RE: Can't access SBS from the Internet

Hi Robert,

first of all many thanks for your detailed information!
The problem is that the modem/router I'm using doesn't allow the SBS to
"serve" anything outside!
It needed to be firmware upgraded (to disable some security related option),
but the upgrade unfortunately failed and now I need to search a way to reset
it to factory defaults or something..
After this, I used another router (conexant-based) and I was able to reach
the server using another DSL connection! For the moment I'm configuring a
cisco 877W modem/router, to have things more secured (I hope I can manage the
configuration inside that great thing!).

I've noticed that I can connect remotely (throuth internet) to read mail,
but couldn't connect to the internal company web site or administer my pc. Is
there any other port I must map on cisco? (the company web site works fine
locally).
For the moment all ports I have forwarded to the server's external nic ip
are: 4125, 443, 25, 21, 3389, 80, 1723 (all tcp type!). Where is the problem?
Should I open some ports as UDP type also?

I didn't followed all of your tests, as the problem was to the modem/router.

Thanks again, please help if you have any ideas about the current problem.

John

"v-robeli@xxxxxxxxxxxxxxxxxxxx (Robert Li" wrote:

Hi John,

Thanks for your reply.

Based on my research, please try the following steps to narrow down this
issue:

Step 1: The problem may be caused by DDNS. Please go to the router, there
should be an IP address assigned from DDNS, please record this address.
Then ping mycompany.dyndns.org, you will get another IP. Will the two IP
address be the same? If they are not the same, let have test with the IP
address you recorded from the Router:

1. Please run the command: mstsc /v IP
2. https://IP/remote or https://IP/exchange.

In the second test you should see:

Error Code: 403 Forbidden. The server denied the specified Uniform Resource
Locator (URL). Contact the server administrator. (12202)

Step 2: Please take a cross over cable and attach the laptop directly to
the server's external NIC, try to visit OWA by typing https://
sbsserver.domain.com /Exchange, can the logon be successfully?

Note: Before the test, please configure the IP of laptop as the following:

IP address: 192.168.1.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0

Please also create a host file on laptop for name resolution:

1. Open %systemroot%\system32\drivers\etc folder.
2. Double click HOST, and then choose open with Notepad.
3. Input the following and save:

192.168.1.1 sbsserver.domain.com

4. Save the host file.

Please try my suggestion and let me know the result.

I am looking forward to hear from you.

Best regards,

Robert Li(MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================

This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.

