Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 665
  • Last Modified:

Remote Web Workplace does not work outside the LAN

I am trying to access Remote Web Workplace from outside my company's network, and cannot do it properly.  If I enter https://[myrouter'spublicIP]/Remote, it goes to RWW (even from outside the network) but there is a certificate error of a mismatched address.  When I access https://remote.triton-ind.com/ from inside the LAN it works with no problems.  

I have read about how to set this up, but obviously, I am missing something.  I think the problem is either that the certificate is in the wrong location, or the website is still pointing to the internal forward lookup zone (triton.local) instead of the one I made (triton-ind.com).  Also when I look in IIS under MAINSERVER (local computer), I only see a FTP Sites subdirectory and not Sites, so I do not know where the sites shown in the Windows SBS Console are located.

Here is what I have done so far:
1.      Forwarded ports to my local DNS server (DC) running Windows SBS 2008 (TCP ports 25, 80, 987, 443, 1723 to 192.168.123.64)

2.      Created a primary forward lookup zone (that does not store it in the AD), named triton-ind.com, and created two Host (A) files.  One is named remote and pointing to 192.168.123.64 (my internal DNS) for the remote.triton-ind.com.  The other is named www and pointing to the public IP address of our externally hosted website (www.triton-ind.com).

Last note, everything is done in IE 7.  Thanks in advance, and let me know if you need screen shots or additional information.
0
bperry88
Asked:
bperry88
  • 3
  • 3
  • 2
2 Solutions
 
Glen KnightCommented:
OK, you don't need to forward lookup zone, the ones you already have created by SBS will be sufficient.

As this is an external issue you need to create an A record in your EXTERNAL DNS service to point the A record remote.triton-ind.com to your routers public IP address.

I would also recommend a commercial SSL certificate in the form of a UCC/SAN certificate (http://www.godaddy.com/) with 5 domains in it.

remote.triton-ind.com
owa.triton-ind.com (your OWA URL, can be the remote one if you wish)
autodiscover.triton-ind.com
MAINSERVER.triton.local (the internal Fully Qualified Domain Name of your server.
MAINSERVER (NETBIOS name of your server)

There is a certificate wizard in the SBS console that will help you do this.
0
 
Springy555Commented:
The problem is you do not have an external DNS record for remote.triton-ind.com.

The DNS server running on your system are only being used for internal name resolution.  Thats why everything works fine internally.

Its likely your external DNS is being hosted by your service providor.  If I run a whois lookup on triton-ind.com, the nameserver records point to coxmail.com:

whois triton-ind.com:
ns1.coxmail.com
ns2.coxmail.com

This means any request from the internet for triton-ind.com will point to coxmail.com to get the ip address.  remote.triton-ind.com does not resolve, so no DNS record exists at coxmail.com.

What you need to do is ask them to create a DNS A record for remote.triton-ind.com, pointing it to your routers public ip address.  Everything will then work fine.
0
 
bperry88Author Commented:
Thanks for the information and the speedy responses.  I will call Cox today to set that up.  So once Cox sets up the Host A record, will I still need a certificate?  And I do not need the forward lookup zone triton-ind.com at all?
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 
Glen KnightCommented:
You don't need to forward lookup zone on your own server and you will still need the certificate.
0
 
Springy555Commented:
You might still need the forward lookup zone if you want to resolve remote.triton-ind.com internally, depending on whether your router/firewall setup allows traffic to go out and back in on the same interface.
0
 
bperry88Author Commented:
Hey, I just setup the Host A record with Cox and she said that it may take awhile to update.  I cannot test the remote.triton-ind.com until I get off, but I did use an external DNS query tool, "DNS Crawler", and record appeared!  I am going to hold off on getting the certificate for now, but I believe I can get it through my existing domain provider: networksolutions.com. I appreciate the help and information.  I hope you guys are ok with me splitting the points because you both gave me valuable information.

Take care.
0
 
Glen KnightCommented:
That's good with me.
You need to award points for which ever post(s) helped you and if that is both of us then so be it.  we are all here to help you.

I would however recommend in the future you purchase an SSL Certificate, I don't know how much networksolutions.com charge but GoDaddy are very reasonable.
0
 
Springy555Commented:
Glad it went well.  I've tested and can see the page displaying fine.  As you mentioned just the commercial certificate is needed.
0

Featured Post

Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

  • 3
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now