Solved

Issues with companyweb access

Posted on 2008-06-25
16
405 Views
Last Modified: 2010-04-21
First: advanced with pc, novice when it comes to server admin.  

I recently moved my sbs2003 server to a new ip and location.

on any client machine http://companyweb cannot be reached, the browser opens a parked companyweb.com.  If we enter https://myservername:444 it works.

Currently open ports; 25,135,443,444,995,1723,3389,4125   I am just running exchange, and using company web.  Are the ports above more than necessary?  Any missing?

Also, how may I go about enabling access to companyweb for clients that are remote and not on the local network?

Thanks in advance for your kindness in replying.
0
Comment
Question by:XThrasherX
  • 8
  • 8
16 Comments
 
LVL 77

Expert Comment

by:Rob Williams
ID: 21871563
Make sure in DNS there is an alias for companyweb and it is correct.

Also what do you meant you moved the SBS to a new IP? Public IP or server IP? If the server LAN IP, you must do so with the change server IP wizard or you will most certainly break companyweb and much more. Should you need it the wizard is located under server management | Internet and e-mail.

If you changed the Public IP I would recommend re-running the CEICW (Configure e-mail and internet connection wizard) located on the same page and called connect to the internet
0
 

Author Comment

by:XThrasherX
ID: 21877461
RobWill-

the change was made to the pubilc ip.  I re-configured e-mail and internet and rww internal web is working.  We still, however cannot access http://companyweb locally but https://servername:444 https://serveraddress:444 work fine

How do I ensure there is an 'alias' for company web?
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 21877853
If the public IP changed it should not have affected the alias, but it is the most common reason fro http://companyweb not working.
Open the DNS management console in administrative tools | expand the server name | click on the domain name | in the right hand window there should be a record similar to:
companyweb  Alias(cname)   SBSname.YourDomain.local
If not right click on the server name and choose "new alias"

Did you re-run the Configure e-mail and Internet Connection Wizard? You should after changing the public IP.
0
 

Author Comment

by:XThrasherX
ID: 21878349
Thanks for the reply.

yes, I did re-run email and inet con wiz.

in the DNS mgmt console | records shown;

Event Viewer
Forward Lookup
Reverse Lookup
Root Hints
Forwarders

Right clicking the server name offers the following options;

Configure a DNS
Create Default App Dir Partitions
New Zone
Set Aging
Scavenge Stale
Update
Clear cache
Launch NSlookup

I dont see an option to choose "new alias"

Did I miss a step?
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 21878411
Expand "Forward Lookup zone" and you should see _msdcs.yourdomain... and yourdomain....
Click on yourdomain...  and in the right window you should see your DNS records

>>"I don't see an option to choose "new alias""
The options in your list are from right clicking on the server name, not the domain name.
0
 

Author Comment

by:XThrasherX
ID: 21878846
I understand.  Thank you.  The alias is present for companyweb with the following;

FQDN = companyweb.domain.local
FQDN for target = servername.domain.local

any other suggestions?
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 21879154
Only other thought I have is to open the IIS management console | expand server name | expand web sites | right click on company web and choose properties | web site | verify:
IP address = SBS
advanced | should show SBS IP and company web, as well as companyweb.domain.local
TCP = 80
SSL port = 444

Under the Directory security tab | IP address restrictions - Edit. Make sure no local IP's/subnets are blocked, though if the one were the case companyweb:444 shouldn't work either
0
 

Author Comment

by:XThrasherX
ID: 21926526
RobWill,

Thanks for the suggestions.  I have re-checked these settings and all are correct.  We are still having the same issue.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 77

Expert Comment

by:Rob Williams
ID: 21930262
Very odd.
If you run from a command line on one of the LAN PC's:
nslookup  companyweb
Does it return something like:
   C:\>nslookup companyweb
   Server:  servername.domain.local
   Address:  192.168.123.123

   Name:    servername.domain.local
   Address:  192.168.123.123
   Aliases:  companyweb.domain.local
If that works, we checked this already above in a different location, but go to the IIS management console | expand server name | click on web sites  | and in the right window is should show company web as running, but make sure it also shows 80 under port.

