Re: ISA & IIS conflict

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

looking through the thread there's a couple of things to clarify.

hyd-install.com does not exist in public DNS. To what purpose do you wish to
put this? You mention using it internally, is this a 'test' domain,
something you simply want to run internal? I suggest forget about this
domain for now.
hyd-install.local apears to be the AD DNS name (dunno why you used this, I
would have probably used hydraulicir.local, or hyd.lan)

hydraulicir.com is pointing to your external IP, that is the name you need
to use in the CEICW (and optionally RRAS config, see below). I think you've
done something silly and intend to host your public web pages on your SBS
but it ain't my system, I can live with it.

Query: hydraulicir.com. Query type: Any record
Recursive query: Yes Authoritative answer: Yes
Query time: 282 ms. Server name: ns1.comcastbusiness.net.
Answer:
hydraulicir.com. 86400 A 74.92.230.209
hydraulicir.com. 86400 SOA ns1.comcastbusiness.net.
domreg-tech.comcastbusiness.com.
2007062001 ; serial
21600 ; refresh (6 hours)
3600 ; retry (1 hour)
604800 ; expire (7 days)
7200 ; minimum (2 hours)
hydraulicir.com. 86400 NS ns1.comcastbusiness.net.
hydraulicir.com. 86400 NS ns2.comcastbusiness.net.
hydraulicir.com. 86400 NS ns3.comcastbusiness.net.
hydraulicir.com. 3600 MX 10
inbound.hydraulicir.com.cust.securehostedemail.com.
Additional:
ns1.comcastbusiness.net. 3600 A 208.39.158.1
ns2.comcastbusiness.net. 3600 A 64.56.37.245
ns3.comcastbusiness.net. 3600 A 208.39.140.41


You mention elsewhere a conflict IIS/ISA where IIS is using 8080/443 for the
default site. This is not standard, the default site in SBS uses 80/443, how
has it come to be that you are using 8080 for IIS? 8080 is the standard ISA
proxy listener port. But it goes further than this, IIS should only be
listening on your internal interface. I suspect you have created another
site intending to run as your public website and assigned it port 80, if so
that's part of the problem, is this so?.

I would:
Check IIS manager bindings for the default site. It should bind 80/443 to
the internal interface only. If you have another site running on 80 disable
it for now.
Restart. (Yes, do it, don't ignore it :-)
From the SBS console, Internet and Email, 'Change Server IP address' (run it
once to put it in another subnet, say 192.168.23.2, then again to return to
your existing subnet _if_ you wish/have reason). This step will ensure
services are correctly bound.
Restart again.
Run CEICW using hydraulicir.com for both the web certificate and email
config. _IMPORTANTLY_, when running the CEICW you must tell it to adjust the
firewall, you can select your interfaces and leave the rest 'as is' but we
want to ensure ISA is correctly using your interfaces. ISA is currently
rejecting requests to https://74.92.230.209 but I get the cert, looks like
the the listener is OK but web publishing is stuffed.


I _think_ that when you mention RAS below you mean RWW, right? Discussion of
80/8080/443 and IIS/ISA conflicts at this point has nothing to do with RRAS.
However, RRAS can also be made available, run the 'Configure Remote Access'
wiz in the to-do list, again giving it hydraulicir.com as the server
address.

Confirm performing each step and if you experience an error at any point
report back and stop at that point.

"SLow" <SLow@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:0A274B9A-646A-4769-A498-9AC18327DD6B@xxxxxxxxxxxxxxxx
Trying to set up remote access on a SBS2003 premium w/2 NICs. I have an
unregistered internal domain [hyd-install.com / local] and an external
registered name [hydraulicir.com]. Cable broadband connection, ISA as a
firewall. If ISA is on and the default web site in IIS is stopped I can
browse the internet, but no remote access. If I want remote access I must
stop ISA & related sevices, start IIS, but then I have no internet. I can
see the two programs are fighting for the same port, but I do not know how
to
resolve it. Am I going about this wrong? I run the CICEW and have no
better
results. When I run the wizard (CICEW) if I set the certificate to
hirinc01.hyd-install.local I have RAS, no internet. If I set the value to
hyd-install.com-internet, but no RAS. I would appreciate any advice.

Thanks
SLow


.

Relevant Pages

  • RE: How can I create a Remote Access Usage report for my 2003 SBS
    ... To monitor remote users access internal web sites, we need to check the IIS ... And also you can check the ISA log to monitor remote access: ... -- Internet Activity Web Activity by Computer. ... Internet activity will not be included in the report. ...
    (microsoft.public.windows.server.sbs)
  • RE: isa server to cisco router connection
    ... I have configured an isa server with 2 interfaces. ... persistent route on the internal interface of the isa. ... can reach the internal nic without setting the router as ... you to the internet. ...
    (microsoft.public.isaserver)
  • RE: IIS and ISA (port 80 and 8080)
    ... After I installed ISA 2000, ... not have internet access from any of the client PCs (All ... I believe that this was due to a port conflict ... values with respect to IIS? ...
    (microsoft.public.windows.server.sbs)
  • Re: IIS Extern - Cgi bringt als REMOTE_ADDR ISA
    ... IIS steht mit ISA im lokalen Netzwerk, ... REMOTE_ADR sollte aber auf dem IIS die IP-Adresse vom Internet-Client ... > der IIS bei dir im internen Netzwerk und der Client steht im Internet, ...
    (microsoft.public.de.german.isaserver)
  • Re: Need Incoming IP Address
    ... meaningful web logs. ... But now the IIS log is showing 127.0.0.1 where the IP address of the ISA ... internal interface used to be. ...
    (microsoft.public.isa)