Solved

How do I open port 18004 through SBS when the CEICW gives me an error message?

Posted on 2008-10-06
43
1,052 Views
Last Modified: 2012-08-13
I am running SBS 2003 R2, ISA 2004, and Exchange 2003.
I am trying to open ports to allow a certain program to work but it does not because I need to open Port 18004.
I have opened it on the router and the client machine through internet options allowing the website URL to be a trusted site but that does not work.
I know I need to open the port through SBS, but I am unable to.
When I run the CEICW I get the following error message:
---------------------------
Configure E-mail and Internet Connection Wizard
---------------------------
The wizard cannot set the DHCP scope options. Ensure that the DHCP server service is running and that a scope is defined. Alternatively, disable the DHCP service manually, and then configure your client computer IP address properties. For more information about manually configuring client computers, see Help and Support.
---------------------------

WHat does it mean and how do I add the port?
My DHCP Server is not running according to my daily report from SBS(Server Performance Report).
0
Comment
Question by:j_rameses
  • 23
  • 20
43 Comments
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
Comment Utility
Open the ISA gui.
Click the firewall policy on the left.
In the toolbox on the right, right-click protocols and select new protocol.
Give it a name and select tcp port 18004 TO port 18004
Apply the policy

on the outbound Internet rule, make sure your new protocol is included.

Keith
0
 

Author Comment

by:j_rameses
Comment Utility
keith,

I did as above creating both an inbound and outbound protocol but the software still does not work.
How about CEICW?
Is that another method of adding the Port?
My CEICW does not work, maybe you can guide me on how to restore it as per the above error message.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
You don't need an inbound protocol - inbound and outbound aspects are only relevant to udp traffic, not tcp. The directional control is performed within the firewall policy rules.

The configure email and internet connection wizard sets up the correct environment for the SBS-aware applications and is by far the best tool to use. However, the creation of protocols and the addition of rules over and above those that SBS requires to perform its function is performed within the ISA GUI.

I assume you have been performing the updates on the SBS box - for example, you are running ISA2004 SP3?
I also assume that the direction here is for your internal clients to gain access to this system whichh is hosted externall rather than this being a service you host and you want Internet users to access it from outside?
0
 

Author Comment

by:j_rameses
Comment Utility
Keith,

SHould I then remove Inbound direction?
I thought I needed it because the software transmit out and receives data back.
If I remove the Inbound direction will the program work?
Regardin the version I have, it is :::  Version: 4.0.2167.887
I can't tell what service pack it is, add/remove panel does not state what SP it is neither does the help option in ISA GUI.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
yes - remove it. When an outbound connection is made it automatically keeps a session-state in place for the return data.

Then you do not have any service packs installed as they appear in the control panel. You definitely need to get those installed. there were a number of issues with SBS and early versions of ISA 2004.
0
 

Author Comment

by:j_rameses
Comment Utility
do i need to download SP 1 & 2 before 3 or only 3?
0
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
No, you can go directly to SP3
0
 

Author Comment

by:j_rameses
Comment Utility
Keith,
I updated to SP 3 and relaunched the software but it still does not work.
It does not send the information out.
Is there another method of allowing the port number or the URL to allow the software to work?
0
 

Author Comment

by:j_rameses
Comment Utility
I know the software works because the client machine was connected directly to the internet and it worked.
ANother question on the router end where I enter Port Forwarding should the IP address point to the server or to the client machine that has the software installed?
Only one PC will have the software.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
As per my earlier question - is this software internal and to be accessed by external users or is it external and to be accessed by internal users?
0
 

Author Comment

by:j_rameses
Comment Utility
i no longer have a company web page on our browser.
it was there before the update.
how can i restore the company web page?
0
 

Author Comment

by:j_rameses
Comment Utility
Keith,

The software is installed on a client machine for online insurance billing.
After the submit button is hit it sends  the information through port 18004 or a specific URL that was given to me by the manufacturer.
If the submission was successful then we receive a confirmation on the program itself.
thats how it works.
noone from the outside accesses us.
we access them.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
Here we go..... Sometimes I just love SBS servers
Have you re-run the ceicw now that you have performed an update on an SBS server as per the normal process?
What do you mean you no longer have a company web page 'on the browser'? Do you mean that the browser on a client machine is not defaulting to the SBS Companyweb homepage?
0
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
Also...

