No external access to RWW and OWA using SBS 2008


I have a static IP address, I have SBS 2008 installed and working. All the wizards have been done. I have exchange 2007 working, sending mail out to external addresses, and receiving back in again (using smarthost), and I have remote RDP access working.
I have done port forwarding for 25, 443, 987, 80, etc... to the SBS server's internal IP.
I have tried internally, and this works 100% I can access the RWW portal, check mail for users etc... but as soon as I try externally, it doesn't work
I have run the wizard to configure this as and I have also gone to my domain control panel, and setup an A-record for to point to my static IP address.

I've tried everything with this and it's driving me nuts... :(

I've looked at this post...

...which points to a solution here... (Copied my question intro from here also as it's exactly the same as my problem..)

...but they were using a Thompson Router, I'm using Draytek 2930 router and I've opened ports 25, 987, 80 and 3389.

It works great internally using the external address
But external, I get an error, see screen shot 1, Suggesting a router issue...?

If I use my https://w.a.n.i.p/remote I get another error, see screen shot 2, Suggesting an IIS problem...?

I've done nearly 3 dozen SBS 2008 setup's and I can do them in my sleep, this is my first SBS 2008...
RWW is the most popular productive feature to external users, and it won't work... AARRRGGHHH..!

If anyone can help I would be very grateful

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Glen KnightCommented:
OK, that's at least a reasonable sign as it looks like you are getting to your server.
Can you try it without the remote on the end of the URL?
What happens if you add OWA to the end?

PendleBusinessSolutionsAuthor Commented:
Thanks for coming back to me so quickly...

If I add /owa on the end I get the same error as screenshot 1.
If i remove /Remote I get the Router login Screen...

BTW. In the "Router remote management" section of the reouter I have changed the default ports as follows:
80 changed to 8080
443 changed to 4433

If on SBS 2003 you don't change 443 you cannot access the RWW... strangley this looks like I haven't changed it from 443 to 4433... I'll check on come back to you..

HTML5 and CSS3 Fundamentals

Build a website from the ground up by first learning the fundamentals of HTML5 and CSS3, the two popular programming languages used to present content online. HTML deals with fonts, colors, graphics, and hyperlinks, while CSS describes how HTML elements are to be displayed.

PendleBusinessSolutionsAuthor Commented:
Just changed it to 4431 from 4433, I'll check if it works... give me tick...
Glen KnightCommented:
OK, so if you do HTTPS://externalip/ you get the router login page?
This tell me that port 443 is not being forwarded to your server
PendleBusinessSolutionsAuthor Commented:

If the URL is: http://w.a.n.i.p/Remote I get the error in screen shot 2
If the URL is: https://w.a.n.i.p/Remote I get the error in screen shot 1

If the URL is: http://w.a.n.i.p/owa I get the error in screen shot 2
If the URL is: https://w.a.n.i.p/owa I get the error in screen shot 1

It looks like it's something to do with port 443/https..?

Glen KnightCommented:
Are you able to set your router up with a DMZ host?
If so can you point it to your internal servers address as the DMZ host, purely for testing to eliminate the server as a problem.
try and

or mail server setting at.

PendleBusinessSolutionsAuthor Commented:
If the URL is: http://w.a.n.i.p/ I get the Into screen to IIS 7...
If the URL is: https://w.a.n.i.p/ I get the router login screen...

I'll try the DMZ option a come back to you...

Glen KnightCommented:
Also turn off remote administration on the router, this is probably capturing port 443 for it's own use.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
PendleBusinessSolutionsAuthor Commented: is not configured it just goes to host default holding page, we have setup our email on pop3 with, I see what you're getting at though, I have however set up an MX record point to

If the URL is: I get the Into screen to IIS 7...
If the URL is: I get the router login screen...

Also, Tried the DMZ tweak... no joy...

And if I turn off remote management of the router I loose access to it from here... I could delete the "Access the router to manage it via HTTPS though... give me a tick...

Glen KnightCommented:
Make sure you restart the router after making changes if I remember correctly the draytek can be a bit funny with dynamic changes
PendleBusinessSolutionsAuthor Commented:
Dissabled HTTPS Remote Router Managemant, but all the above results are the same...

I'll try a remote reboot... just a tick...
Glen KnightCommented:
Make sure you save settings first ;-)
PendleBusinessSolutionsAuthor Commented:
No... Still the same... I would say it a router firmware issue... not letting me configure or disable 443 properly...?

What do you think..?

Glen KnightCommented:
Hmmm, it definately looks that way, the fact port 80 is getting through and 443 gives you a router login would indicate some sort of port forwarding issue, check the router rules, change the remote administration port on the router and check you get the router login page using the new port.

Make sure the internal rules on the draytek are not capturing port 443 for some other reason.  I am mobile at the moment but will have a look at a draytek as soon as I can to see if I can help you further.

I would say this is definately where your problem lies.
PendleBusinessSolutionsAuthor Commented:
Just to update you guy's... I've removed the 3.2.2 firmware from the Draytek 2930 and down graded it to 3.2.1... 3.2.2 came with the router but you can't download it from their website yet and I know 3.2.1 works on other routers...
Anyway it didn't solve this RWW problem... AAARRRRGGGHHHH...!!!!

Any more ideas...?

Does anyone have a list of things I can check systematically to check if the SBS 2008 "Set up your Internet Address" wizard actuall did what it was supposed to do...?

In the meantime I've put a support ticket into Draytek to see if they know of any problems with port 443 not behaving as it should...

PendleBusinessSolutionsAuthor Commented:
WoHOOOO...! in the imortal words of Bart Simpson....

I've sorted it, it bothered me that much I've driven over to my customer's office...
Now on site, I did the firmware upload as I said earlier, but just before I was leaving (totally fed up that that haddn't worked), I remembered what "demazter" earlier in the thread...

"Also turn off remote administration on the router, this is probably capturing port 443 for it's own use."

Well I tried this and RDP'd back to my office to RDP back in to test it and guess what...! it worked....!!!! :) :)

Draytek is going to get it on Monday... firmware AARRRGGGHHHH...! Indeed Remote Router Management must have been interfering with port 443... even though I changed this port and disable HTTPS for remote router management.

So chuffed now.

Cheers guy's hope this helped someone else, and thanks particularly to demazter.


PendleBusinessSolutionsAuthor Commented:
You should have to turn off remote management, but in thiscase it did the trick, it must be faulty Draytek v2930 router firmware... (which to be fare, is very rare...)

Cheers guy's.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.