RE: Publishing Companyweb for external access on SBS2003 R2 With I

Txs Terence,

That was helpful. I deleted the old certifiacte and recreated new one with
CEICW - everything works as required.

-S

"Terence Liu [MSFT]" wrote:

Hello Customer,

Thank you for posting here.

According to your description, I understand that you want to publish
companyweb via ISA 2004 in SBS. If I have misunderstood the problem, please
don't hesitate to let me know.

Step 1:
Based on my research, I do not know the detail steps what you do, so I
would like to show out the recommended steps to publish companyweb. You can
confirm the steps with the following:

To publish companyweb in ISA Server 2004, we can simply run the CEICW
Wizard. The wizard can help us configure the networking settings for a SBS
server. It automatically creates the ISA rules for internet access and site
publishing. It's strongly recommended to use the wizard to configure the
SBS server. More info:

825763 How to configure Internet access in Windows Small Business Server
2003
http://support.microsoft.com/?id=825763

Note: When proceeding to the Web Services Configuration page, please click
"Allow access to only the following Web site services from the internet"
and make sure the "Windows SharePoint Services intranet site" option is
checked. In this way, the wizard will automatically publish the companyweb
for you. Please note that you have to access companyweb from external via
https://FQDN:444 directly, we do not need to access the companyweb from
default web site link.

Detailed steps for your reference:

a. On the SBS 2003 Server open the Server Management console. Go to
Standard Management\To Do List.

b. Click the "Connect to the Internet" link.

c. When navigating to the Firewall page, select "Enable firewall" and click
Next.

d. On the "Services Configuration" page, select all the items and then
click Next.

e. On the "Web Services Configuration" page, make sure "Allow access to the
entire Web site from the Internet" is selected. If you select "Allow access
to only the following Web site services from the Internet", make sure all
item in the list are selected. Click Next.

f. On the "Web Server Certificate" page, choose to create a new Web server
certificate and then type the public FQDN (your new DNS name) that you will
use to access companyweb (for example, if your public FQDN that you use to
access the sites is mail.xyz.com, you should type mail.xyz.com as the new
certificate name).

g. Go through the remaining steps.

By default, the companyweb requires user authentication. We don't need to
perform additional configuration and anonymous request will surely be
blocked by the ISA Server.

Step 2:
As we need to access companyweb through port 444 which is not the default
SSL port which is 443, you may experience the problems described in the
following KB article if the remote clients are behind ISA server:

283284 Blank Page or Page Cannot Be Displayed When You View SSL Sites
Through
http://support.microsoft.com/?id=283284

Step 3: Check the IIS configuration:

1. Click Start->Run, type "inetmgr" (without the quotation marks) and click
OK.

2. Expand the server name, web sites, right click the companyweb site and
choose Properties.

3. Click the Directory Security tab.

4. In the "Secure communications" section, click the Server Certificate
button.

5. Click Next on the wizard and on the "Server Certificate" page, choose to
"Assign an existing certificate" and click Next.

6. Choose the server.PublicDomainName.com certificate we just created at
step 1. Click Next.

7. Type "444" (without the quotes) as the SSL Port and click Next.

9. Click OK to close the companyweb properties page.

10. Click Start->Run, type "iisreset" (without the quotes) and click OK.
Then check if internal users can access companyweb using https://FQDN:444.

Step 4: Configure your hardware firewall or router to forward traffic on
TCP port 80, 443 and 444 to the SBS server's external address. Then check
if external users can access your companyweb site using https://FQDN:444.

Meanwhile, please do not change the link in the web site files, the ISA
will translate the path automatic after you success run CEICW.

If the issue persists, please kindly help me collect some information for
further investigation:

1. Can you access comanyweb from internal?

2. What error page you get when you access companyweb via https://FQDN:444
directly?

Hope these steps will give you some help.

Thanks and have a nice day!

Best regards,

Terence Liu(MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| Thread-Topic: Publishing Companyweb for external access on SBS2003 R2
With ISA20
| thread-index: AcdCnVrUjoW0cDE6RPKahD374A7UBQ==
| X-WBNR-Posting-Host: 74.97.93.163
| From: =?Utf-8?B?U3VtZWdo?= <Sumegh@xxxxxxxxxxxxxxxxxxxxxxxxx>
| References: <21A3E247-DAB7-467E-9562-DB91AA88357E@xxxxxxxxxxxxx>
| Subject: RE: Publishing Companyweb for external access on SBS2003 R2 With
ISA20
| Date: Sat, 27 Jan 2007 21:30:00 -0800
| Lines: 22
| Message-ID: <CAC49CD9-74F3-4140-A8E7-5E5153E1849D@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757
| Newsgroups: microsoft.public.windows.server.sbs
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:13265
| NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| I wanted to update that i did change the http://companyweb url in the
| default.htm under inetpub\wwwroot to point to https://fqdn:444 however i
am
| getting the following error message:
|
| Error Code: 500 Internal Server Error. The certificate chain was issued
by
| an authority that is not trusted. (-2146893019)
|
| Please help!
|
| Txs...
|
| "Sumegh" wrote:
|
| > Hello,
| >
| > I have followed all the KB articles i could find, run the CEICW several
| > times but i am not able to get the companyweb accessible from outside
the
| > local network. When the users access our site through the domainname
| > intranet.domain.com they are presented with the Links for RWW, Internal
| > Website, etc. RWW works great but clicking on Access my company's
internal
| > website causes the browser to look for http://companyweb instead of the
FQDN.
| > Please help...
|


.