Re: Still can't connect to RWW or OWA remotely
- From: "Merv Porter [SBS-MVP]" <mwport@xxxxxxxxxxxxxxxxxxx>
- Date: Fri, 29 Sep 2006 17:10:12 -0400
I'm assuming this is SBS 2003 SP1. In the Services MMC, is the Windows
Firewall/Internet Connection Sharing (ICS) service 'Disabled'?
--
Merv Porter [SBS-MVP]
============================
"Leon Willard" <leonwill@xxxxxxxxxxx> wrote in message
news:%23rJ6U0$4GHA.5080@xxxxxxxxxxxxxxxxxxxxxxx
Yes, this same error pops up when I try to view bindings through the
Advanced tab on both NICs. "Windows Firewall cannot run because another
program or service is running that might use the network address
translation component (Ipnat.sys)". I tried disabling one card, then the
other, and checking each one, but the error was still there. Puzzling . .
.
As for the suggestion by Neadom about IIS, how do I check that?
Leon
"Merv Porter [SBS-MVP]" <mwport@xxxxxxxxxxxxxxxxxxx> wrote in message
news:O04Djr74GHA.3592@xxxxxxxxxxxxxxxxxxxxxxx
I can't see any problems with your ipconfgs. If you check the NIC
bindings now, do you still get an (the same) error?
--
Merv Porter [SBS-MVP]
============================
"Leon Willard" <leonwill@xxxxxxxxxxx> wrote in message
news:%235U30V34GHA.932@xxxxxxxxxxxxxxxxxxxxxxx
No, I still cannot access RWW or Exchange using your suggested settings.
So, it certainly appears to be something about the SBS configuration.
Here are the postings of a domain joined workstation, and the SBS. I
sure hope they help in fixing this frustrating problem. And thanks a lot
for your help on this, Merv.
Windows WORKSTATION XP Pro - Domain Member
Windows IP Configuration
Host Name . . . . . . . . . . . . : JOANNE01
Primary Dns Suffix . . . . . . . :Meridian.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Meridian.local
Meridian.local Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : Meridian.local
Description . . . . . . . . . . . : CNet PRO200WL PCI Fast
Ethernet Adapter
Physical Address. . . . . . . . . : 00-08-A1-1D-DA-06
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.16.117
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.16.2
DHCP Server . . . . . . . . . . . : 192.168.16.2
DNS Servers . . . . . . . . . . . : 192.168.16.2
Primary WINS Server . . . . . . . : 192.168.16.2
Lease Obtained. . . . . . . . . . : Thursday, September 28, 2006
5:16:42 PM
Lease Expires . . . . . . . . . . : Friday, October 06, 2006
5:16:42 PM
Windows SMALL BUSINESS SERVER 2003 Windows IP Configuration
Host Name . . . . . . . . . . . . : meridian-2003
Primary Dns Suffix . . . . . . . : Meridian.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : Meridian.local
Ethernet adapter Network Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network
Connection
Physical Address. . . . . . . . . : 00-16-76-32-45-E5
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.254.10
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.254.254
DNS Servers . . . . . . . . . . . : 192.168.16.2
NetBIOS over Tcpip. . . . . . . . : Disabled
Ethernet adapter Server Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100+ Server Adapter
(PILA8470B)
Physical Address. . . . . . . . . : 00-D0-B7-85-C7-5B
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.16.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.16.2
Primary WINS Server . . . . . . . : 192.168.16.2
"Merv Porter [SBS-MVP]" <mwport@xxxxxxxxxxxxxxxxxxx> wrote in message
news:%23xJw5jo4GHA.292@xxxxxxxxxxxxxxxxxxxxxxx
Please post an IP ipconfig /all for the server and for the
workstation that is joined to the SBS domain.