=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
<Thread-Topic: Can't access SBS from the Internet
<thread-index: AchSpdi/vZll0GWkRkGW3enWcA6k0Q==
<X-WBNR-Posting-Host: 207.46.19.197
<From: =?Utf-8?B?Sm9obkE=?= <JohnA@xxxxxxxxxxxxxxxxxxxxxxxxx>
<References: <CD638ABF-CCD9-427A-87B3-ED01D6D38165@xxxxxxxxxxxxx>
<igvsvjpUIHA.360@xxxxxxxxxxxxxxxxxxxxxx>
<Subject: RE: Can't access SBS from the Internet
<Date: Wed, 9 Jan 2008 01:56:03 -0800
<Lines: 263
<Message-ID: <C372B69C-E4E2-4233-887B-90669329C4D5@xxxxxxxxxxxxx>
<MIME-Version: 1.0
<Content-Type: text/plain;
< charset="Utf-8"
<Content-Transfer-Encoding: 8bit
<X-Newsreader: Microsoft CDO for Windows 2000
<Content-Class: urn:content-classes:message
<Importance: normal
<Priority: normal
<X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2992
<Newsgroups: microsoft.public.windows.server.sbs
<Path: TK2MSFTNGHUB02.phx.gbl
<Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:85497
<NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
<X-Tomcat-NG: microsoft.public.windows.server.sbs
<
<Hi Robert,
<
<I’m answering to your questions:
<1. ISA installed when I installed the SBS automatically.
<2. For the moment I’m doing all tests using only one WinXPProSP2 client
PC
<connected to the SBS domain (I’d like to make all working right before
I’ll
<connect all users to the domain). This XP client can access internet and
the
<http://companyweb/default.aspx page. Through this page the client can
connect
<to outlook using the link “Remote E-Mail Access”, can connect to the
server
<using “Remote Server Management”. I’ve set up exchange to “pop”
(maybe I’ll
<use the smtp way creating a new MX record etc, but later..) mail from two
<ISP-hosted mailboxes (working fine), the client can send and receive mail
<using Outlook2003 through the exchange mail account (automatically created
<during the client setup). I think that into the LAN things are working ok,
<the problem is that I can’t access the SBS from the internet.
<3. Yes, I registered for a free no-ip account (dynamic dns service)
because
<I don’t have external(internet) static IP, but for the moment I’m
doing all
<tests using the ISPs-DHCP server assigned IP, to be sure I have no problem
<with the dyndns service.
<4. As regards to the “broadband IP”, I’m referring to the ip that my
ISP’s
<DHCP server assigns to my modem/router (sorry if “broadband ip” refers
to
<something else, I’m not a net-pro… :-( …). I assume that this is
the
<internet public ip as you wrote.
<
<- Yes, my network topology is exactly like this
<“{Internet}---{Router}---{SBS Server}---{Switch}---{Client
Workstation}“. I
<also have all other PCs connected to our switches (three 16-port
<OfficeConnect with uplinks from the one to the other), they are into the
same
<XP-workgroup sharing printers and HDDs. The SBS and the
<Domain_Connected-XP-Client-PC can access the Domain shares AND the
<XP-Workgroup shares. This is a temporarily situation, the workgroup will
be
<removed as sooner I get the SBS to work right. I don't think that all this
<(the workgroup pcs) has something to do with my main problem (I can't
access
<SBS through the Internet). Is that right?
<
<- I checked the configuration of two nics, things are exactly like you
‘re
<describing (ip’s, gateways, dns and all).
<
<- I rerun the CEICW wizard, firewall enabled (allowing the mail, ftp...etc
<ports), all checked ok. As I said the XP-PC domain client accesses
internet,
<mail, SBS shares, can connect remotely to the SBS (via LAN) etc.
<
<- I run the MPSreport_network and I’m about to send you the /cab file.
<
<I think I followed all of your instructions correctly, hope this will help
<to understand why I’m not connect to my SBS through the internet.
<
<Ah, also (as I said to my 1st post) I have my router forwarding ports
4125,
<443, 25, 21, 3389, 80, 1723 to the SBS ip (192.168.1.1) that is assigned
to
<the external nic (that the router is connected to).
<
<Also, I’m curious why using the server or the domain XP-Client-PC I
can’t
<login to the router’s ip (through internet explorer) to make some
<configurations. The login window doesn’t allow me to log in. But when
I’m
<connecting the router to my laptops ethernet port (that isn’t connected
to
<the domain!), I can login using the same user/password and access all
routers
<options.
<Is there any SBS-installation-default domain-security-policy that
restricts
<access of the domain users to the router? (I’m trying to do it as the
SBS
<Administrator).
<
<Well that's all the information I collected. Please if you have any ideas,
<help..
<
<Thanks for your time!
<
<John
<
<
<"v-robeli@xxxxxxxxxxxxxxxxxxxx (Robert Li" wrote:
<
<> Hi John,
