RE: ICMP error when trying to access OWA on SBS 2003 Premium

OK here's what is set up on our SBS 2003 Premium server now and is working:

IIS
The Default Web Site is set to listen on the internal IP of the SBS server
and the loopback address 127.0.0.1 on port 443. It is set to use the
certificate that we created ourselves in SBS.

ISA
We have one rule that is allowing the HTTPS and HTTPS Server protocols in
ISA to the SBS Server (localhost) from Internal, External and VPN Clients.
We also have a Secure Mail Server Publishing rule that in the "To" tab is
set to publish mail.ourdomain.co.uk and has the "Forward orginal headers" box
ticked and requests are set to come from the original client not the ISA
server. In the Public Name (or whatever its called) tab of this rule we just
have it set to mail.ourdomain.co.uk as well. Then in the Paths tab we have
/Exchange/* /Exchweb/* and /Public/*
To get this to work properly I had to create a DNS record (and zone) for the
mail.ourdomain.co.uk address so that it resolved to the internal IP of our
SBS server. I think this was the main problem we were having, the server was
still looking at its DNS cache instead of the new DNS record when it was
trying to resolve the name. So to solve this problem I just ran ipconfig
/flushdns from the command line and then after that everything worked fine.
Really hope that helps someone else out in the future, I know how little
info there is on the internet about this error!

Thanks
Chris

"ChrisW (MCP)" wrote:

Thanks for replying, I appreciate it but I have already resolved the issue :)
I did write a long reply detailing exactly how everything was setup now for
people to read if they have the same problem... but when I hit Post the page
just went blank and nothing has appeared in the thread..... so im a bit
annoyed and cant be bothered to type it all out again just yet! I'll write it
up when I get a spare minute.

Thanks again
Chris

"Terence Liu [MSFT]" wrote:

Hello Chris,

Thank you for posting here.

According to your description, I understand that you get error when you run
the CEICW on SBS and you unable to access OWA from external and internal
clients. If I have misunderstood the problem, please don't hesitate to let
me know.

Based on my research, we do not need to configure the certificate or ISA
OWA publish rule or IIS manually. We only need to run the CEICW to
configure all of these automatically. The CEICW is very important for SBS.
We need to make it work fine first. I suggest we try the following steps to
see if we can resolve this issue:

Go through the follow KB and rerun CEICW carefully.

How to configure Internet access in Windows Small Business Server 2003
http://support.microsoft.com/kb/825763/en-us

Detailed steps for your reference:

a. On the SBS 2003 Server open the Server Management console. Go to
Standard Management\To Do List.

b. Click the "Connect to the Internet" link.

c. When navigating to the Firewall page, select "Enable firewall" and click
Next.

d. On the "Services Configuration" page, select all the items and then
click Next.

e. On the "Web Services Configuration" page, make sure "Allow access to the
entire Web site from the Internet" is selected. If you select "Allow access
to only the following Web site services from the Internet", make sure all
items in the list are selected. Click Next.

f. On the "Web Server Certificate" page, choose to create a new Web server
certificate and then type the public domain name (your public DNS name)
that you will use to access OWA and RWW (for example, if your public domain
name that you use to access the sites is mail-out.ourdomain.co.uk, you
should type mail-out.ourdomain.co.uk as the new certificate name).

g. Go through the remaining steps.

If you still get error when run CEICW, please help me collect some
information for further investigation:

1. Please send follow file to my working mailbox: v-terliu@xxxxxxxxxxxxx
for further investigation.

The icwlog.txt file in the "C:\Program Files\Microsoft Windows Small
Business Server\Support" folder.

2. Gather MPS network report on SBS:

a. Download MPSrepot_network from
http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0bd9
15706/MPSRPT_NETWORK.EXE

b. Run MPSRPT_NETWORK.exe.

c. The tool will automatically collect the information. This procedure will
take 10~15 minutes.

d. Open Windows Explorer, navigate to the folder:
%SystemRoot%\MPSReports\Network\Reports\Cab\

e. Send the .cab file directly to me at v-terliu@xxxxxxxxxxxxx

3. Can you access RWW from external?

I hope these steps will give you some help.

Thanks and have a nice day!