Are you using the ISA as a firewall/proxy or just a proxy?
0
 

Author Comment

by:j_rameses
Comment Utility
Keith,

Good morning.  I was off yesterday.
I tried to run the CEICW but I got the same error message I stated in the beginning.
Disregard my comment regarding the home page, I restarted the server and it took care of the problem.
Regarding "the ISA as a firewall/proxy or just a proxy", I am not sure.
How can I check which of the two I am running?
Also, how do I resolve the CEICW problem?
0
 

Author Comment

by:j_rameses
Comment Utility
I checked on the ISA Server PErformance Monitor and it has a displays data from the chart as "ISA Server Firewall Service" and "ISA Web Server Proxy".
Does that mean I am running a ISA firewall and ISA proxy server?
0
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
Do you have trwo nics on the ISA - one internal and one external?
Ids the default gateway on work stations pointing at the router IP address or the SBS ip address?
0
 

Author Comment

by:j_rameses
Comment Utility
I have two nics.
I think the IP address is pointing to the router?
Because the server has a different IP address.
0
 

Author Comment

by:j_rameses
Comment Utility
the IP address is not 192.168.1.1 it is pointing to a different IP address.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
This sounds horrid. It would also explain why the DHCP service is not enabled. It sounds like the router is providing the dhcp functions

SBS is designed to provide all of these services - including dhcp. If someone has configured these things differently (manually) then it has all sorts of connotations from a support perspective.
 
This could also be the reason why ceicw is reporting problems - it cannot complete its tasks if the services it controls are switched off.
0
 

Author Comment

by:j_rameses
Comment Utility
should i then disable the DHCP on the router?
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
We need to clarify some things first. As your setup appears to be 'customised' from a normal/standard installation I don't want to get you to do something which impacts your production environment.

On the SBS server, what are the ip addresses that are assigned - can you provide the output fromn an ipconfig /all please?

and the same from a client pc?
0
 

Author Comment

by:j_rameses
Comment Utility
When I installed and did a firmware upgrade to my router it made the default DHCP enabled.
I had  to replace the linksys router(RV082) because it got defective.
HEre is the output of ipconfig /all from the server:
Microsoft Windows [Version 5.2.3790]
C:\Documents and Settings\Administrator>ipconfig /all
Windows IP Configuration
   Host Name . . . . . . . . . . . . : name_of_server
   Primary Dns Suffix  . . . . . . . : domain_name.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : domain_name.local

Ethernet adapter External LAN:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Marvell Yukon 88E8052 PCI-E ASF Gigabit E
thernet Controller
   Physical Address. . . . . . . . . : 00-1A-4D-43-E3-86
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.1.103
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 10.0.0.1
   NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Internal LAN:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Marvell Yukon 88E8056 PCI-E Gigabit Ether
net Controller
   Physical Address. . . . . . . . . : 00-1A-4D-43-E3-84
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 10.0.0.1
   Subnet Mask . . . . . . . . . . . : 255.0.0.0
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 10.0.0.1
   Primary WINS Server . . . . . . . : 10.0.0.1

The ipconfig /all from one of the clients:
C:\Documents and Settings\Administrator.BDRN>ipconfig /all
Windows IP Configuration
        Host Name . . . . . . . . . . . . : name_of_PC
        Primary Dns Suffix  . . . . . . . : domain_name.local
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : domain_name.local

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Cont
roller
        Physical Address. . . . . . . . . : 00-1C-23-83-64-5F
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 10.0.0.106
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 10.0.0.1
        DNS Servers . . . . . . . . . . . : 10.0.0.1
        Primary WINS Server . . . . . . . : 10.0.0.1

Ethernet adapter Wireless Network Connection:

        Media State . . . . . . . . . . . : Media disconnected
        Description . . . . . . . . . . . : Dell Wireless 1505 Draft 802.11n WLA
N Mini-Card
        Physical Address. . . . . . . . . : 00-19-7E-CB-E8-C6
0
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
OK

Your SBS server is configured with two nics -
external 192.168.1.103 and a default gateway of 192.168.1.1
internal 10.0.0.1 - no gateway and using itself for DNS/WINS resolution.
Classis standard SBS Server installation - also means you are using ISA as both a firewall/proxy server which is great.

Clients are using the SBS internal nic (10.0.0.1) as their default gateway and also the source of DNS info.
Absolutely fine and suggests that the clients must be getting DHCP info from somewhere - and it is not the router. That will be on 192.168.1.1

Both nics on the SBS server are set to static IP addresses so the dhcp on the router is irrelevant.
All looking very good so far.

Back to basics then......

Have you contacted the software provider to confirm that the only port required is tcp 18004 and traffic is always initiated from internal to external? there are no secondary ports needed?

