snurd3
asked on
I cannot get port 80 or port 443 in or out of a windows server 2003 with Exchange Server 2003
My Exchange Server 2003 will not allow port 80 and port 443 in or out. When I bring up a web browser, the dialog in the lower left searches, then says the site is located, the says waiting for the site, then times out. A port scan on the server shows only Port 110 open. The Windows firewall is disabled and the TrendMicro Firewall is disabled. The outside Sonicwall is set to allow the address object of the server port 80 and 443 Wan to Lan, Lan to Wan, and Lan to Lan.
Inside the lan, I can't load the COMPANY web page or the OWA on the exchange server on any other computer. I can, however, log in to the OWA Exchange Server on the Exchange Server or load the company home page.
I have Errors # 59 and 1059 from the W3SVC, but they don't seem to make any sense. On Eventid.net, those errors are listed but all pertain to other types of servers. I did correct the OsceAppPool disabled error, but that made no difference.
I have done packet traces through the firewall and it is passing these ports.
Port 25 and 110 pass with no problem and mail is flowing, only the web mail and mobile push mail will not work.
Thanks in advance for any help.
John
Inside the lan, I can't load the COMPANY web page or the OWA on the exchange server on any other computer. I can, however, log in to the OWA Exchange Server on the Exchange Server or load the company home page.
I have Errors # 59 and 1059 from the W3SVC, but they don't seem to make any sense. On Eventid.net, those errors are listed but all pertain to other types of servers. I did correct the OsceAppPool disabled error, but that made no difference.
I have done packet traces through the firewall and it is passing these ports.
Port 25 and 110 pass with no problem and mail is flowing, only the web mail and mobile push mail will not work.
Thanks in advance for any help.
John
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I would definitely start with the firewall. My first statement was merely that if your company website was not hosted on the Exchange server then you can get out.
If you cannot uninstall the firewall, as alanhardisty suggested, be sure you double check its settings. It REALLY seems as though your firewall is blocking the traffic.
Justin
If you cannot uninstall the firewall, as alanhardisty suggested, be sure you double check its settings. It REALLY seems as though your firewall is blocking the traffic.
Justin
ASKER
OK. Will uninstall the Trend Micro stuff. I have to agree, since it seems to be port specific, I think the firewall is the most likely culprit. But I thought I eliminated it by disabling it. Will get back to you. Have to drive about 10 miles before I get where I can do that.
Sadly disabling it still leaves it there and potentially blocking. I have seen many computers with firewalls that were installed, had them uninstalled and still had issues getting to the web. After a forced removal via a specific tool, internet access was restored.
Enjoy the drive! No remote control?
Enjoy the drive! No remote control?
Enter the following in CMD:
netstat -nao > %systemroot%\EE_netstat.tx t
tasklist > %systemroot%\EE_tasklist.t xt
Post the results.
netstat -nao > %systemroot%\EE_netstat.tx
tasklist > %systemroot%\EE_tasklist.t
Post the results.
ASKER
Yes. I have it remoted, but I was at work and due home. So, I had to leave the server and come home to do it remotely. Doesn't make much sense, but wife was already expecting me.
Here are the requested files.
EE-netstat.txt
EE-tasklist.txt
Here are the requested files.
EE-netstat.txt
EE-tasklist.txt
No problems - I can relate to the wife expecting you home.
Have you uninstalled Trend yet and rebooted?
Have you uninstalled Trend yet and rebooted?
ASKER
Trendmicro Firewall is removed and server is rebooting.
Okay - fingers crossed.
ASKER
Wouldn't ya know. The server went down, but failed to come back up. Will have to ride over there and see what's up.
Deep joy! That's a pain in the butt.
ASKER
OK. I'm back. There was a flash drive in the USB it was trying to boot from. :(
But, the firewall being gone made no diff. Still doing the same thing. It is looking up DNS, because it says what IP address it's connecting to, just never does it.
But, the firewall being gone made no diff. Still doing the same thing. It is looking up DNS, because it says what IP address it's connecting to, just never does it.
That's a shame.
Presumably if you visit www.canyouseeme.org and test port 80 and 443 you get a fail?
Presumably if you visit www.canyouseeme.org and test port 80 and 443 you get a fail?
Thanks for the netstat and tasklist.
The server is definetly listening on port 80 and 443.
On the Exchange server can you "telnet 172.16.0.5 80" and "telnet 172.16.0.5 443"?
If success you should get a black window, if not it will say could not establish a connection on port X etc.
If it's successfull then there's no problem with the server and you should do a trace route to another machine that can't reach it and check if the ports are available from all the hops in the trace.
If unsuccessfull it's a due to a local firewall OR another application trying to steal the port.
The server is definetly listening on port 80 and 443.
On the Exchange server can you "telnet 172.16.0.5 80" and "telnet 172.16.0.5 443"?
If success you should get a black window, if not it will say could not establish a connection on port X etc.
If it's successfull then there's no problem with the server and you should do a trace route to another machine that can't reach it and check if the ports are available from all the hops in the trace.
If unsuccessfull it's a due to a local firewall OR another application trying to steal the port.
ASKER
I can't get out on the web browser on that server, but let me try another. The web browser will only connect to stuff on its own machine.
Let me try both of these things. Seems to me that someplace along the line, I did the telnet and trace, but it cannot hurt to make sure.
Let me try both of these things. Seems to me that someplace along the line, I did the telnet and trace, but it cannot hurt to make sure.
can you run the following please (from a command prompt):
ipconfig /all >c:\ipconfig.txt
Then upload c:\ipconfig.txt to EE
ipconfig /all >c:\ipconfig.txt
Then upload c:\ipconfig.txt to EE
ASKER
I did try the above and sort of got lost checking. I can telnet from one server to another on port 80 and port 443. Canyouseeme.org. does not see me on those ports. I tried to telnet via the VPN to the shop and I can't do that. If I run the netstat over the VPN, 80 and 443 are not listening.
The thing has too many moving parts, though . The certificate for the Exchange server is returning an error now and it was fine. The PDC suddenly does not show any other hosts in its browser. I have been checking the Sonicwall, which I just had checked last week by Sonicwall and found a couple of duplicated routes. It's sort of like trying to pitch a tent on a 90 MPH wind.
John
The thing has too many moving parts, though . The certificate for the Exchange server is returning an error now and it was fine. The PDC suddenly does not show any other hosts in its browser. I have been checking the Sonicwall, which I just had checked last week by Sonicwall and found a couple of duplicated routes. It's sort of like trying to pitch a tent on a 90 MPH wind.
John
It does sound like you have a few more problems on your hands and there are sinister happenings going on.
Can you reboot your server(s) and see if it / they settle down?
Can you reboot your server(s) and see if it / they settle down?
ASKER
Right. When in doubt, reboot. Will do that.
ASKER
This situation was resolved with the help of the two experts who offered help. Both contributed something to the solution so I'dlike to divide the points between them. The solution was a combination of the outside firewall and security issues.<input id="gwProxy" type="hidden"><!--Session data--><input onclick="jsCall();" id="jsProxy" type="hidden">
ASKER
Thanks all
ASKER
No. I tried using IP address. No luck. DNS is on the primary domain controller and a member server. It is forwarded to an outside company for internet resolution,.
John