Best regards,

Terence Liu(MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| Thread-Topic: ICMP error when trying to access OWA on SBS 2003 Premium
| thread-index: AcijDkG08nPiWmW3TXaYx2iksQAY7g==
| X-WBNR-Posting-Host: 207.46.19.168
| From: =?Utf-8?B?Q2hyaXNXIChNQ1Ap?= <ChrisWMCP@xxxxxxxxxxxxxxxxxxxxxxxxx>
| Subject: ICMP error when trying to access OWA on SBS 2003 Premium
| Date: Sun, 20 Apr 2008 10:45:00 -0700
| Lines: 53
| Message-ID: <F4E88077-9D82-4ED9-A0B7-FC60A30421A8@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2992
| Newsgroups: microsoft.public.windows.server.sbs
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:104007
| NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Exchange 2003 with SP 2 running on SBS 2003 Premium SP2
|
| OK so here's what happened - I was trying to get the Direct Push feature
in
| Exchange working so that our PDAs did not have to use IMAP accounts to
| send/receive every 15 mins etc but was constantly getting permissions
errors
| on the PDAs. So someone suggested that I re-run the Internet and Email
Config
| Wizard to reset the permissions in IIS and setup the ISA rules for OWA
and
| OMA again.
| After running the wizard (and it saying it failed to update the firewall
| config fully) I found that OWA no longer worked at all.
| I imported a snapshot of our ISA config that was taken before i ran the
| wizard so now everything in ISA should be back exactly as it was... but
OWA
| still didnt work. I noticed that the certificate in IIS for the default
| website had been changed to publishing.mydomain.local instead of the
| certificate for OWA that I created previously. So I changed this back but
| still cant get onto OWA from anywhere, not even the SBS server itself.
|
| The error I get when trying to access OWA externally is:
| Error code: 12206
| Background: The page you requested could not be reached.
|
| I then found that if I change the ISA OWA publishing rule so that
"requests
| appear to come from the original client" instead of "appear to come from
the
| ISA server" I now get this error:
| Error Code: 500 Internal Server Error. Internet Control Message Protocol
| (ICMP) network is unreachable. For more information about this event, see
ISA
| Server Help. (10051).
|
| Which should it be set to? Requests appear to come from ISA or from
original
| client?
|
| I ran the Internet and Email config wizard again and now OWA works from
the
| SBS Premium server itself if i go to https://127.0.0.1/exchange but not
if I
| go to https://mail-out.ourdomain.co.uk/exchange. If I try to access it
from
| external i still get the ICMP error.
| When I look in the ISA logging I see that there is a failed HTTPS
connection
| attempt saying:
| Status: 10051 A socket operation was attempted to an unreachable network.

| Rule: SBS OWA Web Publishing Rule
|
| I read somewhere that I need to have a DNS A record setup to resolve
| mail-out.ourdomain.co.uk to the internal IP address of the SBS server so
| I've set this up in DNS but it made no difference. If I pign
| mail-out.ourdomain.co.uk from the ISA server it does now resolve to the
| internal IP of the server but like I say, OWA still wont work other than
on
| the 127.0.0.1 address :(
|
| I'm totally stuck at the moment, any suggestions?
|
| Thanks
| Chris
|
|
|


.

Relevant Pages

  • Re: Exchange Mail Not Getting Delivered to Address On Certain Occasions
    ... "If I am accessing the SBS from the external ... > network from Outlook or from OWA and it is delivered promptly" and you can ... > Please understand the OWA is web-based access the Mailbox of the Exchange ... > 2003 Sever on the SBS 2003 Server, when you send or forward email via OWA, ...
    (microsoft.public.windows.server.sbs)
  • Re: Cannot reply/forward in OWA - Page cannot be displayed
    ... I understand all the pictures in the OWA ... IE, go to Tools -> Internet Options menu, go to Advanced tab, move down the ... Check if OfficeScan is installed on the SBS server. ... Microsoft is providing this information as a convenience to you. ...
    (microsoft.public.windows.server.sbs)
  • RE: Help with Internet and Email wizard
    ... Thank you for posting in the SBS newsgroup. ... On SBS Server, run the CEICW, go through "Connection Type" page, on ... Since we don't want to set up an external internet access, ... We can select Option one "Create a new Web server certificate" to ...
    (microsoft.public.windows.server.sbs)
  • Re: Urgent! New router and big disaster
    ... Set the 'external' interface of SBS to get it's IP via DHCP from the router ... If the ws does not get an IP from DHCP check the event log on the server, ... They can go one day with out internet, ...
    (microsoft.public.windows.server.sbs)
  • Re: Exchange Mail Not Getting Delivered to Address On Certain Occasions
    ... "If I am accessing the SBS from the external ... network from Outlook or from OWA and it is delivered promptly" and you can ... Please understand the OWA is web-based access the Mailbox of the Exchange ... 2003 Sever on the SBS 2003 Server, when you send or forward email via OWA, ...
    (microsoft.public.windows.server.sbs)