RE: Accessing WSS3 internally and via RWW and Companyweb
- From: v-jaluo@xxxxxxxxxxxxxxxxxxxx ("Jacky Luo [MSFT]")
- Date: Mon, 28 May 2007 15:33:34 GMT
Hi Ken,
Thanks for posting here and thanks for Costas's great input.
From the description, I understand the issue is that you cannot access WSS3.0 site over internet. If I am off base, please don't hesitate to let me
know.
Let us refer to the following steps to troubleshoot the issue:
you should publish WSS 3.0 site to internet and change the link on the
companyweb site to the URL with https://FQDN_of_SBS_Server:portnum
You can refer to the following steps to publish companyweb,but you just
need to do the same with WSS 3.0 site.
To publish Companyweb, you should follow the steps below:
Step 1. Run CEICW.
(Is this the same server with post "Changing IP address outside a hardware
firewall - will it change any certificates or security values"? If yes, you
should not change the Web Server Certificate during running CEICW.)
1. Open Server Management.
2. Click To Do List.
3. Click Connect to the Internet.
4. Do not change connection type.
5. Enable Firewall.
6. Make sure that you've selected "Windows SharePoint Services intranet
site" from the web services list.
7. Do not change current Web server certificate.
8. Do not change Internet e-mail configuration.
9. Finish the wizard.
Step 2. Publish Companyweb on ISA 2000. (If you're using ISA 2004, please
skip this step)
Configure a new protocol definition in ISA Server 2000
1. Click Start, point to Programs, point to Microsoft ISA Server, and then
click ISA Management.
2. In the ISA Management console, expand Policy Elements, right-click
Protocol Definitions, click New, and then click Definition.
3. On the Welcome to the New Protocol Definition Wizard page, type
Companyweb Inbound 444 in the Protocol definition name box, and then click
Next.
4. On the Primary Connection Information page, type 444 in the Port Number
box. Leave the Protocol type setting as TCP. In the Direction list, click
Inbound, and then click Next.
5. On the Secondary Connections page, leave the Do you want to use
secondary connections? setting as No, click Next, and then click Finish.
Publish Companyweb by using ISA Server 2000
1. Click Start, point to Programs, point to Microsoft ISA Server, and then
click ISA Management.
2. In the ISA Management console, expand Publishing, right-click Server
Publishing Rules, click New, and then click Rule.
3. On the Welcome to the New Server Publishing Rule Wizard page, type a
name for the new rule (for example, type Companyweb), and then click Next.
4. On the Address Mapping page, under IP address of internal server, type
the internal IP address of the server that is running Windows Small
Business Server 2003. (For example, type 192.168.16.2). Then, under
External IP address on ISA Server, type the appropriate IP address for the
external interface of the server that is running Windows Small Business
Server 2003, and then click Next.
[Note] Microsoft recommends that you use a static IP address for the
external network adapter on the computer that is running ISA Server 2000.
If you use a dynamic IP address, you must modify the server publishing rule
whenever the dynamic IP address changes on the external network adapter on
the computer that is running ISA Server 2000.
5. On the Protocol Settings page, click Companyweb Inbound 444 in the Apply
the rule to this protocol list, and then click Next.
6. On the Client Type page, click the appropriate client type under Apply
the rule to requests from.
[Note] If the server is used by computers that are on the Internet, Any
request is the best choice.
7. Click Next, and then click Finish.
8. Restart the ISA Server 2000 Firewall service. To do so, follow these
steps:
a. Click Start, point to Programs, point to Microsoft ISA Server, and then
click ISA Management.
b. In the ISA Management console, expand Servers and Arrays, expand
ISAServerName, expand Monitoring, and then click Services.
c. In the right pane, right-click Firewall, and then click Stop.
d. After the Firewall service stops, right-click Firewall, and then click
Start to restart the Firewall service.
[Important] If your server is behind a hardware firewall, make sure that
TCP port 444 is open on the hardware firewall.
Assign a Web server certificate to http://CompanyWeb by using IIS
1. Click Start, point to Administrative Tools, and then click Internet
Information Services (IIS) Manager.
