Windows 2003 SBS won't respond to outside IP traffic

terry_cole
terry_cole used Ask the Experts™
on
I recently demoted, moved, and promoted an SBS server into its own domain using DCPROMO.  It is a Citrix Secure Gateway.  It has stopped answering external connections although it will respond properly to clients on its own internal 192.168.x network.  I cannot ping it from outside nor can I connect to the Citrix gateway from outside.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
LBizzleMicrosoft Enterprise Administrator & AWS cloud Consultant

Commented:
Sounds like a routing issue; Internal traffic allowed (which is normal, allow all out is common) but sounds like you need to create a rule on your firewall to allow external IP addresses or a range and the specific protocol\port to your gateway server.

I'm also assuming you already have an external IP NAT address assigned to the Gateway server?...

Author

Commented:
I concur that it isounds like a routing issue, but no routers or firewalls were changed, only the SBS server.  

The static NAT route in the firewall has been in place undisturbed for about 8 years.

I ran the Internet Connection Wizard and it failed on configuration of several components.

Thanks.
LBizzleMicrosoft Enterprise Administrator & AWS cloud Consultant

Commented:
Hmmm.. Well then as far as routing goes it should ignore the domain as I assume it's strictly using IP addressing.

Was this in the DMZ and now part of a domain, sounds like it just moved from one domain as a DC to another domain as a DC. Is that correct?

I'm going to go with DNS somewhere then is being used in the routing. There is a route somewhere that is using the old domain suffix instead of the IP or new domain name...
Build an E-Commerce Site with Angular 5

Learn how to build an E-Commerce site with Angular 5, a JavaScript framework used by developers to build web, desktop, and mobile applications.

Author

Commented:
CAn you be a bit more specific?  I am not a DNS wizard.
LBizzleMicrosoft Enterprise Administrator & AWS cloud Consultant

Commented:
Well, first off is there a trust between the two domains? If so you can just create an alias using DNS naming if not you can try and create an alias using the new IP address.

You need to look at the ACL's on the firewall and make sure nothing is pointing to server.olddomain.com and if so is now pointing to server.newdomain.com or better yet use the IP addresses at this layer. If you don't want to or cant adjust your firewall...

Check your DNS server entries for the old server name; if it is there then delete it or right click on the zone and create new CNAME (alias). The top name will be server original name on the old domain, the bottom name will be the new server name fully qualified server.newdomain.com but this may only work if there is a trust between the two domains.
I just finished a complete reinstallation (not from bare metal) and it logged a lot of errors from the RRAS and other assorted networking issues.  The MyCompany object doesn't appear in the AD either.  

I think it's time to do a bare metal rebuild.

Thank you for your help.
Terry

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial