Can't access Remote Web Workplace from Internet - HTTP 403.6 error

msklein
msklein used Ask the Experts™
on
I just configured a Dell PowerEdge 840 SBS 2003 server.  I ran the E-mail and Internet Connection Wizard, enabling everything EXCEPT "Server performance and usage reports" and "Business Web site (wwwroot)".   I can easily access the Remote Web Workplace from inside the network via https://server01/remote, however, I can't access it from an external machine.  I receive the dreaded "HTTP Error 403.6 ...you are trying to reach a list of IP addresses that are not allowed to access this web site." I researched this here at experts-exchange and tried the changes suggested in Microsoft KB306833 which has you change the directory security settings on the Default web.  This not only didn't work, but whereas I could previously ping the external IP address (the company does not have a static IP address, so we use a DynDNS.address), I can no longer ping it after making the IIS changes.  Additionally, I am using a WatchGuard Firebox Edge x10e, which has the appropriate ports opened.  What can I do to fix this mess so I can run Remote Web Workplace and once again ping the DynDNS address?
Thanks.
Michael
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Commented:
I'ts the set of allowed IP addresses on the IIS web site. It's set on the properties for each website defined under Directory Security tab, and then IP Address Grant and domain name restrictions. I suspect you've got it to only accept local LAN connections.

Author

Commented:
Your suggestion is exactly what the Microsoft KB306833 article describes. I tried it on the "default web site" and it didn't seem to change anything. It actually appeared to make things worse. I started to receive HTTP 404 errors afterwards.  Please keep in mind that we're not running a web site from the SBS; the business site is currently hosted by a hosting company. We're just trying to get OWA to work. What next?
Commented:
on our SBS server, we have no explicit IP or domains granted or denied on any of the websites in IIS. If you have any on any of your IIS websites, remove any grants or denys. Best to start from a clean sheet.

In IIS, do you have the full set of websites? There should be the default one, and then a whole bunch called companyweb, sharepoint and so on?
Starting with Angular 5

Learn the essential features and functions of the popular JavaScript framework for building mobile, desktop and web applications.

Author

Commented:
When I go to the "IP address and domain name restrictions" area of the Directory Security tab to remove the grants, I get an "Inheritance Overrides" for child nodes dialog box when I click "OK" after selecting the "allow access" radio button.  I have just been clicking "OK" without selecting any of them as that's what the MS KB article recommended.  Is that correct or do I need to select all or some of those, and if so, which ones?

I have the following web sites in IIS:
Default Web Site
Microsoft SharePoint Administration
SharePoint Central Administration
companyweb
WSUS Administration

Since I have made this change described above, I now get an HTTP 404 error when I try to access the RWW via https://<IP address>/server01/remote.  Any other ideas? Thanks.

Author

Commented:
One more thing:
When I initially try to access the RWW via https://<IP address>/server01/remote, the browser returns 2 certificate related security warnings.  So it appears that it's getting to the IIS server, but failing at that point.  Also, if I ping the IP address, the ping fails.  However, if I ping the IP address with the port appended, e.g., "PING 123.456.789.012:443", I get a response.

Any other insights would be appreciated.  Thanks again.
Michael
Commented:
Although D Hartup helped resolve the 403.6 error, I resolved the subsequent 404 error by creating a new certificate with the DynDNS address in it instead of the externally hosted domain, and then using https://<DynDNS address>/remote to access the RWW.  I hope this helps someone else.

Commented:
Hey, sorry about never replying to your latter comments, I never got the emails telling me comments had been added, weird! Just got the one about your comment today. Well done - very pleased that you've got it working - I've torn my hair out so many times with exactly the same faults before, super frustrating stuff. Have a good weekend.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial