Solved

How to reach IIS on a domain server inside of a Small Business Server domain.

Posted on 2007-03-29
5
331 Views
Last Modified: 2010-07-27
Small Business Server 2003 Premium (Domain Controller)
Windows Server 2003 (Domain Server)

The provider of our most important, most used 3rd party software has a IIS product that provides access to the software/data remotely via the internet.  That's the good news.  The bad news is that they do not support installing the IS software on a domain controller.  We have installed the software on our Server 2003 and it runs/looks great (when viewing from inside the domain) but we have been unable to reach the Server 2003 from the outside via the internet.  We have the Company Web (intranet) running and can access the Company Web from outside but when the link/url on the Comapny Web page is clicked the user gets a page cannot be displayed.

Does anyone know how to reach the IIS on the Server 2003 machine when coming from the outside via the internet?

We are using a dual NIC configuration.   The external nick has a routeable IP address but all the other computers/servers in the domain have un-routeable IP address (172.....).  We do not have a domain name that will route someone to the SBServer, only the IP address will do that.  All of our domain names route to our 3rd party outside ISPs.
0
Comment
Question by:Slator
5 Comments
 
LVL 4

Assisted Solution

by:ShannonE
ShannonE earned 150 total points
ID: 18818199
Is Routing and Remote Access installed?  It sounds like your firewall might be blocking the traffic.  What port does the web traffic use?  Your Company Web page might use standard port 80, but the IIS App might use a different port, such as 8080.  If so, you can enable port forwarding on your public NIC under the NAT section of Routing and Remote Access utility
0
 
LVL 3

Assisted Solution

by:itsireland
itsireland earned 150 total points
ID: 18818210
It looks like the company web and the other site are running on separate servers? Is the firewall / router (gateway?) set up to forward ports to a certain server? In that case all web requests (port 80 for http, 443 for https) are forwarded from outside by the router to the company web server and not the other one. Possibly you can configure your router to forward for instance port 5000 to the other server at port 80.

Then connect to the web link using port 5000, for instance like: www.experts-exchange.com:5000

Other ways are also possible. As far as I know for instance with ISA Server request for different websites on the same ports can be send to the right server by ISA. Not 100% sure about how to go about it that way.

Or is there a different setup?
0
 

Author Comment

by:Slator
ID: 18883831
Hi "guys"!

Thanks for the responses and sorry for the delay.  I became occupied with a SBS SP1 update that did not go as planned.

Give me a few more days and I will pickup the issue again.

Thanks again,
Slator
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 200 total points
ID: 18884217
"We do not have a domain name that will route someone to the SBServer, only the IP address will do that.  All of our domain names route to our 3rd party outside ISPs."

You need to first understand that a "domain" is not required to route to a specific server/IP Address... you only need a HOST name (which is essentially a sub-domain).  So that if yourcompany.com routes to a web server, then you just need to add a HOST A record in the domain's DNS Zone file to point server.yourcompany.com to the external IP of your SBS.  You can choose any hostname you like, it does not have to match your server's NETBIOS host name at all, and in fact you can have multiple host names pointing to the same server.  So you might have sbs.yourcompany.com pointing to your SBS and app.yourcompany.com that will be used for your application server.

If your application requires an SSL connection (ie, https:// --- port 443) then you will need a second public IP address that you can assign to your member server.  In this scenario you would add the second Public IP in ISA Server with a routing rule pointing towards the member server's local IP address.

If the application does not require SSL then you can use HOST HEADERS in IIS on your SBS to route traffic that comes in on app.yourcompany.com to the member server.

But all of this may not be the right way to go depending on what this application actually is doing and who is accessing it.  Because your best course of action may be to just have users connect via a VPN connection and then they can access the server the same way they would internally (although using the FQDN such as http://servername.domain.local).  Ideally this scenario is best used for remote users that have laptops which are members of the domain.

A third possibility is that if these users are working remotely but also have a computer in the office they can access their workstation desktop remotely by using SBS's Remote Web Workplace (see http://sbsurl.com/rww).

Jeff
TechSoEasy

0
 

Author Comment

by:Slator
ID: 19103641
One of the tech guys at the company solved the problem after using some information from each of you.  Thanks for the input.

I am going to split the points.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
I’m often asked about newer and larger USB drives connected to SBS2008 and 2011 failing Windows Server Backup vs the older USB drives not failing. As disk space continues to grow and drive technology change SBS2008 and some SBS2011 end up with the f…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now