I'm concerned that you can't access RWW by attaching a non-domain
laptop (IP address: 192.168.254.xxx, Subnet Mask: 255.255.255.0,
Default Gateway: 192.168.254.254) directly to a port on the router and
then trying to access RRW using the public IP address specified in the
Web Server Certificate during CEICW. If you can't remote into the SBS
server from a port on the router, the problem is with the SBS server
setup (since the router doesn't come into play with this method of
troubleshooting).
I'm also concerned that you get an error trying to check the NIC
bindings on the SBS server.
--
Merv Porter [SBS-MVP]
============================
"Leon Willard" <leonwill@xxxxxxxxxxx> wrote in message
news:OkvfUbn4GHA.1252@xxxxxxxxxxxxxxxxxxxxxxx
Merv, I get 'cannot find server or dns error' on both
https://<PublicIPAddress>/remote and
https://<PublicIPAddress>/exchange. Previously I had opened port 443
(and all the others you listed) in the Efficient DSL router. I used
their command <system addserver 192.168.254.10 TCP [port number]> to
open the ports. The only way I knew to test whether the port was still
open, was to try opening it again. It then gives an error. Is there a
way to test whether SBS sees these ports as open or not?
Leon
"Merv Porter [SBS-MVP]" <mwport@xxxxxxxxxxxxxxxxxxx> wrote in message
news:uKVHt6d4GHA.1200@xxxxxxxxxxxxxxxxxxxxxxx
Does the "page cannot be displayed" error appear at the top of the
page with the rest of the page blank? Or does it additionally show
"cannot find server or dns" somewhere on the error page? I'm trying
to determine if port 443 is being blocked.
Can you access OWA externally? (https://<PublicIPAddress>/exchange)
Merv Porter [SBS-MVP]
============================
"Leon Willard" <leonwill@xxxxxxxxxxx> wrote in message
news:eN9ozyb4GHA.1196@xxxxxxxxxxxxxxxxxxxxxxx
No, I don't have a 3rd party firewall, and it's a pretty plain
vanilla WinXP Pro laptop. Connected to the network like the other
workstations, I can get email and have Internet access the same as
all the others.
As for error messages when I fail to access RWW with the laptop, I
don't get any. All that happens is it times out and then says the
'Page cannot be displayed'. I don't find any errors or other strange
messages in the SBS event viewer either.
Leon
"Merv Porter [SBS-MVP]" <mwport@xxxxxxxxxxxxxxxxxxx> wrote in
message news:u7ghu0a4GHA.2596@xxxxxxxxxxxxxxxxxxxxxxx
Do you have any 3rd party Firewall software on the laptop?
What error(s) do you get on the laptop (and maybe in the event logs
on the server) when you fail to access RWW with the laptop?
--
Merv Porter [SBS-MVP]
============================
"Leon Willard" <leonwill@xxxxxxxxxxx> wrote in message
news:e9KXyaa4GHA.668@xxxxxxxxxxxxxxxxxxxxxxx
In trying what Merv suggested below, this is what I
found. --Apparently, the 'Windows Firewall cannot run because
another program . . . " is a false message since I found that
Windows Firewall services were disabled and the external NIC has
only TCP/IP enabled.
After that I re-ran CEICW, this time eliminating VPN since it is
unlikely to ever be used. I enabled the firewall, checking only
email, and selecting only OWA, RWW, and Sharepoint Web services. I
left the certificate originally created that points to the WAN IP
address.
After that, I tried accessing RWW from my laptop connected to a
router port, thus bypassing the DSL router. No luck, I couldn't
connect. However, I could connect to RWW from several workstations
from within the network.
Here's another peculiarity: During a setup problem with the
Adaptec RAID controller, Adaptec requested that we connect to
their website using the adaptec.com/remote command from out
server. I didn't work at all. However, I could go to any
workstation and connect to them just fine.
This is a very frustrating problem. In all other respects the SBS
server and all internal functions work just fine. But from outside
the network, no connection seems possible. It's as if the built-in
firewall is working too good! -- Any further suggestions will be
greatly appreciated. Thanks.
Leon
"Merv Porter [SBS-MVP]" <mwport@xxxxxxxxxxxxxxxxxxx> wrote in
message news:%235dgTh03GHA.1848@xxxxxxxxxxxxxxxxxxxxxxx
- I checked the settings on the external NIC, and when I went to
check bindings I got this error message: "Windows Firewall
cannot run because another program or service is running that
might use the network address translation component
(Ipnat.sys)".
This sounds like a Windows Firewall problem. SBS 2003 does not
use Windows Firewall. In fact, it should have been removed
during the normal Integrated install of SBS. Try this:
Start | Control Panel | Administrative Tools | RRAS | rt. click
<yourservername> (local) | Disable Routing and Remote Access
Start | Control Panel | Administrative Tools | Services...
assure that the Routing and Remote Access service is stopped.
Then re-run CEICW, ebanle the firewall, select the services you
want, enter your public WAN IP for the certificate and finsih the
rest of CEICW.
Now try again both checking the bindings on the external NIC
(should only have TCP/IP - not "Client for Microsoft Networks" or
File and Printer Sharing") and accesing RWW from your laptop
attached directly to a port on the router.
--
Merv Porter [SBS-MVP]
============================
"Leon Willard" <leonwill@xxxxxxxxxxx> wrote in message
news:eBqrI%23z3GHA.4764@xxxxxxxxxxxxxxxxxxxxxxx
OK, here's where I am on this problem -- I connected my laptop
to the DSL
router port using the suggested setting and, no, I couldn't RWW
in that way
either. -- Before doing this, I reran CEICW and carefully
checked all the settings to
match the broadband connection, the two NIC firewall, the remote
connection
setup, and the certificate using the public IP.
Along the way I noticed several things that may be relevant:
- I have VPN checked, although users prefer RWW (if I ever get
it to work!).
- I checked the settings on the external NIC, and when I went to
check bindings I got this error message: "Windows Firewall
cannot run because another program or service is running that
might use the network address translation component
(Ipnat.sys)".
- Only one workstation is a domain member, and it was joined
manually (its ipconfig /all is shown below). The other
workstations are still peer-to-peer, although they can access
RWW and Exchange just fine. I had expected to join the other
workstations once SBS was completely set up.
Leon
Workstation IPconfig /all
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Albert>cd\
C:\>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : meridian-cadd5
Primary Dns Suffix . . . . . . . : Meridian.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Meridian.local
Meridian.local
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : Meridian.local
Description . . . . . . . . . . . : Intel(R) PRO/100 VE
Network Connecti
on
Physical Address. . . . . . . . . : 00-07-E9-D9-F3-54
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.16.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.16.2
DHCP Server . . . . . . . . . . . : 192.168.16.2
DNS Servers . . . . . . . . . . . : 192.168.16.2
Primary WINS Server . . . . . . . : 192.168.16.2
Lease Obtained. . . . . . . . . . : Friday, September 22,
2006
------------------------------------------------------------------------------------------------------------------------
SBS2003 IPconfig /all
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\Documents and Settings\Administrator>cd\
C:\>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : meridian-2003
Primary Dns Suffix . . . . . . . : Meridian.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : Meridian.local
Ethernet adapter Network Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100 VE
Network Connection
Physical Address. . . . . . . . . : 00-16-76-32-45-E5
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.254.10
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.254.254
DNS Servers . . . . . . . . . . . : 192.168.16.2
NetBIOS over Tcpip. . . . . . . . : Disabled
Ethernet adapter Server Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100+ Server
Adapter (PILA847
0B)
Physical Address. . . . . . . . . : 00-D0-B7-85-C7-5B
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.16.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.16.2
Primary WINS Server . . . . . . . : 192.168.16.2
C:\>
"Merv Porter [SBS-MVP]" <mwport@xxxxxxxxxxxxxxxxxxx> wrote in
message
news:uxNfmoc3GHA.3492@xxxxxxxxxxxxxxxxxxxxxxx
Hi Leon,
Could you please post an ipconfig /all for the SBS server
and for a
workstation?
