Problems getting remote access to windows 2008 sbs

nigelbeatson
nigelbeatson used Ask the Experts™
on
Hello, we have just installled a new SBS 2008 server, and most things seem to work OK. Exchange is running and we are sending and receiving e-mails. We are however experiencing problems in gettin the remot connection to work. It works OK locally, using https://remote.domainname.co.uk
When we try this externally, we get the "Page cannot be found" error,,,
We have opened a port 443 and redirected to the local server IP address, and we have just created a new A host record in our service providers DNS for the name "remote" and pointed it to our static IP address.
If the "A" record is required, I wondered whether it may take some time for this to become active.
I am not sure how to troubleshoot this, so some assistance would be much appreciated.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
O. PierruSystem admin

Commented:
Hello,

You can start by checking the validity of you DNS A record with the DNS Lookup tool located here: http://www.iptools.com/

> Just type remote.domainname.co.uk, select A and click the Go button.

Note: It usually takes no more than 48h for DNS records to propagate.

Author

Commented:
Thanks, I received the following :-

;; ANSWER SECTION:
remote.domainname.co.uk. 14400 IN A "ourstaticipaddress"

Does this confirm it is working? If so, what next?

Author

Commented:
Can I confirm the format of the browser entry for remot connection :-

https://remote.domainname.co.uk - is this correct?  the remote.domainname.co.uk is what I can see entered in our exchange settings, but I was unsure about the prefix, and whether there is a /exchange extension, as with SBS 2003.
Acronis in Gartner 2019 MQ for datacenter backup

It is an honor to be featured in Gartner 2019 Magic Quadrant for Datacenter Backup and Recovery Solutions. Gartner’s MQ sets a high standard and earning a place on their grid is a great affirmation that Acronis is delivering on our mission to protect all data, apps, and systems.

Expert of the Quarter 2009
Expert of the Year 2009

Commented:
Try https://remote.example.com/owa which will go straight in to OWA, or /rww I think it is which is the remote web workplace. I don't think it is /remote, but it is the end of the day and I haven't got an SBS 2008 to hand to test.

Simon.

Author

Commented:
Thanks for your help, but neither work. We still get the webpage cannot be found error.
Any ideas?

Author

Commented:
I have just disabled the firewall on our 2008 server, but this did not help, so re activated it.
O. PierruSystem admin

Commented:
If your DNS A record point to the SBS IP adress, then it's OK.

- Have you double checked your forwarding rule 443 (TCP) on the router?
- I'd try to rerun the Fix My Network wizard and check everything again.
> What about your certificate? Does it have the same name as your FQDN?
Expert of the Quarter 2009
Expert of the Year 2009

Commented:
Have you tested it from inside the network?
If it works inside then I would be looking at the router/firewall as the cause - pointing to the wrong IP address. It could also be a DNS issue.

Simon.
O. PierruSystem admin

Commented:
Also, can you telnet from external:

Open a CMD prompt >  telnet remote.domainname.co.uk 443

If connection succeeds, the command window will go blank. If not, you will get a connexion error. A successful connection using Telnet means that your computer can connect to the server and that no firewall is blocking your access.
O. PierruSystem admin

Commented:
It works OK locally :)

Author

Commented:
I have just managed to gain a connection using https://ourstaticipaddress/remote, but still cannot gain access using https://remote.domainname.co.uk or even with the /remote extension.
Yes the https://remote.domainname.co.uk command works locally.
With regards to the domain hosts DNS, I have just added an A record for "Remote" and pointed this at our static IP address. is this correct, as it seems to be something to do with the format of the browser entry command.
We do not have a third party certificate installed. I thought that SBS2008 would work OK without one. ie We could access the server remotely, out of the box. Is this not the case?
O. PierruSystem admin

Commented:
Open a CMD prompt >  telnet remote.domainname.co.uk 443
O. PierruSystem admin

Commented:
To answer your question, a self signed certificate is OK to allow access to OWA or RWW.

Author

Commented:
I presume this is to be done on the server??

When I do this I get an error "Could not open connection to the host, on port 433. Connection failed.
I have forwarded the port 443 on our router and sent it the local IP address of the server?????

Author

Commented:
Sorry, I checked again, and I had a typo! When I corrected it, it seemed to connect to a telnet session. Although I am not familiar with the commands to use here. Just got a blenk screen

Author

Commented:
When using the https://remote.domainname.co.uk/remote , we are informed that we do not have a secure connection, and warned not to proceed. I thought the idea of SBS 2008, was that we should be able to access the server from anywhere with the software / licences provided. AM I missing something?
in addition, when we access using the https://remote.domainname.co.uk/owa we get the logon screen, but when we enter a verified username and password, we again get the page not found error!

Author

Commented:
Sorry, I missed an earlier posting. I tried the telnet command from my external laptop. Unfortunately this is a Vista Business Edition and it tells me that Telnet is an unrecognised internal or external command??

Author

Commented:
Cannot ping remote.domainname.co.uk ie it could not find the host.
O. PierruSystem admin

Commented:
The ping command won't help.

To use the telnet utility on Vista, you must install it first:
> Start > Control panel > Programs and Features > Turn Windows features on or off > Activate "Telnet client". Done, now you can use the telnet command via CMD.



what ports have you allowed (NATed) to the server SBS 2008 remote web workplace requires TCP ports 80, 443, 987, and 3389

regards
G
O. PierruSystem admin

Commented:
Yes, but OWA only needs TCP 443.

Author

Commented:
OK, I am pleased to confirm that the https://remote.domainname.co.uk/remote is now working OK. It must have been a delay in the DNS A host record being implemented. It's not completely resolved however, as we still get warned about our server not being a trusted site, and we have to click continue anyway to proceed. Is this what is called self certification? I expected the certificate supplied with SBS 2008 would allow seamless access. Do we need to purchase a third party SSL certificate?
O. PierruSystem admin

Commented:
Great.
No you don't need to buy a 3rd party certificate, you only need to install the self signed certificate on every client computer (in IE).
O. PierruSystem admin

Commented:
Sorry, I thought about SBS 2003.

On SBS 2008, it's even easier.
How to Distribute the SBS 2008 Self-Signed SSL Certificate to users: http://blogs.technet.com/sbs/archive/2008/09/30/how-do-i-distribute-the-sbs-2008-self-signed-ssl-certificate-to-my-users.aspx



Author

Commented:
Thanks Oliver-P,

I thought the idea was that we could access our server from any web browser, not just ones with slef signed SSL certificates. Is this where a 3rd party SSL comes in?
System admin
Commented:
The certificate is here to authenticate the server you're connecting to and encrypt traffic.

Yes, using a 3rd party certificate will simplify the process, because you don't have to install it manually on client computers.
Sorry for my english, you'll get a best answer here: http://smbtn.wordpress.com/2009/02/12/installing-a-godaddy-standard-ssl-certificate-on-sbs-2008/

Author

Commented:
Thanks for all of your help.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial