SBS 2003: How to Set Up OWA to a static Internet IP Address

I have the following setup;

Netgear FVS318 VPN/ADSL/Firewall Router - Static IP Address
HP ML330 G3 Proliant Server
Microsoft Small Business Server 2003 - Standard

The server is setup and running and I have recently installed the Exchange 2003 Component.  My question is how do you setup the Server to allow remote users to access Outlook Web Access through an external ISP provided static IP address as opposed to a fully qualified Domain name, such as  

What port/s do I need to forward from the router to the server.  I am also interested in roaming users being able to utilize the Outlook of HTTP functionality to enable them to have a fully featured Outlook 2003 installation on their laptops.  I am a little confused with the server certificate side of the Internet and Email wizard, it asks either for a third party certificate or to enter a fully qualified internet domain name.

Anyway basically I am looking for a step by step guide to do the above.
Who is Participating?
Jeffrey Kane - TechSoEasyConnect With a Mentor Principal ConsultantCommented:
First, two questions about "Attempted access via but get page is not displayed."
1.  Was this test done OUTSIDE of the LAN?
2.  What specific error was at the bottom of the error message page?  Was it HTTP Error 403.6? Or was it "Cannot find server or DNS Error"?
3.  Do you have one or two NICs in your server?

Before testing your IP address, however, the first place to test from should be within your LAN.  But you can't access via, instead try http://server/exchange just to make sure that OWA is functional.  If that works, then the issue is either in RRAS or your Router with a slight chance its in IIS..

Check IIS first because it's probably the easiest to spot.  Open the Server Management console and Expand the tree to see Internet Information Services > ServerName > Web Sites > Default Web Site.  Under Default Web Site is a virtual listing for Exchange.  Right click on Exchange and select "browse".  The OWA login screen should open in the right side of the console.

If that doesn't work you'll need to reinstall Exchange and IIS... this is done via Control Panel > add/remove programs > Windows Small Business Server 2003 > Components.  Select the "maintenance" options for those items and "reinstall".  Be sure you have a FULL backup of your server before doing this -- just in case.  But reinstalling these components should not affect any user accounts or mailboxes.  After reinstallation, all service packs must be reapplied.

If the local connectivity DOES work, then check your ROUTER:

-Ensure that NAT is disabled on the router, and ideally your DHCP should coming from the SBS so this should be disabled as well.
-If you have one NIC, then make sure that your port forwarding is assigned to that NIC's IP address.  If you have two NICs, make sure it's assigned to the EXTERNAL NIC's IP address (also ensure that the External NIC's enabled protocols/services is only TCP/IP and not Microsoft File Sharing).
-Ensure that the WAN IP address is the one you are trying to use

If all that seems fine, you then need to troubleshoot your DNS configuration.  This is an excellent resource for that:

It would also help if you posted the C:\>IPCONFIG /ALL from both the server and one of the client machines

1. If you've opened port 80 then you do not need to use https:// you can use http:// and it will change automatically to https://
2. After running the CEICW, you do not need to restart IIS this is done by the wizard
3.  If you are a consultant and are planning on deploying additional SBS's in the future, it's important to know that you really are better off installing ALL components of SBS Standard during the initial installation.  Install Exchange even if you aren't going to use it right away because there are other SBS components which rely on it.  I've posted a few planning and set-up links in this thread:  http:Q_21031607.html


Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
If you don't have a FQDN to use for your server (generally, you wouldn't use, but so that you can use the same domain name for both -- the DNS zone file, usually hosted at your web hosting ISP, would point the www to your web server and the servername one to your SBS) you CAN use an IP address in the Configure Email and Internet Connection Wizard (CEICW) which will create a certificate with our IP address instead of a domain name.  Technically, this IP address must be registered or assigned to the company which is responsible for the server.  You could always register a separate domain just for employee use to get to the server such as so it is remembered more easily.

Otherwise, configuration is pretty simple... Exchange, OWA and OMA uses ports 80 and 443... so those have to be open on your router.  For users with laptops, you can either use RPC over HTTP (again, port 80) or VPN (port 1723).  Additionally, for remote users WITHOUT laptops who you want to allow access to their desktop machine as well as OWA, Sharepoint and any other network resource you'd like... should use Remote Web Workplace (RWW -- which uses port 4125 and is accessed via https://your.ip.addr.ess/remote or if you go that route.

Instructions for RPC over HTTP configuration in Outlook are customized to your specific configuration and internal domain when you run the CEICW.  A customized VPN connection package is also created when you then run the Configure Remote Access wizard.  Both of these are available from the RWW welcome page (internally accessed by http://servername/remote).

The issue about a third party certificate is just there in case you want to go that route... it's not really necessary in this case -- more important for an ecommerce or customer facing web site.  You should tell your remote users, however, that they well get a warning the first time they log into the server that the certificate is coming from a source that they haven't chosen to trust (you've created a self-signed certificate as opposed to an RSA signed one)  if they don't want to see that warning every time they log in, they should "view" the certificate and then "install" it using all the default paths... installing it on their local machine indicates that they now trust your server.  From then on... the two machines will negotiate a secure, encrypted connection without requiring user input.


ReefITAuthor Commented:
Ok so I have done the following:

 - Put in Port Forwarding on the router for port 80 and port 443 to the servers internal IP address.
 - Used the Internet and Email Wizard to allow access to Outlook Web Access, put in Internet IP addresss into the Web Server Certificate
 - Ran iisreset at the command line to restart IIS.
 - Attempted access via but get page is not displayed.

Are there further configuration steps that I have not carried out?
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.