• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1085
  • Last Modified:

How do I open port 18004 through SBS when the CEICW gives me an error message?

I am running SBS 2003 R2, ISA 2004, and Exchange 2003.
I am trying to open ports to allow a certain program to work but it does not because I need to open Port 18004.
I have opened it on the router and the client machine through internet options allowing the website URL to be a trusted site but that does not work.
I know I need to open the port through SBS, but I am unable to.
When I run the CEICW I get the following error message:
---------------------------
Configure E-mail and Internet Connection Wizard
---------------------------
The wizard cannot set the DHCP scope options. Ensure that the DHCP server service is running and that a scope is defined. Alternatively, disable the DHCP service manually, and then configure your client computer IP address properties. For more information about manually configuring client computers, see Help and Support.
---------------------------

WHat does it mean and how do I add the port?
My DHCP Server is not running according to my daily report from SBS(Server Performance Report).
0
j_rameses
Asked:
j_rameses
  • 23
  • 20
2 Solutions
 
Keith AlabasterEnterprise ArchitectCommented:
Open the ISA gui.
Click the firewall policy on the left.
In the toolbox on the right, right-click protocols and select new protocol.
Give it a name and select tcp port 18004 TO port 18004
Apply the policy

on the outbound Internet rule, make sure your new protocol is included.

Keith
0
 
j_ramesesInfo Sys MngrAuthor Commented:
keith,

I did as above creating both an inbound and outbound protocol but the software still does not work.
How about CEICW?
Is that another method of adding the Port?
My CEICW does not work, maybe you can guide me on how to restore it as per the above error message.
0
 
Keith AlabasterEnterprise ArchitectCommented:
You don't need an inbound protocol - inbound and outbound aspects are only relevant to udp traffic, not tcp. The directional control is performed within the firewall policy rules.

The configure email and internet connection wizard sets up the correct environment for the SBS-aware applications and is by far the best tool to use. However, the creation of protocols and the addition of rules over and above those that SBS requires to perform its function is performed within the ISA GUI.

I assume you have been performing the updates on the SBS box - for example, you are running ISA2004 SP3?
I also assume that the direction here is for your internal clients to gain access to this system whichh is hosted externall rather than this being a service you host and you want Internet users to access it from outside?
0
Learn to develop an Android App

Want to increase your earning potential in 2018? Pad your resume with app building experience. Learn how with this hands-on course.

 
j_ramesesInfo Sys MngrAuthor Commented:
Keith,

SHould I then remove Inbound direction?
I thought I needed it because the software transmit out and receives data back.
If I remove the Inbound direction will the program work?
Regardin the version I have, it is :::  Version: 4.0.2167.887
I can't tell what service pack it is, add/remove panel does not state what SP it is neither does the help option in ISA GUI.
0
 
Keith AlabasterEnterprise ArchitectCommented:
yes - remove it. When an outbound connection is made it automatically keeps a session-state in place for the return data.

Then you do not have any service packs installed as they appear in the control panel. You definitely need to get those installed. there were a number of issues with SBS and early versions of ISA 2004.
0
 
j_ramesesInfo Sys MngrAuthor Commented:
do i need to download SP 1 & 2 before 3 or only 3?
0
 
Keith AlabasterEnterprise ArchitectCommented:
No, you can go directly to SP3
0
 
j_ramesesInfo Sys MngrAuthor Commented:
Keith,
I updated to SP 3 and relaunched the software but it still does not work.
It does not send the information out.
Is there another method of allowing the port number or the URL to allow the software to work?
0
 
j_ramesesInfo Sys MngrAuthor Commented:
I know the software works because the client machine was connected directly to the internet and it worked.
ANother question on the router end where I enter Port Forwarding should the IP address point to the server or to the client machine that has the software installed?
Only one PC will have the software.
0
 
Keith AlabasterEnterprise ArchitectCommented:
As per my earlier question - is this software internal and to be accessed by external users or is it external and to be accessed by internal users?
0
 
j_ramesesInfo Sys MngrAuthor Commented:
i no longer have a company web page on our browser.
it was there before the update.
how can i restore the company web page?
0
 
j_ramesesInfo Sys MngrAuthor Commented:
Keith,

The software is installed on a client machine for online insurance billing.
After the submit button is hit it sends  the information through port 18004 or a specific URL that was given to me by the manufacturer.
If the submission was successful then we receive a confirmation on the program itself.
thats how it works.
noone from the outside accesses us.
we access them.
0
 
Keith AlabasterEnterprise ArchitectCommented:
Here we go..... Sometimes I just love SBS servers
Have you re-run the ceicw now that you have performed an update on an SBS server as per the normal process?
What do you mean you no longer have a company web page 'on the browser'? Do you mean that the browser on a client machine is not defaulting to the SBS Companyweb homepage?
0
 
Keith AlabasterEnterprise ArchitectCommented:
Also...

