I recently completed an installation of a SBS2003 SP1 Standard box without ISA, using the two recommended NIC configuration. The broadband connection is an Efficient 5861 DSL router with a 4-Port switch set up with a static public IP from our (AT&T) ISP. The NIC #1 (external WAN) has a fixed IP address 192.168.254.10, and connects to the DSL router 4-port switch.
DHCP is handled by the SBS, and the #2 NIC (internal LAN) uses fixed IP 192.168.16.2. This NIC connects to the LAN 24-port switch along with all workstations.
This installation worked as expected once it was set up – All workstations have Internet access, Exchange server handles the email, and all users are able to connect printers, files, and other resources. And internally, we could also access features like RWW, SharePoint and OWA. But I could not access these features remotely from outside the network.
I began to wonder if the router was blocking the connection, so I followed the advice I received from SBS newsgroup and opened ports 443, 444, 4125, 1723 and 3389 in our Efficient 5861 DSL router, by using their internal configuration program. But I still couldn't connect remotely using https://publicIP/remote
. I called Efficient tech support to have them verify that the ports I specified were actually opened. Their tech told me he couldn't telnet into our router through our public IP to check, but confirmed that I had done the setup steps correctly.
After that I reran CEICW to verify all Web services were checked. First, I expanded everything under IIS, checked all settings, and nothing was being blocked. Just to be sure, I stopped all the services and restarted them. Everything still looked the same with nothing being blocked. I completely reran CIECW, first disabling settings, then selecting broadband with local router, e-mail (no VPN), firewall, then selecting OWA, RWW, and SharePoint services. I rebuilt the certificate using the public IP provided by DSL ISP. At the end I went back and checked the IIS settings and printed out the Summary of Settings for CEICW, reviewed the summary and didn't see anything that looked wrong.
But I still couldn’t connect remotely. I received two recommendations from the newsgroup folks. One was to bypass the DSL router using my laptop plugged into the Efficient 4-port switch, but set up on a different subnet. Still, no connection.
The other recommendation was to verify the proper bindings on each of the two NICs by clicking the Advanced tabs. That is where it got a little strange. The Advanced tab would not open at all, and instead pops up this essage: "Windows Firewall cannot run because another program or service is running that might use the network address translation component (Ipnat.sys)". This turns out to be a bogus message. Windows Firewall is disabled.
To pursue this further, I disabled the SBS firewall through CEICW, disconnected the lan cable, and uninstalled the external NIC built into the Intel motherboard through the BIOS setup. I restarted SBS, but still could not access the Advanced tab on the internal NIC. I removed the internal NIC, reinstalled the external NIC, but again was unable to open the Advanced tab. After each change, I reran CEICW and verified the desired settings. After each change I would also try to open the Advanced tab on each NIC. In all cases, the tab would not open, and a separate window pops up with the "Windows Firewall cannot run because another program or service is running that might use the network address translation component (Ipnat.sys)" message.
I'm at my wits end with this problem. I set this thing up 'by the book' to avoid problems, and everything looks normal except for remote access. I’m about ready to turn this problem over to Microsoft's tech support - and pay that $245 incident fee. Then again, I’d really like to solve this problem without their help. Mostly, to understand what the problem really is, and what the solution turns out to be. So if anyone can help I’ll greatly appreciate it. Thanks.