[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

can ping but not connect through sbs/isa server. keep getting "403 forbidden"

Posted on 2006-05-22
11
Medium Priority
?
449 Views
Last Modified: 2010-04-19
Hello, after building our 2003 sbs and installing isa, my workstations cant connect to the internet. I can ping but a page request always ends in 403 forbidden. All of that points to isa firewall settings. Now the details. sbs has 2 nics and as stated before, I can ping through to ANY ip. Dns wont resolve. I can hit the internal website and there it goes sideways. I cant go through the network config link, the page just tells me that i need to run the wizard..(ns). I am running IE7 beta. I'm thinking this is probably a rights issue or a minor setting.
0
Comment
Question by:YITD
  • 5
  • 4
9 Comments
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16738153
How about posting an IPCONFIG /ALL from both the server and a workstation so we can see how you've got it configured?

Jeff
TechSoEasy
0
 

Author Comment

by:YITD
ID: 16738563
the workstation ipconfig:

dhcp yes
ip address  192.168.1.11
subnet   255.255.255.240
default gateway 192.168.1.1
dhcp server 192.168.1.1
dns servers 192.168.1.1

server
outside connection Nic1
dhcp  no
ip address 65.97.170.75
subnet 255.255.255.248
default getway 65.97.170.73
dns 216.199.0.132
216.199.44.11
192.168.1.1
wins 192.168.1.1
netbios no

local connection Nic2
dhcp no
ip address 192.168.1.1
subnet 255.255.255.240
defaukd (blank)
dns 192.168.1.1
wins 65.97.170.75


now, i have tried changing the dns servers to the 216.199.0.132 on the workstation and forced the same dns on the exterior nic wit no joy. At the sametime, I have noticed this, while running the internet connections wizard, the dns settings go back to 192.168.1.1. But to me, it seems that the exterior nic should be handling the dns requests and the local nic should be checking to see if the request needs to be forwarded to the internet... but that isnt working...
0
 

Author Comment

by:YITD
ID: 16738619
from looking at another post here, I see a possible failure point in that the server that i am configuring is running exchange, isa and is the dc. should it push the client to move to 2-3 servers (separating the roles). Now at the sametime, will that limit the functionality of sbs?


0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16738889
You don't want to have ANY external IP's on your DNS settings.  These should be entered as your forwarders when you run the Configure Email and Internet Connection Wizard.

See http://sbsurl.com/twonics for an example of how to configure this.  Then see http://sbsurl.com/ceicw for the how-to of running the configuration wizard.

As for the single point of failure, that is how Small Businesses run.  You can't put everything on 2-3 servers unless they want to pay thousands of dollars to do so.  There really is no reason, though... in most cases.  A well maintained SBS will be tremendously reliable.  You really need to find out more about SBS before making a recomendation such as you are suggesting.

Plus, you can't move Exchange, ISA or SQL off to separate servers with the SBS license... you'd need to relicense just about everything.

Jeff
TechSoEasy

0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16738896
Also, can you PLEASE post a TRUE IPCONFIG /ALL (not your retyping of it) because I find it difficult to actually analyze this way.  While there is nothing in an IPCONFIG that would compromise security, you may want to slightly edit it for privacy purposes.  If you choose to do that, please only replace the last two octets of a Public IP Address with ***.*** and the first part of the domain name can be replaced with *******.

To copy/paste from the CMD console, RIGHT click the upper left corner of the window and use the "EDIT" functions.

Jeff
TechSoEasy
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16738907
But as I do look at what you've posted, you also have a wrong IP address in your INTERNAL WINS setting.  it should be 192.168.1.1 and you should have NO WINS server configured on the external NIC.  Again, this is clearly shown in http://sbsurl.com/twonics and it was also clearly stated in the server's Getting Started Guide which came with your server.

Jeff
TechSoEasy
0
 

Author Comment

by:YITD
ID: 16743076
Here is the server

C:\Documents and Settings\Administrator>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : server1
   Primary Dns Suffix  . . . . . . . : companyname.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : companyname.local

Ethernet adapter Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : SiS 900 PCI Fast Ethernet Adapter
   Physical Address. . . . . . . . . : 00-0A-E6-11-A9-78
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 65.97.170.75
   Subnet Mask . . . . . . . . . . . : 255.255.255.248
   Default Gateway . . . . . . . . . : 65.97.170.73
   DNS Servers . . . . . . . . . . . : 216.199.0.132
                                       216.199.44.11
                                       192.168.1.1
   Primary WINS Server . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Server Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet
NIC
   Physical Address. . . . . . . . . : 00-40-33-E3-D8-22
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.1.1
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 216.199.0.132
                                       216.199.44.11
   Primary WINS Server . . . . . . . : 65.97.170.75
0
 

Author Comment

by:YITD
ID: 16743384
here is the workstation

C:\Documents and Settings\pquery>ipconfig /all

Windows IP Configuration

        Host Name . . . . . . . . . . . . : companyname-dell
        Primary Dns Suffix  . . . . . . . : companyname.local
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : companyname.local
                                            companyname.local

Ethernet adapter Local Area Connection 3:

        Connection-specific DNS Suffix  . : companyname.local
        Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connect
ion
        Physical Address. . . . . . . . . : 00-0D-56-D9-A6-D1
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.1.11
        Subnet Mask . . . . . . . . . . . : 255.255.255.240
        Default Gateway . . . . . . . . . : 192.168.1.1
        DHCP Server . . . . . . . . . . . : 192.168.1.1
        DNS Servers . . . . . . . . . . . : 192.168.1.1
                                            216.199.0.132
                                            216.199.44.11
        Primary WINS Server . . . . . . . : 192.168.1.1
        Lease Obtained. . . . . . . . . . : Tuesday, May 23, 2006 10:27:20 AM
        Lease Expires . . . . . . . . . . : Wednesday, May 31, 2006 10:27:20 AM

from looking at the diagram with the 2nics, a static IP address, ISA and a router, I dont think that will work with my settings. The router is not running dhcp, that is running on server1. My question is this, we have static IP's (to remote into the servers) so why give the server1 192.168.x.x? I can see the way listed on the diagram as a location without a static IP....

0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 1000 total points
ID: 16744607
First, you need to remove the external IP's from your workstation's DNS settings.  They should ONLY go to your server for DNS.

Then, the reason you are seeing that the example won't work is because you don't have a router between your EXTERNAL NIC and your ISP's connection.  That would definitely be recommended.  But if you have it connected directly, then of course you wouldn't use a private IP subnet on that NIC.  It has nothing to do with whether you have a static IP or not.  

Jeff
TechSoEasy
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the event you manage a Small Business Server 2003, and you are audited for PCI compliance, there are several changes you must make in order to pass the audit. I can take no credit for discovering any of these fixes or workarounds, but there is no…
This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Small Business Server 2011. NOTE: This guide has been written using the preview version of SBS2011 therefore some of the screens may …
Screencast - Getting to Know the Pipeline
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question