Re: Cannot connect to RWW from home PC

Hi John:

Responding to the paragraph below:

<snip>
We have rerun CEICW sort of hoping it would sort out the router but no
chance... We used mail.jcm-group.com/remote.
<snip>

If you mean that you used the above as the cert in the CEICW, there is no
need to have the "/remote". And mail.jcm-group will only work if there is
a public DNS record for that name/ip combination. There must not be one,
because I can't ping "mail.jmc-group.com"

Still can't telnet to any of your ports at your public ip address. Can you
confirm what it is? www.whatsmyip.com

--
Larry

Please post the resolution to
your issue so that all can benefit.


"John Morton" <johnm@xxxxxxxxxxxx> wrote in message
news:OPeePzAjIHA.4196@xxxxxxxxxxxxxxxxxxxxxxx
Hi Marina
Heres' the info for our server:
---------------------------------------------
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : jcmsbs1
Primary Dns Suffix . . . . . . . : JCMGroup.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : JCMGroup.local

Ethernet adapter Server LAN Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 3Com EtherLink XL 10/100 PCI TX NIC
(3C90
5B-TX)
Physical Address. . . . . . . . . : 00-50-04-4B-18-81
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.16.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.16.2
Primary WINS Server . . . . . . . : 192.168.16.2

Ethernet adapter ADSL Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast
Ethernet
NIC
Physical Address. . . . . . . . . : 00-05-1C-9B-15-96
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 172.26.0.2
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 172.26.0.1
DNS Servers . . . . . . . . . . . : 192.168.16.2
Primary WINS Server . . . . . . . : 192.168.16.2
NetBIOS over Tcpip. . . . . . . . : Disabled
--------------------------------------------------
Do you mean ipcongfig for my PC or a PC on this network?
Just to recap - I can connect from any PC on my network using the FQDN to
all the installed sbs features including RWW.
We have rerun CEICW sort of hoping it would sort out the router but no
chance... We used mail.jcm-group.com/remote.
I think this must be a router problem and very frustrating - maybe it
needs re-seting and starting all over!

The router was supplied about 5 years ago by Telefonica here in Spain -
It's a Thomson 510. After much trouble logging on to it using 10.0.0.138
as it keeps timing out - however I have now forwarded ports 443 444 and
4125 to the server ip 192.168.16.2 (is this correct?)
it appears to be set to DHCP = auto
DNS = not defined
The Ip and routing tables look like this:
---------------------------------------
telefppp 83.38.30.56/32 Auto pat

eth0 169.254.243.18/16 Auto none

eth0 172.26.0.1/16 Extra none

eth0 10.0.0.138/8 Extra none

loop 127.0.0.1/8 Auto none

IP route table

Destination Source Gateway Intf
192.168.153.1/32 83.38.30.56/32 83.38.30.56 telefppp

169.254.0.0/16 169.254.0.0/16 169.254.243.18 eth0

172.26.0.0/16 172.26.0.0/16 172.26.0.1 eth0

10.0.0.0/8 10.0.0.0/8 10.0.0.138 eth0

192.168.153.1/32 any 83.38.30.56 telefppp

83.38.30.56/32 any 83.38.30.56 telefppp

169.254.243.18/32 any 169.254.243.18 eth0

255.255.255.255/32 any 10.0.0.138 eth0

172.26.0.1/32 any 172.26.0.1 eth0

10.0.0.138/32 any 10.0.0.138 eth0

127.0.0.1/32 any 127.0.0.1 loop

169.254.0.0/16 any 169.254.243.18 eth0

172.26.0.0/16 any 172.26.0.1 eth0

10.0.0.0/8 any 10.0.0.138 eth0

224.0.0.0/4 any 169.254.243.18* eth0

default any 83.38.30.56 telefppp

default any 169.254.243.18* eth0
----------------------------------------
Thanks in advance for any help, John


"Marina Roos [SBS-MVP]" <marina@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:%23LFgyv8iIHA.3780@xxxxxxxxxxxxxxxxxxxxxxx
Hi John,

Please post the ipconfig/all from the server and a client.
If you have a router, you need to forward ports in the router to the
external nic IP.

--
Regards,

Marina Roos
Microsoft SBS-MVP
One of the Magical M&M's
www.smallbizserver.net
Take part in SBS forum:
http://www.smallbizserver.net/Default.aspx?tabid=53
"johnm" <jmorton@xxxxxxxxxxxx> wrote in message
news:uy$71cliIHA.4080@xxxxxxxxxxxxxxxxxxxxxxx
Hi Larry
Just picked up your post - many thanks

it's jcm-group.com not jmc by the way ;-)

I'll let you know how it goes
Thanks again, John
-------------------------------------------
"Larry Struckmeyer" <lstruckmeyer(at)mis-wizards(dot)com> wrote in
message news:uBnmHJhiIHA.4396@xxxxxxxxxxxxxxxxxxxxxxx
I just tried to ping mail.jmc-group.com and got no reply... not even the
DNS listing.

Then to telnet to that url, same result.

Is that is the correct url - domain name for your mail server?

DNS stuff says your mail server is responding with reply that is not MS
Exchange server on IP: 74.208.5.4 That is probably different that
what you will get from the next line:

Go to www.whatsmyip.com and get your public ip address.

run the CEICW and use the ip address for the certificate.

It would help us if you posted it. You can munge it, but since it is
public there is really no reason:

*72*48*178*33*

is not going to get picked up by any bots.

Is your setup like this:

inet - ISA Device - SBS Nic2 - SBS - SBS Nic 1 - Switch - Workstations

You have to know that two things are setup and working.... the address
for RWW, which if you use the IP you can't mess that up, and that the
ISP allows the necessary ports to pass their systems and the "little
box" they gave you. You might want to call them and verify they are
not blocking 25, 443, 444, 4125. Additionaly, if you ever hope to do
VPN you need 1723.

In the end, if you want to use something besides the ip address, you
will need a public DNS record for your public ip address. The
referenced name can be practically anything, but it has to point to the
ip address you get from www.whatsmyip.com . Then you use that name in
the CEICW for the certificate, and in the browser for remote access.


--
Larry


"johnm" <jmorton@xxxxxxxxxxxx> wrote in message
news:eqmPmsgiIHA.4140@xxxxxxxxxxxxxxxxxxxxxxx
Hi Larry
Thanks
No no hardware firewall/router just the simple box that came from
telefonia - it's all through ISA.
When we setup this new SBS2003 setup we installed without ISA as it
does form part of the basic install - we did this a week or so later -
we are not seeing any problems anywhere regards internet or email - we
also run goldmine CRM with 20+ POP3 accounts and all works great -
just this blessed RWW - it's driving me mad....

No haven't added anything to ISA apart from that one port - which I
will delete tomorrow.
We do have 2 nic setup - one for internal and one for ADSL

Regards running CEICW - yes I had realised that and maybe something
went wrong when we installed ISA server from standard setup - but
there were no errors shown at all.

Where do you set up the forwarding for ports 443 and 4125 from router
to SBS? I do not recall needing to do anything with the ADSL modem
other than set the IP addresses for it. Maybe thats where the problem
lies - problem is it will be in Spanish!
TIA, John

"Larry Struckmeyer" <lstruckmeyer(at)mis-wizards(dot)com> wrote in
message news:uylMEZgiIHA.3940@xxxxxxxxxxxxxxxxxxxxxxx
Is there a hardware firewall/router between your server and the
internet?

Do not trust the PnP facility of the Wizard or your router /
firewall. Connect to the device with your browser (follow the setup
instructions for the device) and forward the ports to the nic in your
SBS that listens on the internet. For a two nic server, that is know
as the external nic.

Do not add things to ISA,,,, CEICW does this for you. If you have
been adding and subtracting things from ISA you may have messed it up
beyond the ability of this forum.

I would strongly consider uninstalling ISA, getting the RWW etc to
work, then reinstalling ISA. You have to run the CEICW after each un
install re install, as it does it differently for a ISA installation.

--
Larry


"johnm" <jmorton@xxxxxxxxxxxx> wrote in message
news:%237pxyPgiIHA.5956@xxxxxxxxxxxxxxxxxxxxxxx
Hi Marina and everyone who has tried to help me

Thank you for your help

Yes I have run CEICW - looking in the log I'm on number
'icwdetails11' and yes I enabled the firewall as one of the options
during running the setup wizard.

I think I'm going around in something of a loop here - so any help
would be greatly apprecieted. Obviously missing something obvious
somewhere!

This is what I have right now.

If I run RWW from my PC within the network using our FQDN it works
perfectly - and what a super facility this is! When I finally get it
working from the internet that is....

I am running ISA 2000 so I'm sort of assuming that if something
hasn't been setup correctly using the wizard that it can be added in
ISA management?
When I look in Access Policy -> IP Packet Filter
I see port 443 in and out
I did not see port 4125 so I added it
I did not see port 444
You say forward 443 and 4125 from router to SBS - where exactly do I
do this - is this done in ISA -> Network Configuration -> Routing?
What do I have to put in there?

