Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

OWA and RWW on SBS 2003 External Access Problem

Posted on 2009-04-12
3
Medium Priority
?
653 Views
Last Modified: 2012-05-06
I have a customer who has SBS 2003 standard. All of a sudden, the external connection decided not to work and it has stayed that way ever since. The first thing I thought of was a virus since I was was working on attempting to remove 9 viruses on a laptop that was still connected to the network. Other evidence seem to have pointed to it as the print spooler decided not to work and I had to restart it. Using Trendmicro Housecall turned up nothing.

I focused my attention on the Netgear DG834 router as I thought it may have blocked ports 443 and 80 but its was fine, in fact there was a rule in there that allowed everything through to the server. I promptly removed this rule. The odd thing is that everything within the LAN (internally) works perfectly. Reading some of the Experts Exchange topics on this issue I have rerun the CEICW and let it configure the router using UPnP which says it has following ports opened inbound:

Inbound        Port
SMTP       25
VPN-PPTP       1723
RDP       3389
HTTP       80
HTTPS       443
RWW       4125
Sharepoint       444

No outbound Rules set on the router

I am not sure how UPnP works but the list appeared for a few minutes in the UPnp page but then it disappeared so I manually entered all these setting in the firewall rules section and disabled UPnP

I tried to access from external and its still the same issue.

Looking at the certificate, I noticed that the previous IT guy used a no-ip.com signatory name so I decided to change it to server.mydomain.com to reflect the customer's external domain server name. They have changed ISPs a few months ago so a static IP is allocated by the current ISP and I requested that the old ISP's DNS associate server.mydomain.com to the static IP of the current ISP. I assume this change to be an A Record. I know this works as I am able to RDP and get companyweb using port 444 using server.mydomain.com. I also made sure that the current ISP has not blocked any services to this IP address.

I decided to create a virtual machine and got the router to point to a new install of SBS 2003 Premium edition just in case there was a corruption somewhere in the old server but the generic install also produced the same problem in that I get a "Connection Interrupted" in Firefox and  "Internet Explorer cannot display the webpage"  in Internet Explorer.  Attempting to access it via IP addess yielded the same error messages

I loaded Wireshark sniffer to see what is happening and it looks like it is able to send the request through. On the server side though, I get no traffic coming from external. I am a beginner with sniffers but I assume that I should at least see a request of some sort coming from the gateway. I check the logs of the router and I don't see any rules that matched the https request. I then did a Sharepoint request on port 444. This worked and there was a rule match on the router log.

Is it possible that there is a virus I am unaware of that infects routers? Incidentally I also decided to upgrade the Router Firmware hoping that if it was indeed a virus then at least I might get rid of it with a firmware upgrade. I seriously doubt that it is the router but just in case, I am going to replace it with another to see what happens.

With my limited knowledge on how certificates work, my hunch is that maybe it is related to the certificate expiring but the previous self signed certificate didn't expire till 2010 and in any case, if it was a certificate issue then should it still work internally?

Any other ideas?
0
Comment
Question by:edmod209
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 24131209
In addition to having the ports open on the router, they need to be forwarded to the internal IP address of the server.  This is the first thing I would check. Check your router for settings for "port forwarding" or "applications."  Different routers use different terminology, but essentially what you need to do is associate the incoming packets on each port (i.e., 80, 443, 1723, etc.) with the internal IP address of the server to make sure the incoming communication is directed to the correct internal host.
0
 

Author Comment

by:edmod209
ID: 24132957
Thanks for your comments. Its been directed to an IP of my choice in this instance, its the server. The Netgear Router isn't all that complex to configure relative to other more enterprise class routers like your Fortinet or Cisco PIX and it automatically assumes that you want to forward it to an IP
0
 

Accepted Solution

by:
edmod209 earned 0 total points
ID: 24231032
I finally solve it. Turns out that the customer had inadvertently started blocking ports on the ISP side. These included ports 80 and 443. So it really pay to make sure all along the line. Interesting thing is that on calling the ISP initally they said that it wasn't but really it depends on who you get on the other side...get some who is physically able to check the connection settings.
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I’m often asked about newer and larger USB drives connected to SBS2008 and 2011 failing Windows Server Backup vs the older USB drives not failing. As disk space continues to grow and drive technology change SBS2008 and some SBS2011 end up with the f…
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question