Re: CEICW fails - several errors

---

• From: johnbrown105@xxxxxxxxxxx
• Date: 15 Nov 2006 09:03:03 -0800

---

<johnbrown105@xxxxxxxxxxx> wrote in message
news:1163537065.739205.180430@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

johnbrown105 wrote:

The lines with errors from icwlog.txt are:
Error 0x1 returned from call to Setting the default gateway on the
external NIC().
Error 0x1 returned from call to RegisterMSBOExchangeBP().
Error 0x80070003 returned from call to Publishing companyweb().
Error 0x80070003 returned from call to Committing Web publishing
rules().
Error 0x80070003 returned from call to CCometCommit::Commit().
calling ADsGetObject (LDAP://jmiserver.JMINET.local/CN=SmallBusiness
SMTP connector,CN=Connections,CN=first routing group,CN=Routing
Groups,CN=first administrative group,CN=Administrative
Groups,CN=JMINET,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=JMINET,DC=local, IADs,
0x6f418).
/* these lines included for context; _RestartService() loks generic) */
Call to ADsGetObject () returned ok.
calling spADs->SetInfo ().
Call to spADs->SetInfo () returned ok.
calling spADs->SetInfo ().
Call to spADs->SetInfo () returned ok.
calling _RestartService (RESvc, 1).
/***************************************************************/
Error 0x8007041d returned from call to _RestartService().
Error 0x8007041d returned from call to EnableSMTPConnector().
Error 0x8007041d returned from call to CEMailCommit::Commit().

I just need CEICW to terminate normally so that SMTP and POP3 will
start working again, and I will tackle the problem of Exchange not
delivering SMTP mail another time.

cjobes wrote:

First you need to get you DNS configuration right.
On the WAN NIC of your server the DNS has to point to the LAN IP. No
other
DNS entries should be there. The ISP assigned DNS addresses go into the
Forwarders. If you run the CEICW and answer the questions correctly, it
will
put them for you in the right spot. Make those changes and try the CEICW
again.

--
Claus

cjobes wrote:

On the WAN NIC of your server the DNS has to point to the LAN IP. No
other
DNS entries should be there.

I ran CEICW again and tried to set the WAN NIC (IP 10.0.0.1) DNS to LAN
IP (192.168.0.3), CEICW told me that it cannot be the local IP or
127.0.0.1. So I quit the wizard, set the DNS manually to 192.168.0.3. I
left the WAN gateway to 10.0.0.138, because that is the only way that I
can ping www.google.com, for example. My Internet connection
configuration looked like this:
Ethernet adapter Internet Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast
Ethernet
NIC #2
Physical Address. . . . . . . . . : 00-48-54-6C-7C-2E
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.0.0.1
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Default Gateway . . . . . . . . . : 10.0.0.138
DNS Servers . . . . . . . . . . . : 192.168.0.3
NetBIOS over Tcpip. . . . . . . . : Disabled

I then ran CEICW again. It automatically filled in the DNS servers that
I listed before. It complained if I tried to change them, so I accepted
them and moved on. I assume that it was simply using values from the
last run, because it did not tell me that it had discovered a UPnP
device. It had detected and configured my ADSL modem during one of my
several atempts to fix the problem.

Also, I forgot to mention that CEICW claimed that ISA Server 2000 was
installed, but not running. I immediately checked and ISA Server
Management said that Web Proxy (7 sessions), Firewall (1 session) and
Scheduled Content Download are all running. I also forgot to mention
that, since reverting to my original ISA Server did not work, I
re-applied the ISA Server 2000 SP2 before I made the original post.

According to CEICW, only Network Configuration was sucessful. Firewall,
Secure Website and E-mail all failed. I got some additional errors
because I chose to create a new certificate, and also publish only OWA
and Remote Workplace. Previously, I had unrestricted access.

Error 0x80070003 returned from call to Restricting ConnectComputer to
local network only().
Error 0x80070003 returned from call to Limiting number of
connections().

My current situation is:

Everyone can browse via the proxy
Only I (on the server) can go to a secure site
Not even I can use POP3 or SMTP in Outlook Express.

Is there a new CEICW available, by any chance?

cjobes wrote:

You forgot to mention a lot in your original post.

Indeed.

Let me summarize the setup
On the internal SBS NIC you should have no gateway and the DNS should point
to the LAN address of the SBS.
On the external SBS NIC your gateway should point to the router (DSL) and
the only DNS showing should be the IP of the internal NIC.

