We help IT Professionals succeed at work.

Companyweb is not displaying from the inside

oweathersby
oweathersby asked
on
I have a fairly fresh installation on SBS2008.  The company web always displayed internally until today, the same time I was finally able to get it to be accessible via the Internet.

Here is what I have checked:

- I now cannot ping companyweb
- I can ping the host server of 10.0.0.50
- From the Internet, I can access the WSS site via https://remote.xxx:987 (I am pormopted for credentials and can get in and access WSS normally
- from the server I can access the Central administration home page, but when I try to access the Operations or Application Management tab, I get prompted for credentials and no set of credentials works
- From a client computer I cannot access the Central Administration site. I get IE cannot display this webpage, the same message I get when I try to view the CompanyWeb
- From the server I can ping Companyweb. When I browse to it in IE, I get prompted for credentials but no credentials work.

I think it may be an IIS and DNS issue, but I am not sure as I did not manually change any DNS records or change any default settings in IIS.  In troubleshooting, I added a record called clientportal and added that to the bindings for companyweb in IIS, but that did not change anything.  Any assistance in getting the CompanyWeb visible again is greatly appreciated.

Thanks
Comment
Watch Question

Justin SmithSr. System Engineer
Top Expert 2012

Commented:
What is the server name?
What are the URL's you are trying to access (and ports)?

More than likely this is a DNS issue.
Justin SmithSr. System Engineer
Top Expert 2012

Commented:
Also, you may have to check the firewall on the server and add exceptions.

Author

Commented:
What would I check on the firewall to make exceptions for?  I did not make any changes on the WIndows firewall, but I did make changes to the network firewall (SonicWall TZ210) in order to get the site accessible via the Internet.

From inside, I tride the default http://companyweb, http://companyweb:987, http://10.0.0.50, and http://10.0.0.50:987

None of them worked
Commented:
Try re-running "connect to the internet" from the SBS console. Also run the SBS Best Practices Analyzer http://www.microsoft.com/downloads/details.aspx?familyid=86a1aa32-9814-484e-bd43-3e42aec7f731&displaylang=en

Author

Commented:
I am concerned that if I re-run it, it will kill the external availability I have setup.  Maybe I will re-reun it tonight after hours and setup mail too and kill everything at once and fix it at once.

But, I'd rather try fixing that first.

Commented:
SBS likes to have everything done through its wizards. When you start tweaking things outside the wizards it tends to do more harm than good. Providing you have all of the ports opened on the router/firewall, SBS will take care of creating the proper "holes" within its own firewall for companyweb internal/external access. I would at least run the BPA to see what results it comes back with.

Also, with being able to ping the IP address, but not the host-name represents a DNS issue.

Author

Commented:
That is what I thought, DNS issue.  The cname for companyweb is is set to the FQDN of the server in the Forward lookup Zone.  But what about the fact that fromteh server, I get prompted for credentials, but none work?

Commented:
You should not get prompted for credentials from inside the domain, if you are, something is broke. Your credentials should be passed on to the server once you log in to a workstation. The CNAME from what you explained is correct. The FQDN should be:

Companyweb.internal domain name

FQDN for target host should be:

servername.internal domain name

Commented:
Also, what is the output of a ipconfig/all from the server?

Author

Commented:
I have multiple IP's assigned to the NIC10.0.0.1-.6, and 10.0.0.50
The DNS server is this server, 10.0.0.50

Gateway is accurate.

I ran the BPA and it came back with
The DNS client is not configured to point only to the internal IP address of the server. For information about how to fix network settings, see "Managing Your Windows Small Business Server 2008 Network" at the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkId=115881).

Justin SmithSr. System Engineer
Top Expert 2012

Commented:
all those url's you are trying......are those all for the same web application?  is companyweb also the name of your server?

Sonicwall won't affect traffic on your network.  You need to verify the windows firewall, if it's running, is allowing traffic in on port 80 and 987.

If you can ping the server by IP but not name, something isn't in your DNS.  

Commented:
The server should be statically assigned and it should be 10.0.0.50. What do you mean you have multiple IP assigned? Do you have more than 1 NIC in the server? If so, disable all but 1.
Justin SmithSr. System Engineer
Top Expert 2012

Commented:
i think you guys are looking a bit too deep at this.  

you created a web application in sharepoint, when you did this, you assigned a URL.  What was it?  I'm assuming it was http://companyweb

Is there an A record for companyweb in DNS?  If so, what IP is it going to?

From your server, can you ping anything (by name) on the network?

Commented:
No where in his post does it indicate he created a web application. It is my understanding that the comapnyweb will not display. Companyweb is part of Sharepoint which is installed out of the box in SBS. Am I incorrect in this?
Distinguished Expert 2018

Commented:
Might be overthinking this one.  Let's start with a simple question: Did you perform updates on this server recently and/or is it configured to do auto-updates (which I never recommend on a server.)
Specifically, did you apply update 983444? You can see this via the Windows Update control panel, which has a "view installed updates" view that lists updates installed chronologically.
 

Author

Commented:
I was going to assign mail and VPN different internal IP destinations, but I guess I don't have to.

