Re: RWW 403 forbidden error
- From: "Merv Porter [SBS-MVP]" <mwport@xxxxxxxxxxxxxxxxxxx>
- Date: Thu, 4 Sep 2008 08:14:16 -0400
https://mail.westernwaterandland.com/remote does not resolve te RWW problem.
Using your WAN IP address in place also does not resolve the problem.
OK, let's try... Install and run a scan with the SBS 2003 BPA:
Microsoft Windows Small Business Server 2003 Best Practices Analyzer
http://207.46.19.190/downloads/details.aspx?familyid=3874527A-DE19-49BB-800F-352F3B6F2922&displaylang=en
Small Business Server 2003 Best Practices Analyzer Updated
http://blogs.technet.com/sbs/archive/2008/02/20/small-business-server-2003-best-practices-analyzer-updated.aspx
How to Use the Windows SBS 2003 BPA
http://blogs.technet.com/sbs/archive/2007/10/22/how-to-use-the-windows-sbs-2003-bpa.aspx
--
Merv Porter [SBS-MVP]
============================
"BobS" <BobS@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A3947259-5E40-4F6E-BB45-30EF110A997B@xxxxxxxxxxxxxxxx
My how I admire perserverance; and appreciate it for something like this.
Response to all 3 of your posts are here:
1. Results of ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : hal
Primary Dns Suffix . . . . . . . : WesternWaterandLand.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : WesternWaterandLand.local
Ethernet adapter Server Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-21-9B-F9-AD-08
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.254.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.254.1
DNS Servers . . . . . . . . . . . : 192.168.254.2
Primary WINS Server . . . . . . . : 192.168.254.2
2. Yes, port 4125 is forwarded to the server nic (192.168.254.2), as are
all of the other ports concerned with remote access of different types
(443,
444, 21, ...)
3. All of the settings for Directory Security for the "Remote" virtual
web
site are exactly as you have them below.
4. I also cleared out the W3SVC1 log for the day and then tried to log in
to RWW. The contents of the log after the failed attempt are as follows:
#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2008-09-04 05:11:29
#Fields: date time s-sitename s-computername s-ip cs-method cs-uri-stem
cs-uri-query s-port cs-username c-ip cs-version cs(User-Agent) cs-host
sc-status sc-substatus sc-win32-status
2008-09-04 05:11:29 W3SVC1 HAL 192.168.254.2 GET /remote - 80 -
216.52.47.231 HTTP/1.1
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+InfoPath.2)
rww.westernwaterandland.com 302 0 0
2008-09-04 05:11:35 W3SVC1 HAL 192.168.254.2 GET /remote - 80 -
216.52.47.231 HTTP/1.1
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+InfoPath.2)
rww.westernwaterandland.com 302 0 0
2008-09-04 05:11:35 W3SVC1 HAL 192.168.254.2 GET /remote - 443 -
216.52.47.231 HTTP/1.1
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+InfoPath.2)
rww.westernwaterandland.com 301 0 0
2008-09-04 05:11:35 W3SVC1 HAL 192.168.254.2 GET /remote/ - 443 -
216.52.47.231 HTTP/1.1
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506;+InfoPath.2)
rww.westernwaterandland.com 403 14 5
5. On your other post for the settings for Default Website and Remote
Virtual Website Directory Security; what I have is exactly as you have it
specified.
Thanks again for your perserverance.
--
Bob Showalter
Packer International
"Merv Porter [SBS-MVP]" wrote:
And here's a list of all settings for the properties of the "Remote"
virtual
web site under the Default Web site in IIS...
For RWW:
1. Open IIS snap-in.
2. Go to Default Web Site/Remote.
3. Right click Remote and click Properties.
4. Click Directory Security tab.
5. Click Edit under "Authentication and access control".
6. Make sure that only the "Enable anonymous access" and "Integrated
Windows Authentication" have been checked.
7. Click Edit under "IP address and domain name restriction".
8. Make sure that "Granted access" has been selected.
9. Click Edit under "Secure communications".
10. Make sure that "Require secure channel (SSL)" and "Require 128-bit
encryption" have been checked.