Are you using the ISA as a firewall/proxy or just a proxy?
0
 
j_ramesesInfo Sys MngrAuthor Commented:
Keith,

Good morning.  I was off yesterday.
I tried to run the CEICW but I got the same error message I stated in the beginning.
Disregard my comment regarding the home page, I restarted the server and it took care of the problem.
Regarding "the ISA as a firewall/proxy or just a proxy", I am not sure.
How can I check which of the two I am running?
Also, how do I resolve the CEICW problem?
0
 
j_ramesesInfo Sys MngrAuthor Commented:
I checked on the ISA Server PErformance Monitor and it has a displays data from the chart as "ISA Server Firewall Service" and "ISA Web Server Proxy".
Does that mean I am running a ISA firewall and ISA proxy server?
0
 
Keith AlabasterEnterprise ArchitectCommented:
Do you have trwo nics on the ISA - one internal and one external?
Ids the default gateway on work stations pointing at the router IP address or the SBS ip address?
0
 
j_ramesesInfo Sys MngrAuthor Commented:
I have two nics.
I think the IP address is pointing to the router?
Because the server has a different IP address.
0
 
j_ramesesInfo Sys MngrAuthor Commented:
the IP address is not 192.168.1.1 it is pointing to a different IP address.
0
 
Keith AlabasterEnterprise ArchitectCommented:
This sounds horrid. It would also explain why the DHCP service is not enabled. It sounds like the router is providing the dhcp functions

SBS is designed to provide all of these services - including dhcp. If someone has configured these things differently (manually) then it has all sorts of connotations from a support perspective.
 
This could also be the reason why ceicw is reporting problems - it cannot complete its tasks if the services it controls are switched off.
0
 
j_ramesesInfo Sys MngrAuthor Commented:
should i then disable the DHCP on the router?
0
 
Keith AlabasterEnterprise ArchitectCommented:
We need to clarify some things first. As your setup appears to be 'customised' from a normal/standard installation I don't want to get you to do something which impacts your production environment.

On the SBS server, what are the ip addresses that are assigned - can you provide the output fromn an ipconfig /all please?

and the same from a client pc?
0
 
j_ramesesInfo Sys MngrAuthor Commented:
When I installed and did a firmware upgrade to my router it made the default DHCP enabled.
I had  to replace the linksys router(RV082) because it got defective.
HEre is the output of ipconfig /all from the server:
Microsoft Windows [Version 5.2.3790]
C:\Documents and Settings\Administrator>ipconfig /all
Windows IP Configuration
   Host Name . . . . . . . . . . . . : name_of_server
   Primary Dns Suffix  . . . . . . . : domain_name.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : domain_name.local

Ethernet adapter External LAN:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Marvell Yukon 88E8052 PCI-E ASF Gigabit E
thernet Controller
   Physical Address. . . . . . . . . : 00-1A-4D-43-E3-86
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.1.103
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 10.0.0.1
   NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Internal LAN:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Marvell Yukon 88E8056 PCI-E Gigabit Ether
net Controller
   Physical Address. . . . . . . . . : 00-1A-4D-43-E3-84
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 10.0.0.1
   Subnet Mask . . . . . . . . . . . : 255.0.0.0
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 10.0.0.1
   Primary WINS Server . . . . . . . : 10.0.0.1

The ipconfig /all from one of the clients:
C:\Documents and Settings\Administrator.BDRN>ipconfig /all
Windows IP Configuration
        Host Name . . . . . . . . . . . . : name_of_PC
        Primary Dns Suffix  . . . . . . . : domain_name.local
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : domain_name.local

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Cont
roller
        Physical Address. . . . . . . . . : 00-1C-23-83-64-5F
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 10.0.0.106
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 10.0.0.1
        DNS Servers . . . . . . . . . . . : 10.0.0.1
        Primary WINS Server . . . . . . . : 10.0.0.1

Ethernet adapter Wireless Network Connection:

        Media State . . . . . . . . . . . : Media disconnected
        Description . . . . . . . . . . . : Dell Wireless 1505 Draft 802.11n WLA
N Mini-Card
        Physical Address. . . . . . . . . : 00-19-7E-CB-E8-C6
0
 
Keith AlabasterEnterprise ArchitectCommented:
OK

Your SBS server is configured with two nics -
external 192.168.1.103 and a default gateway of 192.168.1.1
internal 10.0.0.1 - no gateway and using itself for DNS/WINS resolution.
Classis standard SBS Server installation - also means you are using ISA as both a firewall/proxy server which is great.

Clients are using the SBS internal nic (10.0.0.1) as their default gateway and also the source of DNS info.
Absolutely fine and suggests that the clients must be getting DHCP info from somewhere - and it is not the router. That will be on 192.168.1.1

Both nics on the SBS server are set to static IP addresses so the dhcp on the router is irrelevant.
All looking very good so far.

Back to basics then......

Have you contacted the software provider to confirm that the only port required is tcp 18004 and traffic is always initiated from internal to external? there are no secondary ports needed?