The BPA also gave these two responses alerts:

The Comanyweb value does not exist in the BackConnectionHostNames Registry Key
The Companyweb value does not exist in the BackConnectionHostNames registry key. To resolve this issue, open Registry Editor, and then locate and click HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\BackConnectionHostNames. Right-click BackConnectionHostNames, and then click Modify, In the Value data box, type Companyweb, and then click OK.

And

the BackConnectionHostNames Registry Key does not exist
The registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\BackConnectionHostNames does not exist. To resolve this issue, open Registry Editor, and then locate and click HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\. Right-click MSV1_0, point to New, and then click Multi-String Value. Type BackConnectionHostNames, and then press ENTER.
Justin SmithSr. System Engineer
Top Expert 2012

Commented:
wow, this question has went a completely different way than when i first responded.  if this is a sharepoint issue, let me know.  otherwise, good luck.

Commented:
Sounds like you may have multiple issues here. Your going to need to start in order. If your running multiple NIC'S, you need to fix that problem first. After that is corrected, i would re-run fix my network and go from there.

Author

Commented:
I think it is a SharePoint issue.   Looking back at MCSA 2003's last post, this is the fresh out of the box setup of WSS on SBS2003.  Nothing added.  It worked internally just fine until I got WSS to be available from the Internet.  Once it was accessible from the Internet (as of 8am today) the internal access that had previously worked, does not.

I can ping companyweb by name from the server.

from the client, I can ping the server name, mfsfs-01 and I get this reply

Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

C:\Users\jfuertes>ping mfsfs-01

Pinging MFSFS-01 [fe80::1c4b:a88b:72b5:b8a9%10] from fe80::f4f8:5964:5191:bb71%1
0 with 32 bytes of data:
Reply from fe80::1c4b:a88b:72b5:b8a9%10: time<1ms
Reply from fe80::1c4b:a88b:72b5:b8a9%10: time<1ms
Reply from fe80::1c4b:a88b:72b5:b8a9%10: time<1ms
Reply from fe80::1c4b:a88b:72b5:b8a9%10: time<1ms

Ping statistics for fe80::1c4b:a88b:72b5:b8a9%10:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

Notice I do not get the simple IP address back of the server.  If I ping Companyweb, I get nothing back
If I ping 10.0.0.50, I get 4 replies.  If I ping -a from a client to 10.0.0.50 it returns mfsfs-01.

It looks like the ping to mfsfs-01 is getting a response from someplace other than 10.0.0.50....

Justin SmithSr. System Engineer
Top Expert 2012

Commented:
if this is a sharepoint issue, i don't see how the conversation turned to running a "connect to the internet wizard" and running ipconfig and that other jazz.  Also, just because you are inside the network doesn't mean that SharePOint won't prompt you for credentials (mcsa made this comment).  

If you can't ping companyweb from a client, it's prob not a SharePoint issue.

You say that the SharePoint site was working perfectly untill you opened it up to the internet.  What steps did you take to do this?

Commented:
Do you have more than 1 NIC in this machine?

Commented:
I am going to make 1 last statement and then bow out of this conversation. the reason I went in the direction I went, was because this is an out of the box install and it has not worked properly. Therefore, something did not take right with the install or something was changed manually. We can all agree, it's not working. After going through some troubleshooting steps, it appears that he has at least a single-dual NIC card setup or dual NIC cards. This is not supported in SBS 2008. (I have yet to get an answer to confirm this). during the configuration of SBS, it will setup the internal firewall to allow access from both inside the domain and outside. After that, the hardware firewall needs to have the necessary holes opened manually, along with the proper records setup at the web host.

We also discovered that the company web is asking for user authentication when hitting the website from inside the domain. If this is correct, something else is broke. when a users logs into a client that is joined to the domain, the credentials are passed on to the server for authentication. If they are correct, they get logged in. Once this occurs, they should hit the company web and not be asked to authenticate again, if this happens, something else is broke. It is no different than trying to access a network share and get prompted for a login. If they are on the domain, and have access to the share, they gain access to it, there is no need to authenticate a second time.

Also, we can not ping by host-name. This is not a sharepoint issue, it is a dns issue. Once again, I look elsewhere for answers.

Author

Commented:
MCSA2003- I do have more than one NIC, but only one is in use

Ach1lles - I have a sonicwall firewall.  I changed the ports for accessing the firewall from port 443 and 80 to port 4443 and 8080.  I did notice before in Central administration, there was an application for the sonicwall web admin, which I did not understand, as I did not create it.
But besides changing the ports that I use to manage the Sonicwall, the only other changes were made on the firewall to allow ssl access on the server to port 987.

SInce then I can access WSS 3.0 from the Internet, but not the intranet

Author

Commented:
I ran the fix my Internet connection wizard.  There was a DHCP scope setup on the firewall.  The clients were getting an IP from that scope.  I killed that DHCP scope on the firewall (it's a SonicWall TZ210N) did a release and renew on the clients and viola.  They were able to ping properly and access the companyweb.  And outside access remained intact also.  So it looks like running the wizard per MCSA2003.  Thanks.
Justin SmithSr. System Engineer
Top Expert 2012

Commented:
i knew it wasn't a sharepoint issue! good job on the fix.