Link to home
Start Free TrialLog in
Avatar of Jay_Ratansi
Jay_Ratansi

asked on

SBS2008 remote web workplace unreachable from internet

Hi

Im unable to open RWW from the internet. I can open it from within the LAN. Microsoft Exchange MX record, SMTP in & out work fine. SERVER1 on SBS2008 hosts Exchange 2007, Sharepoint, RWW etc websites.

Within the LAN the following URLs result in:
http://server1  :  IIS homepage
https://server1/  :  a directory listing for server-/
https://server1/Remote/  : RWW logon page
https://server1/owa & https://server1/exchange  :  owa logon
(& the above work as server1.domain.co.uk within the LAN)

From the internet:
http://server1.domain.co.uk   :  a directory listing for server-/
https://server1.domain.co.uk  :  I.E. cant display the page
https://server1.domain.co.uk/Remote/  :  I.E. cant display the page
https://server1.domain.co.uk/owa : :  I.E. cant display the page
RDP works ok both to public ip or server1.domain.co.uk

LAN SETTINGS:
Router :  192.168.0.250
SERVER1 :  192.168.0.2

SSL: self-certificate generated on SERVER1 & installed on my I.E. on my pc.

WAN/PUBLIC IPs: 2 IP addresses:
Router: 139.111.112.1 > 192.168.0.250
SERVER1 :  router feature WAN IP Alias  fwds 139.111.112.2 > 192.168.0.2
Ports Open: 25, 80, 443, 987, 1723 & 3389

DOMAIN/ISP SETTINGS:
www.domain.co.uk
MX:  server1.domain.co.uk
server1.domain.co.uk resolves to 139.111.112.2 ok.

Regds
Jay Ratansi
Avatar of Alan Hardisty
Alan Hardisty
Flag of United Kingdom of Great Britain and Northern Ireland image

Depending on how you configured your SBS server, your default site for remote will be https://remote.yourdomain.com
The ports you have listed are fine (as long as they are all forwarded properly)
Try https://remote.yourdomain.com and see if that works.
Have you also run the Internet Address Management Wizard?
Useful link to RWW info:
http://blogs.technet.com/sbs/archive/2009/06/25/sbs-2008-introduction-to-remote-web-workplace.aspx 
As Alan pointed out, the default to connect to your SBS2008 is https://remote.domain.co.uk 
If you are trying to connect using server1.domain.co.uk then you need to rerun the set up your internet address wizard again and change from the default "remote".
The address chosen with the wizard, the certificate, and your external DNS host record all have to be the same.

Also verify from the server that port 443 is open by testing using http://www.canyouseeme.org  (note 987 will fail that  test, because of the way it is set up)
Avatar of Jay_Ratansi
Jay_Ratansi

ASKER

I ran the IAMW & chose advanced options with domain.co.uk & 'server1' as the prefix (instead of remote).

as for using 'remote' prefix: I can't amend domain dns records until the person with the passwords returns from holidays!

Is it possible to configure sbs rww to use dynamic IP clients eg. no-ip.com? eg. myserver.no-ip.com? would this interfere with Exchange smtp which working fine now?
Do you have a remote record setup in DNS already?

If so, you could re-run the wizard and change it to remote.

Not sure about using the ip address.
>>"Is it possible to configure sbs rww to use dynamic IP clients eg. no-ip.com?"
Sure it works fine, but you need to purchase the DNS plus managed service and set up your DNS records there. dyndns.com has a similar service I believe it is called "custom DNS".
Ok, I have re-ran IAMW and accepted default 'remote' prefix.  I'll have to wait a few days to setup a DNS A record at hosting isp for  remote.domain.co.uk.

Meanwhile, it seems to me that there may be a general  https config problem:

(a) a DNS record for server1.domain.co.uk exists at hosting level & this pings ok to 139.111.112;
(b) in I.E. http://server1.domain.co.uk results in directory listing;
(c) however, https://server1.domain.co.uk results in a page can't be displayed error ie. no security warning etc
(d) router handles 2 public IPs : 1 for router & 2nd for server1. Router (Draytek Vigor) uses Wan IP Alias feature to redirect 2nd public ip to server1 on 192.168.0.2;
(e) I can rdp to server1.domain.co.uk and 2nd public ip 139.111.112.2 (>192.168.0.2 server1);
(f) when running http://www.canyouseeme.org on server1 for port 443, it picks 1st public ip (router) 139.111.112.1 & errors;

 
 

SOLUTION
Avatar of Alan Hardisty
Alan Hardisty
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
The two public IP's are inherited from SBS2003 setup. The router on public ip1 & 2nd nic on sbs2003 on public ip2.

As the hosting dns MX record was already configured for server1.domain.co.uk pointing to public ip2 (& since I can't get the hosting dns changed for a week or so) I've had to work with the 2 IPs. The Draytek Vigor router handles both of these. Open Ports are configured to direct sbs2008 ports to 192.168.0.2.   I can ping ok both public IPs from server1.
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Yes, just 1 NIC on SBS2008.

as regards 'none of your http or https links to server1.domain.co.uk  will work because SBS is not configured to accept them. It is configured to accept remote.domain.co.uk' : i'm puzzled that http://server1.domain.co.uk  continues to result in directory listing from server whereas the corresponding https results in error.

Originally I ran IAMW with prefix 'server1' which should have worked as IAMW allows for prefixes other than 'remote'?
Apart from the 'remote' dns prefix issue, it turned out that the Draytek router was not passing through https traffic. Although open ports/port fwding had been correctly setup, Draytek has an option to manage the router directly from web. It allows for configuring standard & custom ports for http, https etc ports Although https was unticked, it nevertheless didn't work until I changed the port to 9443.

many thanks to both of you for prompt help.