Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 720
  • Last Modified:

SBS2008 remote web workplace unreachable from internet

Hi

Im unable to open RWW from the internet. I can open it from within the LAN. Microsoft Exchange MX record, SMTP in & out work fine. SERVER1 on SBS2008 hosts Exchange 2007, Sharepoint, RWW etc websites.

Within the LAN the following URLs result in:
http://server1  :  IIS homepage
https://server1/  :  a directory listing for server-/
https://server1/Remote/  : RWW logon page
https://server1/owa & https://server1/exchange  :  owa logon
(& the above work as server1.domain.co.uk within the LAN)

From the internet:
http://server1.domain.co.uk   :  a directory listing for server-/
https://server1.domain.co.uk  :  I.E. cant display the page
https://server1.domain.co.uk/Remote/  :  I.E. cant display the page
https://server1.domain.co.uk/owa : :  I.E. cant display the page
RDP works ok both to public ip or server1.domain.co.uk

LAN SETTINGS:
Router :  192.168.0.250
SERVER1 :  192.168.0.2

SSL: self-certificate generated on SERVER1 & installed on my I.E. on my pc.

WAN/PUBLIC IPs: 2 IP addresses:
Router: 139.111.112.1 > 192.168.0.250
SERVER1 :  router feature WAN IP Alias  fwds 139.111.112.2 > 192.168.0.2
Ports Open: 25, 80, 443, 987, 1723 & 3389

DOMAIN/ISP SETTINGS:
www.domain.co.uk
MX:  server1.domain.co.uk
server1.domain.co.uk resolves to 139.111.112.2 ok.

Regds
Jay Ratansi
0
Jay_Ratansi
Asked:
Jay_Ratansi
  • 5
  • 4
  • 3
2 Solutions
 
Alan HardistyCo-OwnerCommented:
Depending on how you configured your SBS server, your default site for remote will be https://remote.yourdomain.com
The ports you have listed are fine (as long as they are all forwarded properly)
Try https://remote.yourdomain.com and see if that works.
0
 
Alan HardistyCo-OwnerCommented:
Have you also run the Internet Address Management Wizard?
Useful link to RWW info:
http://blogs.technet.com/sbs/archive/2009/06/25/sbs-2008-introduction-to-remote-web-workplace.aspx 
0
 
Rob WilliamsCommented:
As Alan pointed out, the default to connect to your SBS2008 is https://remote.domain.co.uk 
If you are trying to connect using server1.domain.co.uk then you need to rerun the set up your internet address wizard again and change from the default "remote".
The address chosen with the wizard, the certificate, and your external DNS host record all have to be the same.

Also verify from the server that port 443 is open by testing using http://www.canyouseeme.org  (note 987 will fail that  test, because of the way it is set up)
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Jay_RatansiAuthor Commented:
I ran the IAMW & chose advanced options with domain.co.uk & 'server1' as the prefix (instead of remote).

as for using 'remote' prefix: I can't amend domain dns records until the person with the passwords returns from holidays!

Is it possible to configure sbs rww to use dynamic IP clients eg. no-ip.com? eg. myserver.no-ip.com? would this interfere with Exchange smtp which working fine now?
0
 
Alan HardistyCo-OwnerCommented:
Do you have a remote record setup in DNS already?

If so, you could re-run the wizard and change it to remote.

Not sure about using the ip address.
0
 
Rob WilliamsCommented:
>>"Is it possible to configure sbs rww to use dynamic IP clients eg. no-ip.com?"
Sure it works fine, but you need to purchase the DNS plus managed service and set up your DNS records there. dyndns.com has a similar service I believe it is called "custom DNS".
0
 
Jay_RatansiAuthor Commented:
Ok, I have re-ran IAMW and accepted default 'remote' prefix.  I'll have to wait a few days to setup a DNS A record at hosting isp for  remote.domain.co.uk.

Meanwhile, it seems to me that there may be a general  https config problem:

(a) a DNS record for server1.domain.co.uk exists at hosting level & this pings ok to 139.111.112;
(b) in I.E. http://server1.domain.co.uk results in directory listing;
(c) however, https://server1.domain.co.uk results in a page can't be displayed error ie. no security warning etc
(d) router handles 2 public IPs : 1 for router & 2nd for server1. Router (Draytek Vigor) uses Wan IP Alias feature to redirect 2nd public ip to server1 on 192.168.0.2;
(e) I can rdp to server1.domain.co.uk and 2nd public ip 139.111.112.2 (>192.168.0.2 server1);
(f) when running http://www.canyouseeme.org on server1 for port 443, it picks 1st public ip (router) 139.111.112.1 & errors;

 
 

0
 
Alan HardistyCo-OwnerCommented:
Why do you have two IP's on the router and what services do you have that require two IP's?
If you visit www.canyouseeme.org and you get 139.111.112.1 then you will get problems as it sounds like your web requests are set to arrive on IP 139.111.112.2 and then the server sends them back on 139.111.112.1.
Do you ned two Public IP's?
0
 
Jay_RatansiAuthor Commented:
The two public IP's are inherited from SBS2003 setup. The router on public ip1 & 2nd nic on sbs2003 on public ip2.

As the hosting dns MX record was already configured for server1.domain.co.uk pointing to public ip2 (& since I can't get the hosting dns changed for a week or so) I've had to work with the 2 IPs. The Draytek Vigor router handles both of these. Open Ports are configured to direct sbs2008 ports to 192.168.0.2.   I can ping ok both public IPs from server1.
0
 
Rob WilliamsCommented:
>>"Ok, I have re-ran IAMW and accepted default 'remote' prefix."
Good but none of your http or https links to server1.domain.co.uk  will work because SBS is not configured to accept them. It is configured to accept remote.domain.co.uk

I assume you only have 1 NIC on SBS 2008? It will not support 2 like SBS 2003
0
 
Jay_RatansiAuthor Commented:
Yes, just 1 NIC on SBS2008.

as regards 'none of your http or https links to server1.domain.co.uk  will work because SBS is not configured to accept them. It is configured to accept remote.domain.co.uk' : i'm puzzled that http://server1.domain.co.uk  continues to result in directory listing from server whereas the corresponding https results in error.

Originally I ran IAMW with prefix 'server1' which should have worked as IAMW allows for prefixes other than 'remote'?
0
 
Jay_RatansiAuthor Commented:
Apart from the 'remote' dns prefix issue, it turned out that the Draytek router was not passing through https traffic. Although open ports/port fwding had been correctly setup, Draytek has an option to manage the router directly from web. It allows for configuring standard & custom ports for http, https etc ports Although https was unticked, it nevertheless didn't work until I changed the port to 9443.

many thanks to both of you for prompt help.  
0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

  • 5
  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now