I am looking at some things here but in the meantime, have you checked the Technet items below?
http://support.microsoft.com/kb/875422






0
 
j_ramesesInfo Sys MngrAuthor Commented:
I assigned the static ip addresses to the PCs manually.
Can that be a problem?
Should the IP address of the Port forwarding be point to the PC or the server?
The software is installed only n one PC and not on the server.
0
 
j_ramesesInfo Sys MngrAuthor Commented:
should I be entering the port # in the access rules of the router settings?
there is no other port # but I entered one that was given to me in case i needed it.
I was told it was unnecessary.
0
 
Keith AlabasterEnterprise ArchitectCommented:
The port forwarding on the router is only required if traffic can be initiated from the outside inbound to you. If the traffic is ALWAYS initiated from inside to the internet then no port forwarding is actually required as response traffic is allowed automatically - in the same way that web pages are allowed back top a web browser after a request is submitted by a user's browser.

Yes - this could be a problem
please verify that the DHCP IS actually running on the SBS box
Click start - run - services.msc
scroll down to the dhcp service and make sure it is set to automatic - if it is not running, right-click it and choose Start.

On ONE workstation, make a note of the static IP address you have assigned then change it to DHCP and reboot it.
Lets see how we get on.
0
 
j_ramesesInfo Sys MngrAuthor Commented:
I got this error message when I tried to start the DHCP server:
---------------------------
Services
---------------------------
The DHCP Server service on Local Computer started and then stopped.  Some services stop automatically if they have no work to do, for example, the Performance Logs and Alerts service.
---------------------------
OK  
---------------------------
The DHCP client is started, it always already on.
Regarding the router and the port forwarding the software manufacturer told me I have to add the port.
SHould it point to the server or the client that has the software installed?
0
 
Keith AlabasterEnterprise ArchitectCommented:
OK - this is where we have the conflicts.....

If the providers is telling you that you must forward the port(s) then that suggests thatthey can initiate the traffic from their end as well. That being the case, you need to forward the port(s) to the external NIC IP address of the SBS server.
On the SBS server, in the ISA gui, you need to have created a protocol for the port(s) that the software requires. This now needs two rules:

An access rule allowing the protocols/ports outbound from internal to external
A 'Publish a server' publishing rule giving the ip address of the client that has the software installed, listening on the external interface - all users. This allows the traffic that is initiated from the software company inbound.
However, you believe that they don't access you - one of you is wrong.....

Keith
0
 
j_ramesesInfo Sys MngrAuthor Commented:
So then I have to use the IP address of 192.168.1.103.
OK.
How to I create the access rules in the ISA GUI?
0
 
Keith AlabasterEnterprise ArchitectCommented:
No offence - but are you trained in SBS with ISA?

Here are the basics:
Open the ISA gui - select the firewall policy.
on the right, look in the tasks/toolbox window and create a new protocol called your_software_name or something and assign it to tcp port 18004 to 18004 - assuming this is the port number they have given you.
Assign the policy
right-click the word 'firewall policy' on the left and select new - access rule
give it a name, allow, select the protocol you created, in the from box select internal, in the to box select external - all user - always
Apply the policy



0
 
j_ramesesInfo Sys MngrAuthor Commented:
Keith,

I created a protocol as per your earlier suggestion to create it outbound.
0
 
Keith AlabasterEnterprise ArchitectCommented:
lol - excellent. Have you retested? If it still fails, we can now do inbound
0
 
j_ramesesInfo Sys MngrAuthor Commented:
Keith, do I need to enter access rules on the router for settings?
If yes to what IP address should the access rule point to?
The server IP address or the software URL that they provided?
0
 
Keith AlabasterEnterprise ArchitectCommented:
What router - the external one? This should allow outbound automatically
0
 
j_ramesesInfo Sys MngrAuthor Commented:
Keith,

It worked.
Thank you.

I only have one router.
I am not sure if I need access rules.
I will delete it to see if it works.
Will keep you updated.
0
 
j_ramesesInfo Sys MngrAuthor Commented:
Keith, it works without the access rules.

Regarding the DHCP enabled setting on the router, can I change it to disableithout affecting the network?
Also, how do I fix the CEICW problem?
SHould I post a separate post?
0
 
Keith AlabasterEnterprise ArchitectCommented:
More than welcome mate - sometimes it just takes a little perseverance :)
0
 
Keith AlabasterEnterprise ArchitectCommented:
Yes - you can as the SBS is on a static ip
0
 
j_ramesesInfo Sys MngrAuthor Commented:
Thank you again Keith.
When I post the question regarding the CEICW that does not work I will post it here so you can get the ID # for the question.
Give me a day or two to post it.
0
 
Keith AlabasterEnterprise ArchitectCommented:
OK :)
0
 
j_ramesesInfo Sys MngrAuthor Commented:
Good morning KEith.
Here is the question ID: ID: 23800845
This is the question title: How do I get rid of the DHCP error message when I attempt to run CEICW?
Please respond back confirming you received this so I can close this current post and assign you your justly deserved points.
Thanx again.
:-)
0
 
Keith AlabasterEnterprise ArchitectCommented:
Only just got in from work - yes - got the new ID :)
0

Featured Post

[Webinar] Improve your customer journey

A positive customer journey is important in attracting and retaining business. To improve this experience, you can use Google Maps APIs to increase checkout conversions, boost user engagement, and optimize order fulfillment. Learn how in this webinar presented by Dito.

  • 23
  • 20
Tackle projects and never again get stuck behind a technical roadblock.
Join Now