--
Merv Porter [SBS-MVP]
============================
"Merv Porter [SBS-MVP]" <mwport@xxxxxxxxxxxxxxxxxxx> wrote in message
news:OU27$KhDJHA.1184@xxxxxxxxxxxxxxxxxxxxxxx
Is port 4125 corrected forwarded in the router to the IP address of the
SBS NIC?
--
Merv Porter [SBS-MVP]
============================
"BobS" <BobS@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:6B023657-EAF6-4E91-9C1F-182E999B4CCD@xxxxxxxxxxxxxxxx
Thanks Merv,
Those are the settings I have. It is a single NIC system.
--
Bob Showalter
Packer International
"Merv Porter [SBS-MVP]" wrote:
Directory Security settings... (on a two NIC system, if that matters)
IIS | <yourserver> | Web Sites | Default Web Site | Properties |
Directory
Security | IP Address and Domain Name Restrictions | Edit...
Settings should be Denied Access;
Except the Following: Granted 192.168.16.2 (255.255.255.0)
Except the Following: Granted 127.0.0.1
IIS | <yourserver> | Web Sites | Default Web Site | Remote|
Properties |
Directory Security | IP Address and Domain Name Restrictions |
Edit...
Granted Access
--
Merv Porter [SBS-MVP]
============================
"BobS" <BobS@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:350FE9EE-EC90-4F57-87AB-45BE4B72CB2B@xxxxxxxxxxxxxxxx
Merv, thanks for continuing to try. No luck yet. Here is what I
did
with
your last set of suggestions:
1. I reran CEICW removing RWW (and all other website services, OWA
and
SharePoint). Rebooted. Ran it again enabling those 3 sdervices.
Rebooted.
It made no difference. You mentioned enabling the firewall, but
with
only
one NIC, firewal is external. However, when it rebuilt, in going
through
the
steps, when it came to "Configuring the firewall" it said that it
failed,
even though it gave the normal warning that with only one NIC it
could
not
install a firewall. I ran it a second time and it did not give
that
warning
and went right past the firewall stage with a green check. Still
though
no
access through RWW.
2. Checked Issue 6 of the referenced BLOG which seemed to be a
lesser
reiteration of step one above so didn't try it again.
3. The RWW virtual directory seems to be installed under the
default
website in ISS Mgr if it is the one called "Remote" (we are getting
dangerously close to the limits of my knowledge here). I couldn't
say
if
it
is all in tact. What I did check was that if I looked at the
Directory
Security and it is set to Grant Access to all IP's. I did take
notice
that
during step one above, that security changed to deny all except the
server
IP. When I wen back to enabling RWW it changed to Grant Access.
4. Using https://.... makes no difference.
5. Not really sure where to check the binding of the NICs. I
remember
that
from NT, but haven't had the need to look at it since.
I will give one other piece of history on the issue. When the
problem
was
first brought to my attention a few days after the migration was
"complete",
I spent several days trying things. I managed to get the server to
the
point
that the network did not work at all, and people could not log on
or
connect
to shared drives. I could not seem to get things back to working,
so
put
in
the SBS DVD, and either reinstalled all features except Excfthange
(or
uninstalled and installed, I can't remember which). After that, I
was
back
to the place I am now with everything working on the system except
RWW.
One other note that I don't know if it is of any consequence for my
problem
is that very often (perhaps always, I don't know) one of the
exchange
services does not start when restarting the system and I have to go
to
the
Services snap-in and start it manually, even though it is set to
automatic.
Thanks for the patience. I will wait for other input as I continue
to
research also.
--
Bob Showalter
Packer International
"Merv Porter [SBS-MVP]" wrote:
Maybe something to try...
Re-run CEICW, enable the firewall and uncheck Remote Web
Workplace,
complete
the rest of CEICW. Reboot server, then re-run CEICW again, this
time
enabling RWW.
see issue No.6 here
http://msmvps.com/blogs/bradley/archive/2006/02/12/83381.aspx
Is the RWW virtual web site actually installed under the Default
web
site
(all files intact)?
Binding order of NICs OK?
