Jay_Ratansi
asked on
SBS2008 remote web workplace unreachable from internet
Hi
Im unable to open RWW from the internet. I can open it from within the LAN. Microsoft Exchange MX record, SMTP in & out work fine. SERVER1 on SBS2008 hosts Exchange 2007, Sharepoint, RWW etc websites.
Within the LAN the following URLs result in:
http://server1 : IIS homepage
https://server1/ : a directory listing for server-/
https://server1/Remote/ : RWW logon page
https://server1/owa & https://server1/exchange : owa logon
(& the above work as server1.domain.co.uk within the LAN)
From the internet:
http://server1.domain.co.uk : a directory listing for server-/
https://server1.domain.co.uk : I.E. cant display the page
https://server1.domain.co.uk/Remote/ : I.E. cant display the page
https://server1.domain.co.uk/owa : : I.E. cant display the page
RDP works ok both to public ip or server1.domain.co.uk
LAN SETTINGS:
Router : 192.168.0.250
SERVER1 : 192.168.0.2
SSL: self-certificate generated on SERVER1 & installed on my I.E. on my pc.
WAN/PUBLIC IPs: 2 IP addresses:
Router: 139.111.112.1 > 192.168.0.250
SERVER1 : router feature WAN IP Alias fwds 139.111.112.2 > 192.168.0.2
Ports Open: 25, 80, 443, 987, 1723 & 3389
DOMAIN/ISP SETTINGS:
www.domain.co.uk
MX: server1.domain.co.uk
server1.domain.co.uk resolves to 139.111.112.2 ok.
Regds
Jay Ratansi
Im unable to open RWW from the internet. I can open it from within the LAN. Microsoft Exchange MX record, SMTP in & out work fine. SERVER1 on SBS2008 hosts Exchange 2007, Sharepoint, RWW etc websites.
Within the LAN the following URLs result in:
http://server1 : IIS homepage
https://server1/ : a directory listing for server-/
https://server1/Remote/ : RWW logon page
https://server1/owa & https://server1/exchange : owa logon
(& the above work as server1.domain.co.uk within the LAN)
From the internet:
http://server1.domain.co.uk : a directory listing for server-/
https://server1.domain.co.uk : I.E. cant display the page
https://server1.domain.co.uk/Remote/ : I.E. cant display the page
https://server1.domain.co.uk/owa : : I.E. cant display the page
RDP works ok both to public ip or server1.domain.co.uk
LAN SETTINGS:
Router : 192.168.0.250
SERVER1 : 192.168.0.2
SSL: self-certificate generated on SERVER1 & installed on my I.E. on my pc.
WAN/PUBLIC IPs: 2 IP addresses:
Router: 139.111.112.1 > 192.168.0.250
SERVER1 : router feature WAN IP Alias fwds 139.111.112.2 > 192.168.0.2
Ports Open: 25, 80, 443, 987, 1723 & 3389
DOMAIN/ISP SETTINGS:
www.domain.co.uk
MX: server1.domain.co.uk
server1.domain.co.uk resolves to 139.111.112.2 ok.
Regds
Jay Ratansi
Have you also run the Internet Address Management Wizard?
Useful link to RWW info:
http://blogs.technet.com/sbs/archive/2009/06/25/sbs-2008-introduction-to-remote-web-workplace.aspx
Useful link to RWW info:
http://blogs.technet.com/sbs/archive/2009/06/25/sbs-2008-introduction-to-remote-web-workplace.aspx
As Alan pointed out, the default to connect to your SBS2008 is https://remote.domain.co.uk
If you are trying to connect using server1.domain.co.uk then you need to rerun the set up your internet address wizard again and change from the default "remote".
The address chosen with the wizard, the certificate, and your external DNS host record all have to be the same.
Also verify from the server that port 443 is open by testing using http://www.canyouseeme.org (note 987 will fail that test, because of the way it is set up)
If you are trying to connect using server1.domain.co.uk then you need to rerun the set up your internet address wizard again and change from the default "remote".
The address chosen with the wizard, the certificate, and your external DNS host record all have to be the same.
Also verify from the server that port 443 is open by testing using http://www.canyouseeme.org (note 987 will fail that test, because of the way it is set up)
ASKER
I ran the IAMW & chose advanced options with domain.co.uk & 'server1' as the prefix (instead of remote).
as for using 'remote' prefix: I can't amend domain dns records until the person with the passwords returns from holidays!
Is it possible to configure sbs rww to use dynamic IP clients eg. no-ip.com? eg. myserver.no-ip.com? would this interfere with Exchange smtp which working fine now?
as for using 'remote' prefix: I can't amend domain dns records until the person with the passwords returns from holidays!
