onli
ne.de!news.glorb.com!postnews.google.com!z34g2000cwc.googlegroups.com!not-fo
r-mail
| Xref: TK2MSFTNGXA03.phx.gbl microsoft.public.windows.server.sbs:248451
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| I had the network setup like this:
|
| internet
| .
| (dynamicIP)router(10.0.0.1)
| .
| MyComputer(10.0.0.11)
| .
| (10.0.0.200)router(10.1.1.1)
| .
| (10.1.1.2)SBS2003(10.1.2.1)
|
| I configured the hosts file on MyComputer and set
| access.mydomain.com to 10.0.0.200. With this configuration, I could go
| to IE and enter http://access.mydomain.com/Remote or
| http:/access.mydomain.com/Exchange and gain access to these sites on
| the SBS2003 server. I could also access
| https://access.mydomain.com:444. I then installed ISA 2004. I re-ran
| CIEW on SBS2003 and re-ran Remote Access Configuration Wizard. Now,
| from MyComputer, I can get access to https://access.mydomain.com:444,
| but I can't get access to /Remote or /Exchange.
| I have the following ports forwarded on the router (Netgear FVS114) to
| 10.1.1.2:
|
| 1 SMTP (tcp port 25) ALLOW always -> 10.1.1.2
| 2 HTTPS (tcp port 443) ALLOW always -> 10.1.1.2
| 3 HTTP (tcp port 80) ALLOW always -> 10.1.1.2
| 4 CompanyWeb (tcp port 444) ALLOW always -> 10.1.1.2
| 5 RemoteDesktp (tcp port 4125) ALLOW always -> 10.1.1.2
| 6 TerminalServ (tcp port 3389) ALLOW always -> 10.1.1.2
| 7 PPTP (tcp port 1723) ALLOW always -> 10.1.1.2
| 8 FTP (tcp port 21) BLOCK always
| 9 All others BLOCK always
|
| Now, as a test, I connected MyComputer between the
| (10.0.0.200)router(10.1.1.1) and (10.1.1.2)SBS2003(10.1.2.1) and gave
| MyComputer an IP of 10.1.1.10. With MyComputer setup like this, I can
| connect to all the sites listed above.
| The error I was getting when on the outside of the router was 'The
| page cannot be displayed...Cannot find server or DNS Error Internet
| Explorer'. I have no experience with ISA server - any version. I did
| manage to get a log (from Monitoring...Logging...Start Query...Attempt
| Access from MyComputer...Stop Querry). It looks basically as follows (I
| cut it down some):
|
| Dest Dest Protocol Action Rule Client IP
| Client User URL
| IP Port
|
----------------------------------------------------------------------------
----------------------------------------------------------------------------
-----------------
| 10.1.2.1 80 http allowed SBS RWW WPR 10.0.0.11
| anonymous http://publishing.mydomain.local/remote
| 10.1.1.2 80 HTTP initiated
| 10.1.1.2 80 HTTP closed
| 10.1.1.2 443 HTTPS initiated
| end log.
|
| Is there some other port that needs to be open on the router? This
| router is UPNP compatible and before installing ISA 2004, SBS2003 was
| actually recognizing this and configuring the router. Basically through
| the SBS2003 setup, and looking at the rules that UPNP had setup, I
| manually added those IP forwarding rules so they stay there all the
| time. The router is still setup to allow UPNP configuration, but I
| noticed when I re-ran CIEW (after installing ISA 2004) that it did not
| say it found a UPNP compatible router as it had prior to the ISA
| install. Is ISA settinging up the wrong network topology and thus not
| working with the router properly, or is this normal? I think I'd have
| to create a custom network in ISA to match my setup exactly, yes?
|
| I appreciate your help on this matter - thanks!
|
|

.

Relevant Pages

  • Re: One more Question on ISA Server 2004 Set-Up
    ... If your connection is PPPoE I suggest you keep the router. ... >>> installing ... >>> ISA Server 2004. ...
    (microsoft.public.windows.server.sbs)
  • Re: Router ISA OWA and VPN
    ... When ISA is installed - its the same as any other web page error - page ... The router I have is a Sitecom WL-025. ... smtp - port 25 ... You have two nics in the SBS, ...
    (microsoft.public.windows.server.sbs)
  • Re: NICs configuration
    ... but adding that if you do put a nat router in ... router/firewall on .1 and the SBS wan nic on .2, ... If you wanted to implement either a true router or a routing ... ISA (with a public IP in the DMZ, also subject to port restriction from ...
    (microsoft.public.windows.server.sbs)
  • Re: Site to site VPN with 2 NIC ISA solution
    ... How are you using a static public IP for SBS and Router? ... we can use ISA 2004 to establish IPSec site to ... For how to configure the ISA 2004 for IPSec site to site VPN, ...
    (microsoft.public.windows.server.sbs)
  • Re: CEICW Network Error
    ... ISA or no ISA? ... Either way they can be adjusted via CEICW for the most part but if you have created rules manually in ISA then it's a trip through the ISA console. ... What would you and Rick think of even a consumer grade router between the nic and the Optimum device, which is more in line with what I was creeping up on.? ... Users brought in another tech and messed up internet connectivity....server had internet access, but AD desktops cannot get to internet. ...
    (microsoft.public.windows.server.sbs)