My apologies but I missed the other parts of your original question.

You asked about ports: 25,135,443,444,995,1723,3389,4125  
25  is needed if for SMTP Exchange access
135 is for RPC but as a rule should not be open
443 is needed for SSL with Remote Web Workplace and Outlook Web Access
444  is needed for external access to the CompanyWeb/Sharepoint site
995 is a special port for incoming POP connections to Exchange. I haven't seen this used but perhaps you are making use of it. If SMTP port 25 is in use I am doubtful there is any need for it.
1723  is for VPN access to the SBS
3389  is for direct remote desktop access to the SBS. Though that is not a great security risk, the same thing can be accomplished more securely using Remote Web Workplace
4125  is used for access with Remote Web Workplace in conjunction with port 443

The only others that are occasionally used are port 80 for hosting a web site and port 21 for hosting an FTP site. It is not recommended either be run on SBS due to security concerns.

In order to set up remote access to the SBS for the Company Web Page you simply need to run the CEICW (Configure e-mail and internet connection wizard) and in the process add the certificate (either the SBS built-in or add a 3rd party purchased one, and on the web services configuration page check the "Windows Sharepoint Services intranet site" option. The router will also need port 444 pointed to the SBS.
0
 

Author Comment

by:XThrasherX
ID: 21951210
Thanks for your efforts

"If you run from a command line on one of the LAN PC's
nslookup  companyweb"

It returns " defaultserver.net cant find companyweb: Non-existent domain"
Perhaps Im missing a step here, there is no local search.  

Ive since closed all unnecessary ports, just 25,443,444,1723, and 4125 open.

RWW works fine.

Local machines: network folders pointing to general docs on company web (http://companyweb/generaldocs/)  "is no longer avail.  Web server is busy. Try again later"

http://companyweb = parked .com, no local resolve.

it just seems that this is only related to "companyweb".  Every other aspect works fine  whether  it be via servername:444 locally or remote.domain.xxx

0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 21952964
If nslookup companyweb doesn't work its sounds like the DNS alias is missing or corrupt, but you mentioned it was there. It should return something like:

  Server:     SBSname.YourDomain.local
  Address: 192.168.123.123

  Name:     SBSname.YourDomain.local
  Address: 192.168.123.123
  Aliases: companyweb.YourDomain.local

Does;
 nslookup  YourDomain.local
resolve correctly, where YourDomain.local is your local domain name?
0
 

Author Comment

by:XThrasherX
ID: 21955527
The same result is produced.  I cant seem to get it to resolve correctly.  BTW, on the sbs companyweb works fine.
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 125 total points
ID: 21955657
Make sure the network adapter on the client machines points ONLY to the SBS for DNS, whether assigned statically or dynamically. Do not add the ISP's DNS even as an alternate/secondary.

Does SBS run DHCP or your router?
0
 

Author Comment

by:XThrasherX
ID: 21955963
"Make sure the network adapter on the client machines points ONLY to the SBS for DNS"

That was it Rob, thank you so much for your help!
0
 

Author Closing Comment

by:XThrasherX
ID: 31470832
Awesome support and diligence!!  Thank you!
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 21956317
Very welcome. You may find that helps some other issues as well. For example often PC logons are slow unless DNS is configured correctly. Sorry to take so long to figure that out but I focused too much on the public IP changing on not the fact that you had mentioned you moved the server.

Thanks XThrasherX
Cheers !
--Rob.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
Learn about cloud computing and its benefits for small business owners.
Need to grow your business through quality cloud solutions? With everything required to build a cloud platform and solution, you may feel like the distance between you and the cloud is quite long. Help is here. Spend some time learning about the Con…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

939 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now