Before you run the CEICW make sure that all services that start
automatically are really running. Then start the CEICW. Select the correct
NIC when asked and enter or accept the ISP DNS entries. You also need to
click on enable Firewall to assure that you can chose what you want open.
The certificate should match your A record at your ISP. Something like
mail.yourdomain.com or whatever you used for it.

Let me know what the result is.

--
Claus

I did everything that you said. All automatic services were running. I
was the one who named my Internet connections as "Internal Local Area
Connection" and "Internet Connection" so that I would never confuse
them.

I ran CEICW and selected:

Broadband - local router with IP address (I belive that this best
describes my ADSL modem)
It detected my Speedtouch 546, but I told it not to configure the modem
the DNS was filled in with the DNS servers used by the modem.
LAN connection - 192.168.0.3
ISP connection - 10.0.0.1 (For this connection, gateway=10.0.0.138,
which is the ADSL modems address, and DNS=192.168.0.3, my internal LAN
IP. These values were set before running the wizard.

Enable Firewall
Enable E-mail - use DNS to deliver, blank domain (we don't have one),
use POP3 connector
Restrict access to OWA and Remote Workplace

As for the certificate, my server's name is jmiserver.jminet.local. It
came up automatically and I accepted it.

Firewall configuration and E-mail configuration failed.

I ran the wizard again, and selected Disable Firewall and Disable
E-mail instead. This time, Firewall was the only one that failed.


After carrying out your instructions, I tried uninstalling ISA Server ,
not to get rid of SP2, but to get rid of ISA Server 2000 totally. I
rebooted and ran CEICW again, this time selecting Disable Firewall and
Disable E-mail. Firewall failed again. I do not remember whether
E-mail failed. In this configuration. I can use http, pop3 and smtp,
but internet connection sharing does not work. Nobody else can go on
the internet. ItI tried to start the Windows Firewall/Internet
Connection Sharing service, but it failed with "resource in use".
Apparently it has something to do with Ipnat.sys I found some
documentation that said that it could be because Routing and Remote
Access was running, so I stopped it and tried to start the Firewall/ICS
service again. It failed with the same error.

To summarize:

With ISA Server 2000 SP2 - all users can browse the Internet (http and
possibly https). Nothing else can connect.

With Original ISA Server 2000 - all sorts of problems - proxy insists
on authorization, but does not accept credentials. On the server, I
could connect by telling web browser not to use proxy, and I eventually
got SMTP and POP3 to work in Outlook Express by manually creating
protocol rules in ISA Server Managment.

Without ISA Server 2000, On the server, everything works, but my
internet connection is not shared. Perhaps you can help me to find out
what is using Ipnat.sys and is preventing me from starting the Windows
Firewall/Internet Connection Sharing service?

I currently have ISA Server 2000 SP2 installed, since I can still
access our ISP e-mail account via their web interface.

.

---

• Follow-Ups:
  • Re: CEICW fails - several errors
    • From: cjobes

• References:
  • CEICW fails - several errors
    • From: johnbrown105
  • Re: CEICW fails - several errors
    • From: cjobes
  • Re: CEICW fails - several errors
    • From: johnbrown105
  • Re: CEICW fails - several errors
    • From: cjobes

• Prev by Date: SBS 2003 user limit and transition questions
• Next by Date: Re: Setup client computer over RDP connection? Or how?
• Previous by thread: Re: CEICW fails - several errors
• Next by thread: Re: CEICW fails - several errors
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: CEICW fails - several errors ... The firewall isn't used when ISA is installed. ... On the WAN NIC of your server the DNS has to point to the LAN IP. ... I immediately checked and ISA Server ... (microsoft.public.windows.server.sbs) Re: Internet access problem caused by DNS failure ... i.e. before the Firewall part. ... Nothing stands out for the dns server. ... Ethernet adapter Wireless Network Connection: ... (microsoft.public.windows.server.sbs) Re: ISA 2004 Firewall client "connected" but not working ... What application are you connection "from"? ... ISA's Firewall Service is configured to ignore certain ones. ... Microsoft ISA Server Partners: Partner Hardware Solutions ... (microsoft.public.isa) RE: PPTP VPN on ISA SERVER 2004 ... Forwarding tcp 1723 on your external Firewall interface to the ISA Server is ... > Initiated Connection ... (microsoft.public.isa) Re: Using two ISPs with one ISA server? ... If I configure the ISA server in "Back Firewall" mode, ... make a VPN connection directly to the ISA server by forwarding the ... point-to-point connection, you would treat as ... (microsoft.public.isa.configuration)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.sbs  > 2006-11