- Windows Server 2016
- SBS
- Windows OS
- DHCP
- Windows 10
- Windows
- Azure
Why Can't We Access our Server 2016 Essentials RWA/Anywhere Access site Internally?
Working through some issues on a Server 2016 Essentials server and noticed that the remote web access portal site (remote,domain.com/remote)
Internally, if I enter the public IP in a browser, the page does not resolve. Externally, it does resolve, as does the DNS address - remote.domain.com/remote.
Running the Anywhere Access repair wizard did not address the issue. It completes successfully, but does not allow us to access the site internally on the same LAN as the server. Doesn't matter if I try from the server itself or a client workstation.
Internally, if I enter the public IP in a browser, the page does not resolve. Externally, it does resolve, as does the DNS address - remote.domain.com/remote.
Running the Anywhere Access repair wizard did not address the issue. It completes successfully, but does not allow us to access the site internally on the same LAN as the server. Doesn't matter if I try from the server itself or a client workstation.
What is the public IP address of your computers in your internal network when you use a browser to access www.whatismyipaddress.com?
It's pretty typical for a firewall to block requests which originate inside the network from connecting with the IP/interface on the external side (though not all do it).
You need a DNS record on your internal DNS which resolves "remote,domain.com" to the internal IP of the server. This is known as split DNS - when you have DNS records for the same resource hosted in different locations and those records differ.
Create a new Forward Lookup Zone with the same name as the FQDN you want to resolve, e.g. "remote,domain.com". Inside that zone, create a new A record, leave the name blank (after it's created you will see it as "same as parent folder", and point it at the internal IP. In this way, only the "remote,domain.com" record (and any records existing below that like "xxx.remote,domain.com", and "blah.remote,domain.com") would be resolved by your internal DNS, while other queries for domain.com would get passed to forwarders or root hints.
You need a DNS record on your internal DNS which resolves "remote,domain.com" to the internal IP of the server. This is known as split DNS - when you have DNS records for the same resource hosted in different locations and those records differ.
Create a new Forward Lookup Zone with the same name as the FQDN you want to resolve, e.g. "remote,domain.com". Inside that zone, create a new A record, leave the name blank (after it's created you will see it as "same as parent folder", and point it at the internal IP. In this way, only the "remote,domain.com" record (and any records existing below that like "xxx.remote,domain.com", and "blah.remote,domain.com") would be resolved by your internal DNS, while other queries for domain.com would get passed to forwarders or root hints.
Thanks. That fixed it. I guess what I don't understand is why that happened. We had this all setup and tested months ago and no Forward Lookup Zone was necessary. Then, out of the blue, it stopped working internally.
But, it makes sense that it's a split DNS issue. Kinda figured it was, but just can't put my finger on what changed to make it necessary to implement split DNS.
But, it makes sense that it's a split DNS issue. Kinda figured it was, but just can't put my finger on what changed to make it necessary to implement split DNS.
-
![]()
Solutionmethod needed to join sever 2016 essentials to sbs 2011 standard domain as replica dc for migration to server 2016 essentials (from essentials sku) -
![]()
ArticlePrint Server Deployment, Remote Desktop Services Print, and Troubleshooting -
![]()
VideoExchange 2019 - Installing the prerequisites for Exchange 2019 on the Exchange Server in Azure -
![]()
Cloud Class®Certification: MCSE Microsoft Certified Systems Engineer - Securing Windows Server 2016
-
![]()
received a Solution
To use DHCP on server 2016 essentials or on the router? -
![]()
wrote an Article
![]()
Delegation of access to Bitlocker Recovery Passwords – this way, please!
-
![]()
created a Video
![]()
Exchange 2019 - Join Exchange Server created in Azure to your new test lab domain
-
Explore Cloud Class® ![]()
Certification: MCSE Microsoft Certified Systems Engineer - Networking with Windows Server 2016
Premium Content
You need an Expert Office subscription to comment.Start Free Trial