2. In the left pane of the IIS Manager console, click your server name.
3. In the right pane, double-click Web Sites.
4. In the right pane, right-click Companyweb, and then click Properties.
5. Click Directory Security, and then click Server Certificate.
6. On the Welcome to the Web Server Certificate Wizard page, click Next.
7. On the Server Certificate page, click Assign an existing certificate,
and then click Next.
8. On the Available Certificates page, click the installed certificate that
you want to assign to this Web site, and then click Next. Make sure that
the name of the certificate matches the name that you specified when you
ran the Configure E-mail and Internet Connection Wizard. Do not click
publishing.InternalDomain.local, where InternalDomain.local is your
internal DNS domain name.
The publishing.InternalDomain.local certificate is only used internally.
The certificate that you assign to the Companyweb site must match the
Uniform Resource Locator (URL) that users enter to connect to the server
from the Internet.
9. On the SSL Port page, type 444 in the SSL port this web site should use
box, and then click Next.
10. On the Certificate Summary page, review the information about the
certificate, and then click Next.
11. On the Completing the Web Server Certificate Wizard page, click Finish,
and then click OK.
[Important] If your server is behind a hardware firewall, make sure TCP
port 444 is open on the hardware firewall.
Configure Remote Web Workplace
To publish http://Companyweb in Remote Web Workplace on the Internet, you
must change certain registry values. To do so, follow these steps.
[Warning] If you use Registry Editor incorrectly, you may cause serious
problems that may require you to reinstall your operating system. Microsoft
cannot guarantee that you can solve problems that result from using
Registry Editor incorrectly. Use Registry Editor at your own risk.
1. Click Start, click Run, type regedit in the Open box, and then click OK.
2. In Registry Editor, locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SmallBusinessServer\RemoteUserPortal\A
dminLinks
3. In the right pane, right-click HelpDesk, and then click Modify.
4. In the Value data box, type 1.
5. Locate and then click the following subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SmallBusinessServer\RemoteUserPortal\A
dminLinks
6. In the right pane, right click STS, and then click Modify.
7. In the Value data box, type 1.
8. Repeat steps 5 through 7 for the following subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SmallBusinessServer\RemoteUserPortal\K
WLinks
9. Close Registry Editor.
[Important] After you have made the changes that are described in steps 1
through 9, if you run the Configure E-mail and Internet Connection Wizard
in Windows Small Business Server 2003, Premium Edition, the registry values
will be reset from 1 to 0. Therefore, after you run the wizard, make sure
that you run Registry Editor again and that you change the values back to
1.
More info, please refer to:
How to publish http://Companyweb to the Internet by using ISA Server 2000
on a server that is running Windows Small Business Server 2003, Premium
Edition
http://support.microsoft.com/?id=838304
The "My Company's Internal Web Site" link on the default Web site Welcome
page does not work when you connect to the site over the Internet in
Windows SBS 2003
http://support.microsoft.com/?id=838429
Step 3. Modify the default page.
1. C:\Inetpub\wwwroot folder.
2. Open default.htm by using notepad.
3. Find <A HERF="http://companyweb";> and replace it with <A
HERF="https://public.domain.name:444";>
4. Save the changes.
[Note] Public.domain.name is your public domain name or public IP address
associated with your web server certificate.
After doing the above steps, visit http://public.domain.name from the
internet and click "My Company's Internal Web Site" will lead you to your
Companyweb.
Hope this helps
Have a nice day!
Best regards,
Jacky Luo (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
====================================================
PLEASE NOTE: The partner managed newsgroups are provided to
assist with break/fix issues and simple how to questions.
We also love to hear your product feedback! Let us know what you think by
posting
from the web interface: Partner Feedback
from your newsreader: microsoft.private.directaccess.partnerfeedback.
We look forward to hearing from you!
====================================================
When responding to posts, please "Reply to Group" via your newsreader
so that others may learn and benefit from this issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
====================================================
.
- References:
- Accessing WSS3 internally and via RWW and Companyweb
- From: Ken Shafer
- Accessing WSS3 internally and via RWW and Companyweb
- Prev by Date: Re: Nic Binding in SBS 2003
- Next by Date: Re: Nic Binding in SBS 2003
- Previous by thread: Re: Accessing WSS3 internally and via RWW and Companyweb
- Next by thread: Backup Failing - WSUS Access?
- Index(es):
Relevant Pages
|
Loading