When you ran CEICW, did you select "a direct broadband
connection", enable
the firewall, select the services, select the Web Services,
enter your
Public IP address for the web server certificate, then finish
the rest of
CEICW?
Also, try taking the router out of the equation...
Attach a laptop that's configured for a workgroup (not a
domain) to a free
port on the router. Give it a static IP address of
192.169.254.x, a
Subnet Mask of 255.255.255.0, and a Default Gateway of
192.169.254.10 (the
LAN IP address of the router). Then try to RWW into the SBS
server. If
you're successful, the router configuration is the problem. If
not,
you're SBS server config (or the external NIC) is having a
problem.
--
Merv Porter [SBS-MWP]
============================
"Leon Willard" <leonwill@xxxxxxxxxxx> wrote in message
news:Os4g8zb3GHA.5092@xxxxxxxxxxxxxxxxxxxxxxx
To update my problem from what is stated below: I followed the
advice I
received from serveral people on this newsgroup, and opened
ports 443,
444, 4125, 1723 and 3389 in our Efficient 5861 DSL router, and
AT&T
verified port 25 was open.
But I still couldn't connect remotely using
https://publicIP/remote. So I
called Efficient tech support to have them verify that the
ports I
specified were actually opened. Their tech told me he couldn't
telnet
into our router through our public IP to check. And he
couldn't ping that
IP either. He asked what method I used to forward the ports
using telnet
(it's <system addserver [private IP for server] tcp port
number> which I
took from their app note), and he said I was doing it
correctly. After
that I reran CEICW to verify all Web services were checked.
But I still could not connect remotely. So it would seem that
I've got
something cofigured wrong, or something not yet configured.
Also, Adaptec
wanted to connect to our SBS to update some drivers, but were
not able to
connect. They asked me to connect to their site remotely from
our server,
and I wasn't able to do so. However, I was able to connect to
their site
from a workstation on our network. So it seems our SBS is
still the
source of the connection problems. And once again, I'll
appreciate your
help on this. Thanks.
Leon
I recently completed an installation of SBS2003 Standard
without ISA
using
the two NIC configuration. At the front of the external 'WAN'
NIC is a
DSL
router set up with a static IP from our ISP. This external NIC
IP address
is
192.169.254.10 Our ISP (SBC) also provides us five additional
static IP
addresses which we don't use. The internal (LAN) NIC is using
IP
192.168.16.2. We also have a website hosted by SBC, but we
don't use it's
registered name or IP address for our SBS2003 network
configuration.
(except
as mentioned below for a certificate).
From inside the network, all users can access RWW and Exchange
just fine.
And the rest of the network and email works fine for all users
also. Our
problem is that we cannot connect to RWW or OWA from the
Internet. When I
try to connect using https://certificate/remote I always get
the "Cannot
find server or DNS Error" message.
I have run CEICW a bunch of times and haven't gotten any
errors. I have
assumed that the problem is the certificate I am generating. I
have tried
using server.registered website name, but it doesn't work. I
have also
used
the DSL public side IP address/remote, and that doesn't work
either. It's
pretty clear that I don't know how to fix this problem, and
any help will
be
greately appreciated. Thanks.
.
- References:
- Re: Still can't connect to RWW or OWA remotely
- From: Leon Willard
- Re: Still can't connect to RWW or OWA remotely
- From: Merv Porter [SBS-MVP]
- Re: Still can't connect to RWW or OWA remotely
- From: Leon Willard
- Re: Still can't connect to RWW or OWA remotely
- Prev by Date: Re: Multiple problems - DNS, AD, Exchange, GP
- Next by Date: Re: Multiple problems - DNS, AD, Exchange, GP
- Previous by thread: Re: Still can't connect to RWW or OWA remotely
- Next by thread: Re: Still can't connect to RWW or OWA remotely
- Index(es):
Relevant Pages
|
Loading
