RE: Need assistance with Outlook over Internet config.
- From: v-terliu@xxxxxxxxxxxxxxxxxxxx (Terence Liu [MSFT])
- Date: Tue, 29 Jul 2008 07:34:13 GMT
Hi Tony,
Thanks for your update.
From your description, can I assume you can access RWW from internalworkstations without any problem?
Based on my test, I unable to telnet TCP 443 port of your public IP
196.14.41.XX. That means the ISP firewall blocks the port.
From the network structure, we know you have a upstream firewall beforeSBS. Please contact your ISP and confirm that the TCP port 443 and 4125 are
forwarded to your SBS external NIC (192.168.5.13).
One of the screenshot shows there are 443 port traffic from external to
your SBS. However, I need more details to analyze. Please help me collect
some information for further investigation:
1. Please help to gather the ISA Info:
1) Download the file from the following URL:
http://www.isatools.org/tools/isainfo.zip
2) Extract all files to a folder on ISA server.
3) Double click Isainfo.js. This will generate 2 files
ISAInfo2004-<computer-name>.log and ISAInfo2004-<computer-name>.xml in the
current folder.
4) Please send these files to me at v-terliu@xxxxxxxxxxxxx
2. Please also help to gather the ISA logs:
1) Schedule a down time.
2) Open ISA 2004 management console.
3) Expand the server node and highlight 'Monitoring'.
4) In the right pane, switch to the 'Logging' tab, make sure the 'Task
Pane' is showed there.
5) In the 'Task Pane', click 'Configure Firewall Logging' under 'Logging
Tasks', and then switch the 'log storage format' from 'MSDE database'
(default) to 'File'.
6) Switch to the 'Fields' tab, click 'Select All', and then click OK.
7) In the 'Task Pane', click 'Configure Web Proxy Logging' under 'Logging
Tasks', and then switch the 'log storage format' from 'MSDE database'
(default) to 'File'.
8) Switch to the 'Fields' tab, click 'Select All', and then click OK.
9) Click 'Apply' to save changes and update the configuration.
10) Temporarily disable the Firewall service. To do that, please click
Monitoring | Services tab, and then right click 'Microsoft Firewall' to
choose 'Stop'.
11) Clear the current existing W3C logs. To do that, go to the log saving
directory and clean any existing .W3C logs. By default, the logs will be
saved to 'C:\Program Files\Microsoft ISA Server\ISALogs'. (Some MDF may not
be able to deleted, that's normal.) You may backup them first and then
delete them.
12) Go back to the ISA 2004 management console, and then Start the stopped
'Microsoft Firewall' service.
13) Reproduce the problem, stop the service, and then gather the resulting
W3C files to me for analysis.
14) Please also let me know the IP address of the testing clients so that I
can filter the data.
Thanks and have a nice day!
Best regards,
Terence Liu (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
Thread-Topic: Need assistance with Outlook over Internet config.<9EcgyHi7IHA.1620@xxxxxxxxxxxxxxxxxxxxxx>
thread-index: AcjwCnxoBw+hLwcAR9GJ0m6gh4KlLA==
X-WBNR-Posting-Host: 207.46.19.168
From: =?Utf-8?B?VG9ueVY=?= <TonyV@xxxxxxxxxxxxxxxxxxxxxxxxx>
References: <3EC8DB5E-24A6-4790-A9C8-274FE0016EB4@xxxxxxxxxxxxx>
Subject: RE: Need assistance with Outlook over Internet config.is
Date: Sun, 27 Jul 2008 10:02:00 -0700
Lines: 180
Message-ID: <AD6902FF-36A7-4FA8-8060-D0548464B181@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.3119
Newsgroups: microsoft.public.windows.server.sbs
Path: TK2MSFTNGHUB02.phx.gbl
Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:116901
NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
X-Tomcat-NG: microsoft.public.windows.server.sbs
Hi Terence,
I followed your steps, thankyou.
I did not create a new web server certificate as there was an existing one.
When trying https://mail.companydomain.com/remote from external PC, the
browser simply responds that 'Page cannot be
displayed'.
This happens on all external clients.
Outside the SBS external Nic we do also have an additional firewall that
mantained by our ISP. We have confirmed so farover
that port 443 and 4125 is open and forwards traffic via these ports to the
SBS external Nic, where the connection gets denied
(as per ISA2004 monitoring).
Even after enabling all firewall options in the CEICW wizard, the external
Nic on SBS box still does not allow this traffic
through. Can't connect to 443 and 4125 via telnet either.
