Remote access ip/remote okay, domain/remote NOPE

Discussion in 'Windows Small Business Server' started by CherylDetrick, Feb 5, 2007.

  1. Using SBS 2k3 release 2 without a desktop workstation (my laptop is my
    workstation in the office and my remote outside of it); I can only access the
    server using our staticip/remote, not https://domain/remote. Of course, when
    I access with the staticip/remote, I get the error message that the
    certificates don't match and that causes issues too.

    So, question, why can I access to the ip and not the domain. (yes, I've run
    the remote connection wizard on the server.)

    Help!
     
    CherylDetrick, Feb 5, 2007
    #1
    1. Advertisements

  2. CherylDetrick

    Steve Guest

    What public DNS A record are you using for the CEICW FQDN on the self
    generated certificate?
     
    Steve, Feb 5, 2007
    #2
    1. Advertisements

  3. The certificate must match the DNS A name record. So seeing how you are
    using a static IP address you'll always get this error message. So most
    likely you are using the default certificate generated when you run the
    CEICW which is usually domainname.local. You need to register a FQDN and
    create a new certificate. The reason why you cannot access
    https://yourdomain.com/remote because there is no DNS A record for
    yourdomain.com that is linked to the IPaddress. DNS does not know about
    yourdomain.com. Most likely your mail server is registered at your ISP as
    mail.yourdomain.com and you can likely get to
    https://mail.yourdomain.com/remote
     
    SBS in Silicon Valley, Feb 5, 2007
    #3
  4. Hi:

    Okay, this is probably a REALLY stupid question. Here is the situation, our
    domain is hosted via Yahoo. All the A records on our control hosting panel
    there end in our domainwebsite.org. However, my server is
    publishing.serverdomain.local. I'm currently on the phone with yahoo tech
    support (that is an adventure, they know less than I do!) ... is there
    another way to create an A record?
     
    CherylDetrick, Feb 5, 2007
    #4
  5. Who hosts your Exchange MX records? Your MX records are the ones that direct
    emails sent to you to the mail server whoever hosts it whether it be yahoo
    or you host your own SMTP mail servers. Do you have email delivered directly
    to your own SMTP Exchange mail server or do you use POP3 and pull your
    emails down from Yahoo?
     
    SBS in Silicon Valley, Feb 5, 2007
    #5
  6. My exchange MX records are hosted throughg yahoo. I do host the smtp mail
    server now (though I didn't until recently).

    I've been on the phone since I posted this with the data provider for our
    building T1 line that assigned me the static IP address to see if they can
    assign the A record to my serverdomain.local. They are pretty confused, but
    trying to get to their own tech people to figure it out. I'm not incredibly
    optimistic at this point!
     
    CherylDetrick, Feb 5, 2007
    #6
  7. Well Cheryl then you do not need to do anything else. If you host your own
    SMTP Exchange mail server then yahoo has the MX record for your mail server.
    It is probably something like mail.yourdomain.com and you can use this to
    get to your remote or OWA by using https://mailyourdomain.com/remote. Now
    what you need to do is rerun the CEICW and create a new certificate that
    matches that A record.
     
    SBS in Silicon Valley, Feb 5, 2007
    #7
  8. Okay.. another question: can I tell CEICW that I want to use a specific name
    (like my .org)? And if I do, I have an A record setup for that, but I can't
    setup the .local through yahoo. Everything they have is webserver.org and
    that is where it stops.

    I need an A record not an MX record right?
     
    CherylDetrick, Feb 5, 2007
    #8
  9. Here is what I do Cheryl to elimnate confusion and simplify things. I'm
    going to use mycompany as mail server name. My domain name ia different so I
    don't have certain issues.
    You send me an email at and it comes to my SMTP Exchange
    server and delivers the mail. My A record for my mail server is
    mail.mycompany.com which is linked to the external IP of my SBS server. My
    MX record points to mycompany.com. So in my case I cannot use or create
    another A name record to mycompany.com becuase it is used for our external
    website that is tied to a different IP. So I had my ISP create a new alias
    C.Name record and I called it gomycompany.com so for anything that uses that
    external IP I can use this alias.

    For OWA they use https://gomycompany.com/exchange
    For remote they use https://gomycompany.com/remote
    For external access for comapnyweb they can use https://gomycompany.com:444
    and even the access my Citrix server they can use http://gomycomapny.com

    So you see the whole idea of creating an A record is to use an laternative
    name for the IP address it is linked to. Now given the above information you
    can see that I can also use https://mail.mycompany.com/remote because
    mail.mycompany.com and mycomapny.com are linked to the same external IP.
    Hope all this helps out.
     
    SBS in Silicon Valley, Feb 5, 2007
    #9
  10. CherylDetrick

    Steve Guest

    A .local domain is only for internal use and not valid externally. What is
    the exact A record name that is associated with the MX record you have setup
    for delivery to your Exchange? That is the FQDN that you need to use for
    your certificate when you run the CEICW.
     
    Steve, Feb 5, 2007
    #10
  11. Steve:

    Do you mean the mail record I set up for mail to come to my exchange server?

    Cheryl
     
    CherylDetrick, Feb 8, 2007
    #11
  12. CherylDetrick

    Steve Guest

    Both the mail (MX) record and the host (A) record you have the MX record
    pointed to.
     
    Steve, Feb 8, 2007
    #12
  13. I'm sorry to be so dense about this!!!

    But, let me try this!

    When I went through the wizard on SBS2k3, it seems to me that it created the
    remote name that ended up on my certificate ...
    publishing.myserverdomain.local (keep in mind I was in the final days before
    my shoulder surgery so LOTS of pain meds involved and the details are quite
    fuzzy now!) ... of course a .local for a name is VERY problematic as that is
    not a global domain and I think my whole problem is I can't find a way to get
    the thing resolved because I can get an A record with that.

    Can I go back, re-run the wizard give it a name I choose, go to my yahoo web
    hosting, create an a record that goes with that name and then get a web cert
    and be good to go on this????
     
    CherylDetrick, Feb 9, 2007
    #13
  14. CherylDetrick

    Steve Guest

    Cheryl basically yes if the Yahoo web hosting is also hosting your DNS
    records. However, if you're currently receiving mail to Exchange via SMTP
    you already have a public DNS A record you can use for the certificate as
    well without creating a new one.
     
    Steve, Feb 9, 2007
    #14
  15. Yes Yahoo is hosting my DNS records and yes I'm receiving mail to exchange
    via SMTP. So, I use my MX record for my certificate for my server? I'm
    confused, how do I do that?
     
    CherylDetrick, Feb 9, 2007
    #15
  16. CherylDetrick

    Steve Guest

    Your MX record is actually pointing to an A record such as
    mail.mydomain.com. That is what you'd use for the cert when running the
    CEICW. Then for example RWW access would be
    https://mail.mydomain.com/remote. When the remote computer connects to that
    URL with IE a security prompt pops up the first time and if you want to use
    Outlook via RPC/HTTP you have to actually install that cert on the remote
    computer.
     
    Steve, Feb 9, 2007
    #16
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.