<>
<> Thanks for posting in our newsgroup.
<>
<> From your description, I know that you can't access the SBS server from
<> Internet. If that's not right, please don't hesitate to let me know.
<>
<> Please let me know the following to make the situation more clearly:
<>
<> 1. Do you have ISA installed?
<> 2. Can the internal users visit Internet?
<> 3. You said "I installed no-ip and registered for a no-ip-domain", did
you
<> get Public IP from your ISP?
<> 4. You said " I found the broadband ip of the router using
<> www.whatismyip.com". What is the broadband IP you refer to, if that the
<> Public IP?
<>
<> Based on my research, I'd like to give you the following suggestions:
<>
<> Step 1: Since the SBS has two NICs and the network topology is as below,
<> please ensure on the router you have forwarded the incoming traffic to
the
<> external NIC of SBS server.
<>
<> {Internet}---{Router}---{SBS Server}---{Switch}---{Client Workstation}
<>
<> Step 2: Please ensure the SBS server network configuration is has below:
<>
<> 1. External NIC (Network Connection)
<>
<> IP address: 192.168.1.1
<> Subnet Mask: 255.255.255.0
<> Default Gateway: 192.168.1.254 (your Hardware router IP)
<> DNS: (SBS internal NIC IP as the only entry)
<>
<> 2. Internal NIC (Server Local Area Connection)
<>
<> IP address: 192.168.0.X
<> Subnet Mask: 255.255.255.0
<> Default Gateway: Blank
<> DNS: (SBS internal NIC IP as the only entry)
<>
<> Step 3: Pleas rerun the CEICW Wizard to configure the network.
<>
<> 825763 How to configure Internet access in Windows Small Business Server
<> 2003
<> http://support.microsoft.com/?id=825763
<>
<> If the problem persists, please help me collect the following
information
<> for deep research:
<>
<> MPS-Report on SBS server
<>
<> 1) Download MPSreport_network from
<>
<>
http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0bd9
<> 15706/MPSRPT_NETWORK.EXE
<> 2) Run MPSRPT_NETWORK.exe on the server box.
<> 3) The tool will automatically collect the information. This procedure
will
<> take 10~15 minutes.
<> 4) Open Windows Explorer, navigate to the folder:
<> %SystemRoot%\MPSReports\Network\Reports\Cab\
<> 5) Send the .cab file directly to v-robeli@xxxxxxxxxxxxx with subject:
<> 41264210-Can't access SBS from the Internet.
<>
<> I am looking forward to hear from you.
<>
<> If you need further assistance, please don't hesitate to let me know.
<>
<> Best regards,
<>
<> Robert Li(MSFT)
<>
<> Microsoft CSS Online Newsgroup Support
<>
<> Get Secure! - www.microsoft.com/security
<>
<> =====================================================
<>
<> This newsgroup only focuses on SBS technical issues. If you have issues
<> regarding other Microsoft products, you'd better post in the
corresponding
<> newsgroups so that they can be resolved in an efficient and timely
manner.
<> You can locate the newsgroup here:
<> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
<>
<> When opening a new thread via the web interface, we recommend you check
the
<> "Notify me of replies" box to receive e-mail notifications when there
are
<> any updates in your thread. When responding to posts via your
newsreader,
<> please "Reply to Group" so that others may learn and benefit from your
.

Relevant Pages

  • Re: Internal vs External www access
    ... You have to rerun the CEICW to make sure your SBS 2003 server have ... How to configure Internet access in Windows Small Business Server 2003 ... Please point all internal clients' DNS to SBS NIC address. ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • Re: Port 443 for OUTLOOK WEB ACCESS
    ... > Thank you for posting in SBS newsgroup. ... Click To Do List and then click "Connect to the Internet". ... Go through the steps until the Web Server Certificate page is showed. ...
    (microsoft.public.windows.server.sbs)
  • Re: RPC over HTTP scenario
    ... Les Connor [SBS Community Member - SBS MVP] ... The firewall, an external device to the server, is what has the ... internet, it is exactly the name you would use for the certificate. ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • Re: R2 w/ISA User type account cannot use my companys internal website
    ... Alerts\Core Server Alerts ... Microsoft CSS Online Newsgroup Support ... And our product group is still reviewing the impact of the upgrade SBS ...
    (microsoft.public.windows.server.sbs)
  • Re: Internal vs External www access
    ... You have to rerun the CEICW to make sure your SBS 2003 server have ... How to configure Internet access in Windows Small Business Server 2003 ... Please point all internal clients' DNS to SBS NIC address. ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
Loading