"Terence Liu [MSFT]" wrote:
Hello Tony,
Thank you for posting here.
According to your description, I understand that you want to setup RPC
canHTTP on your SBS, but you unable to get the RWW from external. If I have
misunderstood the problem, please don't hesitate to let me know.
Based on my research, I suggest we try the following steps to see if we
accessresolve this issue:
1. Please enable your RWW is working properly from internal. Please
clickthe RWW from internal clients via https://SBSname/remote/
2. Please run the CEICW to publish the RWW to external.
Go through the follow KB and rerun CEICW carefully.
How to configure Internet access in Windows Small Business Server 2003
http://support.microsoft.com/kb/825763
Detailed steps for your reference:
a. On the SBS 2003 Server open the Server Management console. Go to
Standard Management\To Do List.
b. Click the "Connect to the Internet" link.
c. When navigating to the Firewall page, select "Enable firewall" and
theNext.
d. On the "Services Configuration" page, select all the items and then
click Next.
e. On the "Web Services Configuration" page, make sure "Allow access to
accessentire Web site from the Internet" is selected. If you select "Allow
allto only the following Web site services from the Internet", make sure
serveritems in the list are selected. Click Next.
f. On the "Web Server Certificate" page, choose to create a new Web
externalcertificate and then type the public domain name (mail.company.com) that
you will use to access OWA and RWW.
g. Go through the remaining steps.
Then, try to access RWW from external via
https://mail.companyweb.com/remote/
3. Ensure you forward the TCP port 443 and 4125 from router to SBS
PleaseNIC. Please contact your router vendor for help.
If we cannot resolve the issue after we perform the steps above, please
help me collect some information for further investigation:
1. What error do you get when you try to access RWW from external?
correspondingcapture screenshots of the error page and send the pictures to me at
v-terliu@xxxxxxxxxxxxx
2. Does this issue happen on all external clients?
I hope these steps will give you some help.
Thanks and have a nice day!
Best regards,
Terence Liu (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the
manner.newsgroups so that they can be resolved in an efficient and timely
theYou can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check
are"Notify me of replies" box to receive e-mail notifications when there
newsreader,any updates in your thread. When responding to posts via your
doingplease "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In
Pleaseso, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly.
rights.check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no
to
--------------------
Thread-Topic: Need assistance with Outlook over Internet config.nics.
thread-index: Acjs/Ux6aHoWuZADTb+HHS4XcVxkgw==
X-WBNR-Posting-Host: 207.46.19.197
From: =?Utf-8?B?VG9ueVY=?= <TonyV@xxxxxxxxxxxxxxxxxxxxxxxxx>
Subject: Need assistance with Outlook over Internet config.
Date: Wed, 23 Jul 2008 12:50:03 -0700
Lines: 24
Message-ID: <3EC8DB5E-24A6-4790-A9C8-274FE0016EB4@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.3119
Newsgroups: microsoft.public.windows.server.sbs
Path: TK2MSFTNGHUB02.phx.gbl
Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:116439
NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
X-Tomcat-NG: microsoft.public.windows.server.sbs
I'm running SBS2003 Premium edition and have ISA2004 configured using 2
I want to use my Outlook 2003 over the internet but have not been able
ISAget it running yet.
So far I've run CEICW and enabled 'Outlook over HTTP' option and also
created a self signed certificate: mail.company.com.
I noticed the new publishing rule for 'Outlook over Http' created in
'mail.company.com'and
verified that it is indeed enabled.
When I type 'https://mail.company.com/remote' from a browser over the
internet, there is no repsonse. Even by replacing the
with
the public IP address directly does not work.shows
Also tried 'Telnet <public IP> 443' from DOS, the ISA 2004 logs still
that the connection was denied.
Why is ISA not letting this through?
Do I also really need to get my ISP to create an A-record for
mail.company.com?
Please advise.
Thanks.
.
- Follow-Ups:
- RE: Need assistance with Outlook over Internet config.
- From: Terence Liu [MSFT]
- RE: Need assistance with Outlook over Internet config.
- References:
- Need assistance with Outlook over Internet config.
- From: TonyV
- RE: Need assistance with Outlook over Internet config.
- From: Terence Liu [MSFT]
- RE: Need assistance with Outlook over Internet config.
- From: TonyV
- Need assistance with Outlook over Internet config.
- Prev by Date: Re: Restore to different hardware
- Next by Date: Re: IP Addresses
- Previous by thread: RE: Need assistance with Outlook over Internet config.
- Next by thread: RE: Need assistance with Outlook over Internet config.
- Index(es):
Relevant Pages
|
