Setting up FQDN for SBS Remote Workplace

I currently have SBS2003 (fictional ip's and domain names)
Server has static IP from comcast 10.1.1.1
DNS is handled by GODADDY
company website hosted somewhere else is domain.com

SBS RWW from the outside using IP address works fine
I registered domain.net to use RWW so people do not have to remember the IP
Created a A record domain.net = 10.1.1.1

this was setup a couple of days ago and still not working (again IP is fine), even tried a cname record with the same

go to domain.net get page cannot be found
what is strange is if I go to https://domain.net I get the cert warning as usual, but as soon as I click on "continue to site anyway" I get
Error Code: 403 Forbidden. The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. (12202)

Does comcast need to be involved since they own the IP? what might be the issue?
tkthelpdeskAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Michael WorshamStaff Infrastructure ArchitectCommented:
10.1.1.1 is a private IP address like 192.168.x.x.

A quick way to find out what IP address you are actually coming from is to do this:

1) Login to the SBS 2003 server or any other workstation on the same network
2) Open a web browser and goto 'http://www.ipchicken.com/'

IP Chicken will display the 'actual' IP address you are coming from.

Since you are using Comcast, did they give you one of their 'business-class' modem/routers?
Jerry SolomonNetwork  AdministratorCommented:
What to do there is to either :
a) set port forwards on the Comcast router/modem.
b)(preferred) Get a better Firewall/router device like a Sonicwall TZ170 or Watchguard X10e, and ask comcast support to "turn off routing because you have your own router"
the ports that need to be forwarded are 4125 (remote web woprkplace), 443 (outlook Web access) and 25 (email delivery).
Set all the port forwards to forward to the LAN IP of your server, which should be set to a static address so it will never change.

You may want to consider having a company in to help you out if any of the things I mentioned here are unfamiliar to you.

and of course as mentioned above, you need to know what your public IP is (Warning: it may change if you have comcast turn off routing)

good luck.
Michael WorshamStaff Infrastructure ArchitectCommented:
This guide will definitely help if you have the Comcast Business-Class modem/router...

Comcast Business IP Gateway User Guide
http://mwecomputers.com/EE/Comcast_Business_IP_Gateway_User_Guide.pdf
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

tkthelpdeskAuthor Commented:
I currently have SBS2003 (fictional ip's and domain names)

yes I know the IP, its a static IP non internal, its what I meant by fictional....

server is on ISA, set with default SBS ports, comcast owns the router

A record created domain.net at godaddy goes to public ip of server given by comcast
CNAMe record created for domain.net  at godaddy to go to public ip of the server given by comcast

I go to domain.net and get the cert warning, continue and

Error Code: 403 Forbidden. The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. (12202)


Michael WorshamStaff Infrastructure ArchitectCommented:

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
DanJournoCommented:
Hello,

Are you still having issues?
There are a few things to try
Double check that Host Header Values for the Default Website are either empty or have your FQDN listed.
To do this, load up IIS, right click the Default Website and go to properties. On the Website Tab, in the Web site Identification section, click on Advanced. Then you should have to lists.
The top list is for non-secure (standard) http:// access. The bottom is for https: access.
In the top section, check that you have a row that has the following:-

1) Your INTERNAL IP Address (Internal because the server is behind a router and has no idea what its public IP address is or how to respond to it)
2) Port 80
3) The FQDN in the host header column

If not, add it and try again.
Also, check the bottom list has the internal IP address and port 443. Make sure you map port 443 through the router.

Hope that helps.
Dan
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SBS

From novice to tech pro — start learning today.