?
Solved

SBS 2003: How to Set Up OWA to a static Internet IP Address

Posted on 2005-04-26
3
Medium Priority
?
1,251 Views
Last Modified: 2010-04-29
I have the following setup;

Netgear FVS318 VPN/ADSL/Firewall Router - Static IP Address
HP ML330 G3 Proliant Server
Microsoft Small Business Server 2003 - Standard

The server is setup and running and I have recently installed the Exchange 2003 Component.  My question is how do you setup the Server to allow remote users to access Outlook Web Access through an external ISP provided static IP address as opposed to a fully qualified Domain name, such as www.mydomain.com.  

What port/s do I need to forward from the router to the server.  I am also interested in roaming users being able to utilize the Outlook of HTTP functionality to enable them to have a fully featured Outlook 2003 installation on their laptops.  I am a little confused with the server certificate side of the Internet and Email wizard, it asks either for a third party certificate or to enter a fully qualified internet domain name.

Anyway basically I am looking for a step by step guide to do the above.
0
Comment
Question by:ReefIT
  • 2
3 Comments
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 13873818
If you don't have a FQDN to use for your server (generally, you wouldn't use www.mydomain.com, but servername.mydomain.com so that you can use the same domain name for both -- the DNS zone file, usually hosted at your web hosting ISP, would point the www to your web server and the servername one to your SBS) you CAN use an IP address in the Configure Email and Internet Connection Wizard (CEICW) which will create a certificate with our IP address instead of a domain name.  Technically, this IP address must be registered or assigned to the company which is responsible for the server.  You could always register a separate domain just for employee use to get to the server such as http://ourcompanynet.com so it is remembered more easily.

Otherwise, configuration is pretty simple... Exchange, OWA and OMA uses ports 80 and 443... so those have to be open on your router.  For users with laptops, you can either use RPC over HTTP (again, port 80) or VPN (port 1723).  Additionally, for remote users WITHOUT laptops who you want to allow access to their desktop machine as well as OWA, Sharepoint and any other network resource you'd like... should use Remote Web Workplace (RWW -- which uses port 4125 and is accessed via https://your.ip.addr.ess/remote or https://servername.mydomain.com/remote if you go that route.

Instructions for RPC over HTTP configuration in Outlook are customized to your specific configuration and internal domain when you run the CEICW.  A customized VPN connection package is also created when you then run the Configure Remote Access wizard.  Both of these are available from the RWW welcome page (internally accessed by http://servername/remote).

The issue about a third party certificate is just there in case you want to go that route... it's not really necessary in this case -- more important for an ecommerce or customer facing web site.  You should tell your remote users, however, that they well get a warning the first time they log into the server that the certificate is coming from a source that they haven't chosen to trust (you've created a self-signed certificate as opposed to an RSA signed one)  if they don't want to see that warning every time they log in, they should "view" the certificate and then "install" it using all the default paths... installing it on their local machine indicates that they now trust your server.  From then on... the two machines will negotiate a secure, encrypted connection without requiring user input.

Jeff
TechSoEasy

0
 
LVL 1

Author Comment

by:ReefIT
ID: 13882241
Ok so I have done the following:

 - Put in Port Forwarding on the router for port 80 and port 443 to the servers internal IP address.
 - Used the Internet and Email Wizard to allow access to Outlook Web Access, put in Internet IP addresss into the Web Server Certificate xxx.xxx.xxx.xxx
 - Ran iisreset at the command line to restart IIS.
 - Attempted access via https://xxx.xxx.xxx.xxx/exchange but get page is not displayed.

Are there further configuration steps that I have not carried out?
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 1500 total points
ID: 13883602
First, two questions about "Attempted access via https://xxx.xxx.xxx.xxx/exchange but get page is not displayed."
1.  Was this test done OUTSIDE of the LAN?
2.  What specific error was at the bottom of the error message page?  Was it HTTP Error 403.6? Or was it "Cannot find server or DNS Error"?
3.  Do you have one or two NICs in your server?

Before testing your IP address, however, the first place to test from should be within your LAN.  But you can't access via https://ip.add.re.ss/exchange, instead try http://server/exchange just to make sure that OWA is functional.  If that works, then the issue is either in RRAS or your Router with a slight chance its in IIS..

Check IIS first because it's probably the easiest to spot.  Open the Server Management console and Expand the tree to see Internet Information Services > ServerName > Web Sites > Default Web Site.  Under Default Web Site is a virtual listing for Exchange.  Right click on Exchange and select "browse".  The OWA login screen should open in the right side of the console.

If that doesn't work you'll need to reinstall Exchange and IIS... this is done via Control Panel > add/remove programs > Windows Small Business Server 2003 > Components.  Select the "maintenance" options for those items and "reinstall".  Be sure you have a FULL backup of your server before doing this -- just in case.  But reinstalling these components should not affect any user accounts or mailboxes.  After reinstallation, all service packs must be reapplied.

If the local connectivity DOES work, then check your ROUTER:

-Ensure that NAT is disabled on the router, and ideally your DHCP should coming from the SBS so this should be disabled as well.
-If you have one NIC, then make sure that your port forwarding is assigned to that NIC's IP address.  If you have two NICs, make sure it's assigned to the EXTERNAL NIC's IP address (also ensure that the External NIC's enabled protocols/services is only TCP/IP and not Microsoft File Sharing).
-Ensure that the WAN IP address is the one you are trying to use

If all that seems fine, you then need to troubleshoot your DNS configuration.  This is an excellent resource for that: http://support.microsoft.com/kb/q260371/

It would also help if you posted the C:\>IPCONFIG /ALL from both the server and one of the client machines

THREE SIDE NOTES:  
1. If you've opened port 80 then you do not need to use https:// you can use http:// and it will change automatically to https://
2. After running the CEICW, you do not need to restart IIS this is done by the wizard
3.  If you are a consultant and are planning on deploying additional SBS's in the future, it's important to know that you really are better off installing ALL components of SBS Standard during the initial installation.  Install Exchange even if you aren't going to use it right away because there are other SBS components which rely on it.  I've posted a few planning and set-up links in this thread:  http:Q_21031607.html


Jeff
TechSoEasy

0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question