I am looking at some things here but in the meantime, have you checked the Technet items below?
http://support.microsoft.com/kb/875422






0
 

Author Comment

by:j_rameses
Comment Utility
I assigned the static ip addresses to the PCs manually.
Can that be a problem?
Should the IP address of the Port forwarding be point to the PC or the server?
The software is installed only n one PC and not on the server.
0
 

Author Comment

by:j_rameses
Comment Utility
should I be entering the port # in the access rules of the router settings?
there is no other port # but I entered one that was given to me in case i needed it.
I was told it was unnecessary.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
The port forwarding on the router is only required if traffic can be initiated from the outside inbound to you. If the traffic is ALWAYS initiated from inside to the internet then no port forwarding is actually required as response traffic is allowed automatically - in the same way that web pages are allowed back top a web browser after a request is submitted by a user's browser.

Yes - this could be a problem
please verify that the DHCP IS actually running on the SBS box
Click start - run - services.msc
scroll down to the dhcp service and make sure it is set to automatic - if it is not running, right-click it and choose Start.

On ONE workstation, make a note of the static IP address you have assigned then change it to DHCP and reboot it.
Lets see how we get on.
0
 

Author Comment

by:j_rameses
Comment Utility
I got this error message when I tried to start the DHCP server:
---------------------------
Services
---------------------------
The DHCP Server service on Local Computer started and then stopped.  Some services stop automatically if they have no work to do, for example, the Performance Logs and Alerts service.
---------------------------
OK  
---------------------------
The DHCP client is started, it always already on.
Regarding the router and the port forwarding the software manufacturer told me I have to add the port.
SHould it point to the server or the client that has the software installed?
0
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
OK - this is where we have the conflicts.....

If the providers is telling you that you must forward the port(s) then that suggests thatthey can initiate the traffic from their end as well. That being the case, you need to forward the port(s) to the external NIC IP address of the SBS server.
On the SBS server, in the ISA gui, you need to have created a protocol for the port(s) that the software requires. This now needs two rules:

An access rule allowing the protocols/ports outbound from internal to external
A 'Publish a server' publishing rule giving the ip address of the client that has the software installed, listening on the external interface - all users. This allows the traffic that is initiated from the software company inbound.
However, you believe that they don't access you - one of you is wrong.....

Keith
0
 

Author Comment

by:j_rameses
Comment Utility
So then I have to use the IP address of 192.168.1.103.
OK.
How to I create the access rules in the ISA GUI?
0
 
LVL 51

Assisted Solution

by:Keith Alabaster
Keith Alabaster earned 500 total points
Comment Utility
No offence - but are you trained in SBS with ISA?

Here are the basics:
Open the ISA gui - select the firewall policy.
on the right, look in the tasks/toolbox window and create a new protocol called your_software_name or something and assign it to tcp port 18004 to 18004 - assuming this is the port number they have given you.
Assign the policy
right-click the word 'firewall policy' on the left and select new - access rule
give it a name, allow, select the protocol you created, in the from box select internal, in the to box select external - all user - always
Apply the policy



0
 

Author Comment

by:j_rameses
Comment Utility
Keith,

I created a protocol as per your earlier suggestion to create it outbound.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
lol - excellent. Have you retested? If it still fails, we can now do inbound
0
 

Author Comment

by:j_rameses
Comment Utility
Keith, do I need to enter access rules on the router for settings?
If yes to what IP address should the access rule point to?
The server IP address or the software URL that they provided?
0
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
What router - the external one? This should allow outbound automatically
0
 

Author Comment

by:j_rameses
Comment Utility
Keith,

It worked.
Thank you.

I only have one router.
I am not sure if I need access rules.
I will delete it to see if it works.
Will keep you updated.
0
 

Author Comment

by:j_rameses
Comment Utility
Keith, it works without the access rules.

Regarding the DHCP enabled setting on the router, can I change it to disableithout affecting the network?
Also, how do I fix the CEICW problem?
SHould I post a separate post?
0
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
More than welcome mate - sometimes it just takes a little perseverance :)
0
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
Yes - you can as the SBS is on a static ip
0
 

Author Comment

by:j_rameses
Comment Utility
Thank you again Keith.
When I post the question regarding the CEICW that does not work I will post it here so you can get the ID # for the question.
Give me a day or two to post it.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
OK :)
0
 

Author Comment

by:j_rameses
Comment Utility
Good morning KEith.
Here is the question ID: ID: 23800845
This is the question title: How do I get rid of the DHCP error message when I attempt to run CEICW?
Please respond back confirming you received this so I can close this current post and assign you your justly deserved points.
Thanx again.
:-)
0
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
Only just got in from work - yes - got the new ID :)
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

I have been asked to explain on many, many occasions the correct way to setup network cards and DNS settings on ISA Server 2004, 2006 and forefront Threat management gateway (FTMG) and have willing done so. I have also promised my self everytime tha…
I've often see, or have been asked, the question about the difference between the Exchange 2010 SP1 version, available as part of Small Business Server (SBS) 2011, and the “normal” Exchange 2010 SP1 Standard. The answer to the question is relativ…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now