ISA blocks access to SBS web sites by IP

Discussion in 'Windows Small Business Server' started by fletch, Jan 22, 2005.

  1. fletch

    fletch Guest

    Have had an SBS 2003 server with ISA up and running for a while with a static
    IP, and used to access RWW etc. by going to www.mysbs.com.

    Decided to have a 3rd party host www.mysbs.com, but still want access to RWW
    from the SBS server (which is still running exchange, etc.). Was hoping that
    I could access by typing the SBS external IP address into my browser instead
    of the URL, but ISA throws this error:

    403 Forbidden - The server denies the specified Uniform Resource Locator
    (URL). Contact the server administrator. (12202)
    Internet Security and Acceleration Server

    Anyone know how I get ISA to allow me to access what I used to previously by
    IP address? Still have mail being routed to mysbs.com...

    Thanks
     
    fletch, Jan 22, 2005
    #1
    1. Advertisements

  2. fletch

    Tony Su Guest

    This happens because your ISA Destination sets are configured with FQDN and
    not IP addresses. For each FQDN entry you have, create an entry using an IP
    address you'll be cooking.

    If you <really> want to be cool, configure your newly hosted mysbs.com
    website with virtual directories which redirect to your SBS and you'll be
    able to connect exactly like before.

    Tony
     
    Tony Su, Jan 22, 2005
    #2
    1. Advertisements

  3. In English [translated from the TSu] your ISA is saying "I'm going to
    pass along the request only if they come in with domain.com" and now you
    are using https://xx.xx.xx.xx

    Rerun the connect to internet wizard, build yourself a new certificate
    with the IP address

    You should be right as rain.
     
    Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP], Jan 22, 2005
    #3
  4. And a more elegant way is to have your domain host setup an A record for
    servername.FQDN and rerun CEICW creation new Cert for servername.FQDN and
    then you can type Https://servername.FQDN/remote or /exchange for OWA. The
    advantage is that if Static IP ever changes all you have to do is change the
    A record and your users won't have to change login address.

    --
    Frank McCallister SBS MVP
    COMPUMAC
     
    Frank McCallister SBS MVP, Jan 23, 2005
    #4
  5. fletch

    fletch Guest

    Susan,

    Thanks for the tip. I re-ran the connect to inet wizard and built a new
    certificate with the IP, but noticed the destination sets did not get updated
    in ISA and I still get the same error. Do you know if there is something
    else I need to do? I was contemplating trying to manually create new
    destination set entries as TSu suggested, but that feels a little over my
    head...

    Thanks in advance!

    -Carl Jones

     
    fletch, Jan 25, 2005
    #5
  6. Hi Fletch,

    Refresh the view in ISA. You did 'enable the firewall' when running CEICW,
    right?

    --
    Regards,

    Marina
    Microsoft SBS-MVP
    One of the Magical M&M's

     
    Marina Roos [SBS-MVP], Jan 25, 2005
    #6
  7. fletch

    fletch Guest

    Yes, I did enable the firewall. Also refreshed the view in ISA but still
    only have the FQDN entries in the destination sets. Anyone have any other
    ideas?

    -fletch

     
    fletch, Jan 28, 2005
    #7
  8. Hi Fletch,

    It should modify when running CEICW, but if it really doesn't want to do
    that, just add the destinationsets manually.

    --
    Regards,

    Marina
    Microsoft SBS-MVP
    One of the Magical M&M's

     
    Marina Roos [SBS-MVP], Jan 28, 2005
    #8
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.