We ran SBS2000 for 6 years - never had any of this - 2003 seems a
lot more security minded. I'm sure it's easy once you get your head
round it and much better. On the whole it's been running for 2
months now without that many problems - we are running all the
latest fixes (more or less) apart from upgrading to ISA2004 - we are
waiting for the CD to arrive from MSoft

But RWW we need to fix - very handy for working from home
TIA
John
----------------------------------------------------------------------------------------------0
"Marina Roos [SBS-MVP]" <marina@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:eh23EQSiIHA.4536@xxxxxxxxxxxxxxxxxxxxxxx
Hi John,

It doesn't have port 443 open, so it can't even listen and get you
to that page on your server. Have you run CEICW and enabled the
firewall, including the services like RWW that you would like to
use? In the router you will have to forward port 443 and 4125
(needed for RWW) to your SBS.

--
Regards,

Marina Roos
Microsoft SBS-MVP
One of the Magical M&M's
www.smallbizserver.net
Take part in SBS forum:
http://www.smallbizserver.net/Default.aspx?tabid=53
"John Morton" <johnm@xxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:uBc3JgRiIHA.3940@xxxxxxxxxxxxxxxxxxxxxxx

Hi again
Well maybe I'm missing something here but I tried as suggested
using https://mail.jcm-group.com/remote and still nada!
Getting this below. I can ping jcm-group.com - which has a fixed
IP but cannot get this to work - such a brilliant facility as well
Any further advise ould be greatly apprecieted.
John
message as below:-
--------------------------------------------------------
The page cannot be displayed
There is a problem with the page you are trying to reach and it
cannot be displayed.
--------------------------------------------------------------------------------

Please try the following:

a.. Click the Refresh button, or try again later.

b.. Open the Web site home page, and then look for links to the
information you want.
c.. If you believe you should be able to view this directory or
page, please contact the Web site administrator by using the
e-mail address or phone number listed on the Web site home page.
10060 - Connection timeout
Internet Security and Acceleration Server

--------------------------------------------------------------------------------

Technical Information (for support personnel)

a.. Background:
The gateway could not receive a timely response from the Web site
you are trying to access. This might indicate that the network is
congested, or that the Web site is experiencing technical
difficulties.

b.. ISA Server: jcmsbs1.JCMGroup.local
Via:

Time: 3/18/2008 4:44:27 PM GMT
"Larry Struckmeyer" <lstruckmeyer(at)mis-wizards(dot)com> wrote in
message news:uGqfqx0hIHA.1184@xxxxxxxxxxxxxxxxxxxxxxx
Hi John:

When you run the CEICW you put in the address of your RWW page.
This address must be either your public IP address, or an URL
address for which there is a public DNS record.

If you are receiving mail at your exchange server you have such a
record already. Normally this would be something like
"mail.yourdomain.com", which would point to your public IP
address, so in the CEICW you put "mail.yourdomain.com". It does
not have to be that, and you can add public DNS records that
point to "fuzzy_slippers.yourdomain.com" if you wish.

The last step is to forward the ports required, 443, 444, 4125
from whatever router/firewall device sits at that ip address to
the ip address of the listening nic ip in your SBS.

Then from outside the LAN you point your browser to
"mail.yourdomain.com/remote" to hit the RWW page, where you can
select which service to use.

--
Larry


"johnm" <jmorton@xxxxxxxxxxxx> wrote in message
news:undetR0hIHA.1944@xxxxxxxxxxxxxxxxxxxxxxx
Hi

I cannot logon to RWW from my home PC no matter what I try

I am using our FQDN : although beginning to wonder if this is
set up correctly - as surely should include something with .com
maybe?
https://jcmsbs***.jcmgroup.local/remote I get this page in IE
and error message from Firefox :-

Internet Explorer cannot display the webpage

Most likely causes:
a.. You are not connected to the Internet.
b.. The website is encountering problems.
c.. There might be a typing error in the address.

What you can try:
Diagnose Connection Problems

More information

This problem can be caused by a variety of issues,
including:

a.. Internet connectivity has been lost.
b.. The website is temporarily unavailable.
c.. The Domain Name Server (DNS) is not reachable.
d.. The Domain Name Server (DNS) does not have a listing
for the website's domain.
e.. If this is an HTTPS (secure) address, click Tools,
click Internet Options, click Advanced, and check to be sure the
SSL and TLS protocols are enabled under the security section.

For offline users

You can still view subscribed feeds and some recently
viewed webpages.
To view subscribed feeds

1.. Click the Favorites Center button , click Feeds, and
then click the feed you want to view.

To view recently visited webpages (might not work on all
pages)

1.. Click Tools , and then click Work Offline.
2.. Click the Favorites Center button , click History,
and then click the page you want to view.




This address works from my workstation within the sbs2003
network but not from outside. Can someone please advise?
Many thanks, John
























.