Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium



Posted on 2014-07-17
Medium Priority
Last Modified: 2014-07-28
Newbie here. Have an SBS 2011 server.  I need to create a public URL  http://myapp.mydomain.com
that can be accessed thru the internet by Active Directory user:  myappuser
Please provide the steps to accomplish this.  thanks.
Question by:vled
  • 3
  • 3

Assisted Solution

nick2253 earned 150 total points
ID: 40202910
What are you trying to do with this url?  Do you already have the service up and running on your internal network?

If so, you just need to configure that subdomain to point to your external IP address through your domain name provider, and forward the ports needed for myapp through your firewall.

As far as access restrictions go, it really depends on what your app is.  You'll have to give us a *lot* more details here or we're just picking at straws.

Author Comment

ID: 40203119
The app that will be running is a mobile app that will be setup by a third party software provider.  I'm not involved in that part, I just have to meet the requirements listed below:

What the software provider requires is this:

1. Is the Web Server role already installed in the server ?  
2. Is HTTP/HTTPS enabled on your router/firewall?
3.  What is the domain and credentials for the Active Directory user: myappuser ?
4.  What is the public URL for your web server?  ( Ex: http://myapp.mydomain.com)
5.  What is the public ip address for your web server?

My answers so far, correct me if I'm wrong.
1.  Web server role is installed  - determined by going to Server Manager - roles - shows web server is installed.

2.  HTTP and HTTPS ( 80 and 443) are enabled via port forwarding in the router.

3.  The Active Directory user called myappuser is created and I have the internal domain name.  For now I will call the internal domain name "intdomain".

Number 4 and making sure the user myappuser can access the Public URL is what I need help with.

5.  I'm assumming that the public static ip address being used is the same one that the public URL that I need will be using.

If I can just get as far as creating the public URL and making sure that the AD user myappuser can access it via the internet, then the software app provider can take it from there.

The SBS 2011 server is working fine, they are hosting their email, their internet domain ( what I'm calling "mydomain" is registered at register.com and I'm using register.com's DNS services for their external DNS records - Have the A record pointing to the static public ip address of the SBS 2011 server , and the MX record pointing to mail.mydomain.com.  Their internet service provider has the reverse dns pointer.

Accepted Solution

Adam Ray earned 1350 total points
ID: 40203777
Is the mobile app you mentioned going to be hosted by the third party, or are they going to install the app on your in-house server? (Their requirements seem to imply that they will be installing the app on your in-house server, but it's possible they will host the meat of the app and it just needs to communicate with your server for some of it's functionality.

In either case you really need to know what will be accessed/installed on your server.

I'm assuming you have the A records for myapp.mydomain.com AND mail.mydomain.com both pointing to the static public IP of your SBS server. (The MX record you setup at register.com points to the A record of mail.mydomain.com--also setup at register.com. So I'll refer to mail.mydomain.com as an A record, as it is the relevant DNS record for your question.)

SBS will have already configured IIS on your server so that the Default Website already is bound to mail.mydomain.com. If whatever the app installs on your server gets put on the Default Website, it would make sense to use mail.mydomain.com as the "public URL" in question 4; especially if you have a 3rd party SSL certificate already set up.

But it's a whole different setup if this app will be installed on a different/new "website" in IIS. You would need to bind that website to a different hostname (e.g. myapp.mydomain.com) and since they mention HTTPS you may also need a separate 3rd party SSL certificate and a second static public IP to forward to your SBS server--depending on the particulars of their needs.

Unfortunately unless they just need the access info to your server (un/pw, url, IP) to access an already existing service (e.g. Outlook Web Access or ActiveSync to a mailbox) you'll likely need to know more about what is going to be put on your server before you can provide them with the info.*

*If this is just a pre-installation survey you may not have to actually do anything to your server yet, they just want to know what the settings will be so they can get things started on their end.
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why


Author Comment

ID: 40205703
Thanks to all for the info provided so far.  I tried to contact the developer but still have not heard from them.   Will post after I consult with them.

Author Comment

ID: 40213200
After talking to the software app developer, they said they can use the default site accessed via https://remote.mydomain.com.  I just have to install a 3rd party SSL certificate. The app will be installed in the in-house SBS 2011.  So for now I think the problem is solved.

For my understanding:
Would it have been possible to create an A record for myapp.mydomain.com using the same static public ip address that is being used now by mail.mydomain.com even if the isp already has a reverse dns for that same static public ip address for mail.mydomain.com ?  

Any links or comments on how to create a new website in IIS and bind that website to a different hostname (e.g. myapp.mydomain.com)  would be greatly appreciated.

I will wait another day or 2 before awarding points in case anyone has additional input. Thanks a Bunch!

Assisted Solution

by:Adam Ray
Adam Ray earned 1350 total points
ID: 40213357
When using HTTP in IIS 7 (What SBS 2011 uses) you can bind multiple DNS names to one website (e.g. the Default Website). Typically you would just use a single IP address for all DNS names (just set their DNS A records all to the same IP, or use CNAME records to point to the "primary" public DNS name.

But I'm not sure I would try that on an SBS server. It customizes the default website extensively and I wouldn't be surprised if specifying/binding a second DNS name to the default website created problems somewhere.

However--I don't have access to an SBS 2011 box at the moment to check--if the default website is already listening on *:80, meaning all IP addresses/host names not specified elsewhere, you likely could use a DNS name like myapp.mydomain.com and have it work just fine without having to change anything in IIS.

But all of that is moot point--it's only applies to HTTP. It's quite a bit more particular when using HTTP (SSL certificate.) The short version is that you can only use one SSL certificate per "website." And unless you get the super expensive certificates, a 3rd party certificate will only work for one DNS name. And with SBS 2011 it wouldn't make sense (may even cause problems if the certificate isn't for the DNS name specified in the SBS setup/wizards (e.g. remote.mydomain.com or mail.mydomain.com if you didn't use the SBS default sub domain of "remote".)

It will make your life allot easier if you get the 3rd party certificate for the DNS name that SBS is set to (and use the SBS wizards to install the certificate. And use that same DNS name for your app.

If you really want to use myapp.mydomain.com for your app, you should be able to provided that your app doesn't have to be installed on the default website. The steps for setting it up would be something like this:


Configure your router/firewall to forward the needed ports (e.g. 80,443) from a second public IP to your SBS box. (Not all routers support forwarding ports from multiple public IPs to a single private IP, if yours doesn't you could look at binding two private IPs to the primary LAN adapter on your SBS box (using netsh). But that make break parts of SBS,) so be sure to research it thoroughly before trying it.


In your DNS host, create an A record for your second public IP to point to myapp.mydomain.com


Create a new website in IIS and bind it to myapp.mydomain.com, port 80 for HTTP, port 443 for HTTPS


Install the 3rd party SSL cert for myapp.mydomain.com in the Computer Store, bind it to the new website in IIS.


Make sure the app is installed onto the new website and not the default website. (Remember the third part app developer may not support installing the app to anything other than the default website.)
P.S. If you use godaddy to get basic 3rd party certificate(s) search Google for GoDaddy SSL rather than going to godaddy.com directly. Discounts/coupon codes are readily available.

Expert Comment

by:Adam Ray
ID: 40223627
As a note/correction on my previous post... I think setting it up that way (using a second public IP--steps 1 and 2--will probably work just fine, but I don't think it would be necessary for IIS. Just setting the A record for myapp.mydomain.com to the primary public IP and then proceeding with step 3 should work just fine, I believe.

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

577 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question