RE: OWA page not displayed Outside

Hello Jim,

Thank you for sending me the log files.

After checking them, I suggest you try following steps:

Step 1: Checking IIS settings.
======
Set default web site to listen on "All Unassigned" for port 80. To do so:

Open IIS MMC, right click Default Web Site and then click Properties. In
the Web site tab, make sure "All Unassigned" is selected in IP address
field.

If not, please change it and run "iisreset".

Note: Before above steps, you may need to check the following:

1. Run CEICW to re-configure the network and firewall on the SBS server.

2. Both the NIC cards should point to the internal IP address for DNS.

Step 2: Recreate ISA rules:
=================
1. Open ISA management.
2. Click Firewall Policy in the left pane.
3. Ensure system rules are hidden and delete all the Firewall policies in
the right pane.

4. Rerun CEICW without selecting "Do not change¡­" to re-create the rules.

I hope the above information is helpful to you. If the problem still
occurs, please help me gather following information:

Please download the MPS Report tool from the following link and run it on
the SBS server, then send the generated CAB file to my mailbox
v-mzhuan@xxxxxxxxxxxxx for further investigation so that we can find what
the root cause is:

http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0bd9
15706/MPSRPT_NETWORK.EXE

For your information:
http://www.microsoft.com/downloads/details.aspx?FamilyId=CEBF3C7C-7CA5-408F-
88B7-F9C79B7306C0&displaylang=en

Please try the above steps at your earliest convenience. If you have any
concern, please feel free to let me know.

Best regards,

Manfred Zhuang(MSFT)
Microsoft Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: OWA page not displayed Outside
| thread-index: AciOkN5DchUQLfs1QI+A3qs3GElcUA==
| X-WBNR-Posting-Host: 207.46.19.168
| From: =?Utf-8?B?SmltIFByZW5kZXJnYXN0?=
<JimPrendergast@xxxxxxxxxxxxxxxxxxxxxxxxx>
| References: <1D613448-DB89-427A-97DB-315345FF6B64@xxxxxxxxxxxxx>
<6C91C0D4-5CB1-4963-8FFB-4F5BE37456CA@xxxxxxxxxxxxx>
<ZN56KHniIHA.5204@xxxxxxxxxxxxxxxxxxxxxx>
<08A35A9F-4E78-4048-90EC-826714C85D8A@xxxxxxxxxxxxx>
<csNxQ1kjIHA.360@xxxxxxxxxxxxxxxxxxxxxx>
| Subject: RE: OWA page not displayed Outside
| Date: Tue, 25 Mar 2008 08:57:03 -0700
| Lines: 316
| Message-ID: <5711950A-59A4-4CA2-88AD-9F72CC426C6F@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 8bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2992
| Newsgroups: microsoft.public.windows.server.sbs
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:99776
| NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Hi
|
| Sorry I found the W3C file, I reran.
|
| So I started the logs
| Then I accessed the system from out side
| I stopped the Logs
|
| I zipped the file and have posted it to youself at v-mzhuan@xxxxxxxxxxxxx
|
| Thanks
|
| Jim
|
| "Manfred Zhuang [MSFT]" wrote:
|
| > Hello Jim,
| >
| > Thank you for sending me the files.
| >
| > I understand that the W3C files could not be found.
| >
| > I would like to confirm that have you done following steps first?
| >
| > a. Open ISA 2006 management console.
| > b. Expand the server node and highlight 'Monitoring'.
| > c. In the right pane, switch to the 'Logging' tab, make sure the 'Task
| > Pane' is showed there.
| > d. In the 'Task Pane', click 'Configure Web Proxy Logging' under
'Logging
| > Tasks', and then switch the 'log storage format' from 'MSDE database'
| > (default) to 'File'.
| > e. Switch to the 'Fields' tab, and then click 'Select All'.
| > f. Click OK, and then click 'Apply' to save changes and update the
| > configuration.
| > g. Click 'Configure Firewall Logging'. Do step d~f to enable the full
| > logging options for firewall logging.
| >
| > Please double confirm it and check if the W3C files can be found.
| >
| > Please understand that they are very important for our troubleshooting.
| >
| > Best regards,
| >
| > Manfred Zhuang(MSFT)
| > Microsoft Online Newsgroup Support
| >
| > Get Secure! - www.microsoft.com/security
| >
| > =====================================================
| > This newsgroup only focuses on SBS technical issues. If you have issues
| > regarding other Microsoft products, you'd better post in the
corresponding
| > newsgroups so that they can be resolved in an efficient and timely
manner.
| > You can locate the newsgroup here:
| > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| >
| > When opening a new thread via the web interface, we recommend you check
the
| > "Notify me of replies" box to receive e-mail notifications when there
are
| > any updates in your thread. When responding to posts via your
newsreader,
| > please "Reply to Group" so that others may learn and benefit from your
| > issue.
| >
| > Microsoft engineers can only focus on one issue per thread. Although we
| > provide other information for your reference, we recommend you post
| > different incidents in different threads to keep the thread clean. In
doing
| > so, it will ensure your issues are resolved in a timely manner.
| >
| > For urgent issues, you may want to contact Microsoft CSS directly.
Please
| > check http://support.microsoft.com for regional support phone numbers.
| >
| > Any input or comments in this thread are highly appreciated.
| > =====================================================
| >
| > This posting is provided "AS IS" with no warranties, and confers no
rights.
| > --------------------
| > | Thread-Topic: OWA page not displayed Outside
| > | thread-index: AciNK8y2KbnMInzeT+efty1zLioTOA==
| > | X-WBNR-Posting-Host: 207.46.192.207
| > | From: =?Utf-8?B?SmltIFByZW5kZXJnYXN0?=
| > <JimPrendergast@xxxxxxxxxxxxxxxxxxxxxxxxx>
| > | References: <1D613448-DB89-427A-97DB-315345FF6B64@xxxxxxxxxxxxx>
| > <6C91C0D4-5CB1-4963-8FFB-4F5BE37456CA@xxxxxxxxxxxxx>
| > <ZN56KHniIHA.5204@xxxxxxxxxxxxxxxxxxxxxx>
| > | Subject: RE: OWA page not displayed Outside
| > | Date: Sun, 23 Mar 2008 14:21:03 -0700
| > | Lines: 332
| > | Message-ID: <08A35A9F-4E78-4048-90EC-826714C85D8A@xxxxxxxxxxxxx>
| > | MIME-Version: 1.0
| > | Content-Type: text/plain;
| > | charset="Utf-8"
| > | Content-Transfer-Encoding: 8bit
| > | X-Newsreader: Microsoft CDO for Windows 2000
| > | Content-Class: urn:content-classes:message
| > | Importance: normal
| > | Priority: normal
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2992
| > | Newsgroups: microsoft.public.windows.server.sbs
| > | Path: TK2MSFTNGHUB02.phx.gbl
| > | Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:99588
| > | NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
| > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > |
| > | Hi
| > | I tried all the suggestion you gave and post to you the information
you
| > | required.
| > | The error is still.
| > | The website cannot be found
| > | Explanation: The IP address for the website you requested could not
be
| > found.
| > |
| > | Error Code 11001: Host not found
| > |
| > | But internally it works using the NETBIOS name of the server via
| > | https://NETBIOSNAME/exchange
| > | ALso internally it works using the INTERNALDOMAINNAME via
| > | https://INTERNALDOMAINNAME/exchange
| > | The external IP address of the site is mapped correct and have check
using
| > | nslookup EXTERNALDOMAINNAME and is gives me the IP address of the site
| > | The Certicate via the CEICW wizard was run and I used the
| > XTERNALDOMAINNAME
| > | to generate the Cert.
| > |
| > | When from the outsite you enter
| > | https://INTERNALDOMAINNAME/exchange
| > | You are presented with the screen saying accept the certificate
| > | You the accept and the error appears.
| > |
| > | Thanks for helping
| > |
| > | Jim
| > |
| > |
| > |
| > |
| > | "Manfred Zhuang [MSFT]" wrote:
| > |
| > | > Hello Jim,
| > | >
| > | > Thank you for posting here.
| > | >
| > | > From your post, I understand that when attempting to access OWA
from
| > | > external side, following error is encountered:
| > | >
| > | > 11001: Host not found.
| > | >
| > | > Firstly I would like to confirm that when running CEICW, did you
select
| > "Do