Is it possible to configure sbs rww to use dynamic IP clients eg. no-ip.com? eg. myserver.no-ip.com? would this interfere with Exchange smtp which working fine now?
Do you have a remote record setup in DNS already?
If so, you could re-run the wizard and change it to remote.
Not sure about using the ip address.
If so, you could re-run the wizard and change it to remote.
Not sure about using the ip address.
>>"Is it possible to configure sbs rww to use dynamic IP clients eg. no-ip.com?"
Sure it works fine, but you need to purchase the DNS plus managed service and set up your DNS records there. dyndns.com has a similar service I believe it is called "custom DNS".
Sure it works fine, but you need to purchase the DNS plus managed service and set up your DNS records there. dyndns.com has a similar service I believe it is called "custom DNS".
ASKER
Ok, I have re-ran IAMW and accepted default 'remote' prefix. I'll have to wait a few days to setup a DNS A record at hosting isp for remote.domain.co.uk.
Meanwhile, it seems to me that there may be a general https config problem:
(a) a DNS record for server1.domain.co.uk exists at hosting level & this pings ok to 139.111.112;
(b) in I.E. http://server1.domain.co.uk results in directory listing;
(c) however, https://server1.domain.co.uk results in a page can't be displayed error ie. no security warning etc
(d) router handles 2 public IPs : 1 for router & 2nd for server1. Router (Draytek Vigor) uses Wan IP Alias feature to redirect 2nd public ip to server1 on 192.168.0.2;
(e) I can rdp to server1.domain.co.uk and 2nd public ip 139.111.112.2 (>192.168.0.2 server1);
(f) when running http://www.canyouseeme.org on server1 for port 443, it picks 1st public ip (router) 139.111.112.1 & errors;
Meanwhile, it seems to me that there may be a general https config problem:
(a) a DNS record for server1.domain.co.uk exists at hosting level & this pings ok to 139.111.112;
(b) in I.E. http://server1.domain.co.uk results in directory listing;
(c) however, https://server1.domain.co.uk results in a page can't be displayed error ie. no security warning etc
(d) router handles 2 public IPs : 1 for router & 2nd for server1. Router (Draytek Vigor) uses Wan IP Alias feature to redirect 2nd public ip to server1 on 192.168.0.2;
(e) I can rdp to server1.domain.co.uk and 2nd public ip 139.111.112.2 (>192.168.0.2 server1);
(f) when running http://www.canyouseeme.org on server1 for port 443, it picks 1st public ip (router) 139.111.112.1 & errors;
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The two public IP's are inherited from SBS2003 setup. The router on public ip1 & 2nd nic on sbs2003 on public ip2.
As the hosting dns MX record was already configured for server1.domain.co.uk pointing to public ip2 (& since I can't get the hosting dns changed for a week or so) I've had to work with the 2 IPs. The Draytek Vigor router handles both of these. Open Ports are configured to direct sbs2008 ports to 192.168.0.2. I can ping ok both public IPs from server1.
As the hosting dns MX record was already configured for server1.domain.co.uk pointing to public ip2 (& since I can't get the hosting dns changed for a week or so) I've had to work with the 2 IPs. The Draytek Vigor router handles both of these. Open Ports are configured to direct sbs2008 ports to 192.168.0.2. I can ping ok both public IPs from server1.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yes, just 1 NIC on SBS2008.
as regards 'none of your http or https links to server1.domain.co.uk will work because SBS is not configured to accept them. It is configured to accept remote.domain.co.uk' : i'm puzzled that http://server1.domain.co.uk continues to result in directory listing from server whereas the corresponding https results in error.
Originally I ran IAMW with prefix 'server1' which should have worked as IAMW allows for prefixes other than 'remote'?
as regards 'none of your http or https links to server1.domain.co.uk will work because SBS is not configured to accept them. It is configured to accept remote.domain.co.uk' : i'm puzzled that http://server1.domain.co.uk continues to result in directory listing from server whereas the corresponding https results in error.
Originally I ran IAMW with prefix 'server1' which should have worked as IAMW allows for prefixes other than 'remote'?
ASKER
Apart from the 'remote' dns prefix issue, it turned out that the Draytek router was not passing through https traffic. Although open ports/port fwding had been correctly setup, Draytek has an option to manage the router directly from web. It allows for configuring standard & custom ports for http, https etc ports Although https was unticked, it nevertheless didn't work until I changed the port to 9443.
many thanks to both of you for prompt help.
many thanks to both of you for prompt help.
The ports you have listed are fine (as long as they are all forwarded properly)
Try https://remote.yourdomain.com and see if that works.