Does using https://<IP_address>/remote allow RWW access?
--
Merv Porter [SBS-MVP]
============================
"BobS" <BobS@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:287F53B3-38EC-4D40-AEDB-E576595E258E@xxxxxxxxxxxxxxxx
Again, thanks for the reply. Hmmmm is not what I had hoped for,
but I
understand. I have done this before for many clients without a
hickup.
I
tried resyncing the IWAM and IUSR passwords as suggested by Jeff
Middleton;
I have looked at many of the other posts on the newsgroup. I
see
one
that
looks interesting but need further confirmation before doing it.
There
are
posts that suggest goinging to the Default Web Site properties
in
IIS
Mgr
and
on the Directory Security tab, granting access to all IP
addresses.
Logically it makes sense, but when I look at some of my other
servers,
it
says Deny access except for the server IP and 127.0.0.1. so if
that
works
on
my server, why would it need to be different on another server
if
connecting
from the same workstation.
I looked at the link you sent and the solution seemed to be that
the
workstation that was trying to connect was doing through a
proxy.
That
is
not the case her.
I will look forward to any and all suggestions to resolve this
issue.
Thanks
--
Bob Showalter
Packer International
"Merv Porter [SBS-MVP]" wrote:
Hmmm...
Any help here?
HTTP Error 403.6 - Forbidden: IP Address Rejected
http://groups.google.com/group/microsoft.public.windows.server.sbs/browse_thread/thread/9a62b95a17c165d1/1889a4b367b0da51?hl=en&lnk=st&q=garry+HTTP+Error+403.6+-+Forbidden%3A+IP+Address+Rejected#1889a4b367b0da51
--
Merv Porter [SBS-MVP]
============================
"BobS" <BobS@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:FC5F485D-5AA4-4BAC-848E-D2D526B99582@xxxxxxxxxxxxxxxx
Thanks for the reply Merv; Yes, I have rerun it a couple of
times to
no
avail. Everything is still just the same.
--
Bob Showalter
Packer International
"Merv Porter [SBS-MVP]" wrote:
Have you tried re-running the CEICW (Configure Email and
Internet
Connection
Wizard)?
--
Merv Porter [SBS-MVP]
============================
"BobS" <BobS@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:22E8B4BB-7DB3-497B-A8F1-BE1A03AE7E4D@xxxxxxxxxxxxxxxx
I recently moved a clients SBS 2003 domain to a new server
doing a
Swing
migration. Everything works just great except no one can
access
the
domain
through RWW from the outside. It worked on the old
server.
It
works
at
all
of my other clients and I have done nothing different in
the
setup
(that I
know of). I have an A record pointing to the domain that
is
rww.domainname.com. I have a certificate with the same A
record
name
generated (all the same as I do at my other accounts).
But
when
trying
to
connect using http://rww.domainname.com/remote, I get the
normal
certificate
warning and after I accept it, I get the error. (The site
has
been
reached,
but your IP has been rejected or something like that).
The IP for the server is the same as it was before, and I
checked
the
firewall to see that all of the necessary ports are
forwarded
correctly.
OWA works just fine.
Any and all suggestions would be greatly appreciated.
Bob Showalter
--
Bob Showalter
Packer International
.
- Follow-Ups:
- Re: RWW 403 forbidden error
- From: BobS
- Re: RWW 403 forbidden error
- From: BobS
- Re: RWW 403 forbidden error
- References:
- Re: RWW 403 forbidden error
- From: BobS
- Re: RWW 403 forbidden error
- From: Merv Porter [SBS-MVP]
- Re: RWW 403 forbidden error
- From: Merv Porter [SBS-MVP]
- Re: RWW 403 forbidden error
- From: Merv Porter [SBS-MVP]
- Re: RWW 403 forbidden error
- From: BobS
- Re: RWW 403 forbidden error
- Prev by Date: Re: telnet commands not working
- Next by Date: Re: All accounts being logged off each night
- Previous by thread: Re: RWW 403 forbidden error
- Next by thread: Re: RWW 403 forbidden error
- Index(es):
Relevant Pages
|