| > | > not change�¡�­" option? I suggest you re-run CEICW again
without
| > selecting
| > | > "Do not change�¡�­" option and ensure to publish the OWA site.
| > | >
| > | > If the issue persists, please try the following steps to narrow
down
| > this
| > | > issue:
| > | >
| > | > Suggestion 1: Increase the value of Connection limit time
| > | > =====
| > | > Open the ISA Server management console, navigate to Configuration->
| > | > General-> Define Connection Limits-> Connection Limit-> Limit the
| > number of
| > | > connection-> Connection limit per client (TCP and non-TCP).
| > | >
| > | > Please increase the value to 160. If the original value is 160,
please
| > | > uncheck the "Limit the number of connections" option.
| > | >
| > | > We need to restart the ISA firewall service after modifying the
value
| > of
| > | > the connection limit time.
| > | >
| > | > Suggestion 2: Clear the ISA Cache
| > | > =====
| > | > In addition, I would like to suggest you clear the ISA Cache, you
can
| > | > perform the following steps:
| > | >
| > | > 1. On the ISA Server computer, stop the Microsoft Firewall service.
To
| > do
| > | > so:
| > | > 1). Click Start, click Run, type services.msc in the Open box, and
then
| > | > click OK.
| > | > 2). Right-click Microsoft Firewall, and then click Stop.
| > | >
| > | > 2. Start Windows Explorer.
| > | >
| > | > 3. Locate the Urlcache folder.
| > | >
| > | > 4. In the Urlcache folder, locate the file that has the .cdat file
name
| > | > extension.
| > | >
| > | > 5. Right-click the .cdat file, and then click Delete.
| > | >
| > | > 6. When you are prompted to confirm the removal of the .cdat file,
| > click
| > | > Yes.
| > | > If you are prompted to delete the .cdat file because it is too big
for
| > the
| > | > recycle bin, click Yes.
| > | >
| > | > 7. Restart the Microsoft Firewall service.
| > | >
| > | > More information:
| > | > How to delete the Web cache in Internet Security and Acceleration
| > Server
| > | > 2004
| > | > http://support.microsoft.com/default.aspx?scid=kb;en-us;838248
| > | >
| > | > Then try to access the problematic page again, does the problem
persist?
| > | >
| > | > If the problem persists, can you tell me if you have configured the
| > | > internal client as both the web proxy client and firewall client?
| > | >
| > | > To be a Web Proxy client, please open IE, click Tools->Internet
| > Options,
| > | > and click Connections->LAN Settings, configure ISA server as your
Proxy
| > | > server (you can enter either the computer name or the internal IP
of
| > the
| > | > ISA server, port 8080 by default.)
| > | >
| > | > To be a Firewall client, the workstation needs to have the ISA
Firewall
| > | > Client software installed.
| > | >
| > | > Suggestion 3:
| > | > =====
| > | > 1. Open the ISA Server management console, navigate to "Firewall
| > Policy".
| > | > On the right pane, double click the "SBS Internet Access Rule". Go
to
| > the
| > | > Users tab, you will find that the default setting is applied to
"SBS
| > | > Internet Users", please change it to "All Users" and then move it
to
| > the
| > | > top and click "Apply" to save the settings.
| > | >
| > | > 2. Open ISA2004 Management Console, in the left panel, expand to
| > | > Configuration->Networks. Under "Networks panel", double click
| > "Internal".
| > | > Switch to "Web Proxy" panel, click "Authentication?". Uncheck the
| > "Require
| > | > all users to authenticate" option, and then click "Apply" to save
the
| > | > settings.
| > | >
| > | > Suggestion 4:
| > | > =====
| > | > Please try the following steps to configure the problematic web
site
| > for
| > | > direct access.
| > | >
| > | > a. Open ISA management console, expand the server name. Expand the
| > | > Configuration node and click the Networks node.
| > | >
| > | > b. In the details pane, click the Networks tab and then double
click
| > the
| > | > Internal Network.
| > | >
| > | > c. In the Internal Properties dialog box, click the Web Browser
tab. On
| > the
| > | > Web Browser tab, click the Add button.
| > | >
| > | > d. In the Add Server dialog box, select the Domain or computer
option
| > and
| > | > enter the name of the site that you want Direct Access to be used.
| > Enter
| > | > dsc2g.co.clark.nv.us (or *.co.clark.nv.us) in the text box, click
OK.
| > Click
| > | > Apply to save the changes and then update the firewall policy.
| > | >
| > | > e. Then go to the client computer, double click on the Firewall
client
| > icon
| > | > in the system tray Click the Test Server button. This forces the
| > Firewall
| > | > client to pull the new configuration information from the ISA
firewall.
| > | > Click Close in the Testing ISA Server dialog box when the test
| > completes,
| > | > then click the Apply button in the Microsoft Firewall Client for
ISA
| > Server
| > | > 2004 dialog box.
| > | >
| > | > Click the Web Browser tab. Confirm that there is a checkmark in the
| > Enable
| > | > Web browser automatic configuration checkbox and click Configure
Now,
| > and
| > | > then click OK in the Web Browser Settings Update dialog box.
| > | > Then click Apply and then click OK in the Microsoft Firewall Client
for
| > ISA
| > | > Server 2004 dialog box.
| > | >
| > | > More information:
| > | >
| > | > Configuring Sites for Direct Access
| > | > http://www.isaserver.org/articles/2004directaccessp1.html
| > | >
| > | > Then access the site again, will the problem be resolved?
| > | >
| > | > Suggestion 5:
| > | > ======
| > | > This problem could also be caused by the EDNS0 query.
| > | >
| > | > Windows Server 2003 supports Extension Mechanisms for DNS (EDNS0)
| > function
| > | > which permits the use of larger User Datagram Protocol (UDP) packet
| > sizes.
| > | > However, some firewall programs or routers may not permit UDP
packets
| > that
| > | > are larger than 512 bytes. As a result, these DNS packets may be
| > blocked.
| > | >
| > | > I would like to suggest you try the following steps:
| > | >
| > | > 1. Insert SBS 2003 CD2, navigate to \Support\Tools\ Double-click
| > | > suptools.msi to install the Windows 2003 support tools.
| > | >
| > | > 2. At a command prompt, type the following command, and then press
| > ENTER:
| > | >
| > | > "dnscmd /config /enableednsprobes 0" (without the quotation marks)
| > | >
| > | > The following information appears:
| > | >
| > | > Registry property enableednsprobes successfully reset.
|

.