Can not get RWW to work from outside network

[3Saturns]

I followed the instructions in SBS help to enable RWW. Since I have the website hosted by a third party, I try to access RWW using the IP address (xx.xxx.xxx.x/remote). I get the "Page cannot be displayed". I can connect from within the network using servername/remote. I have checked that I have forward ports 443, 444, 4125, and 3389 with TCP and UDP in my router. I also turned off my firewall and it sill did not work. I have all the latest updates for SBS 2003.

The customer has Verizon business DSL with static IP. I am testing from home with Verizon DSL (dynamic). Do I need to do something special on the external clients besides make sure the boxes are checked on the System>Remote page?

Any suggestions?

 

[markdmac]

Are you using the PUBLIC IP? Have you registered a host name to point to that IP in public DNS? Did you run CEICW? Can you telnet from outside the network to that IP on port 80? Is port 80 open on your firewall?

PS: RWW does not require 3389.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.

 

[FloDiggs]

When you opened the ports on your router, did you make sure that you forwarded them to the IP address of the server?

Also, why do you have this issue posted twice?

 

[3Saturns]

I posted twice because no one responded, and my question changed slightly.

Yes, I forwarded the ports to the internal ip of the server.

RWW now works from within the network using remote.domain.com/remote
BUT still can not get it to work outside the network.

 

[markdmac]

And what about the questions asked about public DNS?

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.

 

[3Saturns]

Oops, sorry I forgot to answer you Mark.

I have edited my zone file to have remote.domain.com pointing to the public IP

I did make sure I opened port 80 for both TCP and UDP on the router.

Yes, I ran CEICW.

When I try telnet to IP on port 80, I get
"Could not open connection to the host, on port 23: connect failed"

Thanks for your help

Suzanne

 

[markdmac]

When I try telnet to IP on port 80, I get
"Could not open connection to the host, on port 23: connect failed"

You must have some form of NAT redirection happening if port 80 is being redirected to port 23.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.

 

[3Saturns]

Ok, I'm really in over my head...where would I check for NAT redirection? In the router, in my DSL modem, on my server?

 

[smokinsarg]

Have you forwarded the HTTPS port on the router to the server. RWW URL

http://domain.com/remote

forwards all traffic from http to https for the login screen.

 

[markdmac]

Ok, I'm really in over my head...

Thanks for being honest. I advise you to get a consultant in for an hour to assist you with this. They can show you how to manage this and get you up and running.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.

 

[3Saturns]

I did have someone else look at my setup, and he could not see any problems (although he admitted he is a little rusty in this area). We did find a slight problem with the DNS zone file that we fixed. From outside the network I can ping remote.domain.com but when I enter that in a web browser I get "Sorry, we couldn't find

https://remote.domain.com"

and brings up a list of related websites.

When I tracert remote.domain.com it ends at mail.domain.com (with the my public ip).

Is this a DNS problem? Could it be something in my forward and/or reverse lookup zones in my local DNS server (external DNS is done by ISP)?

 

[markdmac]

This would be an issue with your PUBLIC DNS records, not internal DNS.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.

 

[3Saturns]

Ok. Thanks. I have set up an A record for remote, am I missing a PTR record? What should the corresponding PTR record be? Does it matter that a 3rd party is hosting my website and email and that the email is scanned by another party (MX records to go there and the party sends them back)? Website and email are working fine...

Thanks for pointing in the right direction.

 

[markdmac]

With respect to your public DNS, you will want to have the following setup, not just for RWW but in general.


A record for Remote pointing to public IP of your server
A record to be used by MX record, pointing to IP where mail is to be sent to.
MX record pointing to the above host name
RDNS entry pointing to your servers public IP
SPF record pointing to your servers public IP

Additionally, if you plan to support SmartPhones or PocketPC phones with your Exchange then it is a good idea to get a digital certificate, use the name of remote.company.com when setting up the certificate so it matches the public A record.

Make sure you have IIS security setup properly too.

IIS Settings

Default Web site
    Enable Anonymous access
    Integrated Windows Authentication
Exadmin
    Integrated Windows Authentication
    Require SSL
        Require 128 bit
Exchange
    Basic Authentication
        Default Domain \
Exchange-oma
    Integrated Windows Authentication
    Basic Authentication
ExchWeb
    Enable Anonymous access
    Require SSL
        Require 128 bit
Microsoft-Server-ActiveSync
    Scripts and Executables
    Exchange Application Pool
    Basic Authentication
        Default Domain DomainName
OMA
    Scripts Only
    ExchangeMobileBrowseApplicationPool
    Basic Authentication
        Default Domain DomainName
Public
    Basic Authentication
        Default Domain \
    Require SSL
        Require 128 bit

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.

 

[3Saturns]

Thanks all for all of the help. It is fianlly working. The last couple of pieces were a box I forget to check in the McAfee Firewall, and allowing Popups and cookies in IE for the RWW website on the PC I am testing from.