Still can't connect to RWW or OWA remotely

Discussion in 'Windows Small Business Server' started by Leon Willard, Sep 21, 2006.

  1. Leon Willard

    Leon Willard Guest

    To update my problem from what is stated below: I followed the advice I
    received from serveral people on this newsgroup, and opened ports 443, 444,
    4125, 1723 and 3389 in our Efficient 5861 DSL router, and AT&T verified port
    25 was open.

    But I still couldn't connect remotely using https://publicIP/remote. So I
    called Efficient tech support to have them verify that the ports I specified
    were actually opened. Their tech told me he couldn't telnet into our router
    through our public IP to check. And he couldn't ping that IP either. He
    asked what method I used to forward the ports using telnet (it's <system
    addserver [private IP for server] tcp port number> which I took from their
    app note), and he said I was doing it correctly. After that I reran CEICW to
    verify all Web services were checked.

    But I still could not connect remotely. So it would seem that I've got
    something cofigured wrong, or something not yet configured. Also, Adaptec
    wanted to connect to our SBS to update some drivers, but were not able to
    connect. They asked me to connect to their site remotely from our server,
    and I wasn't able to do so. However, I was able to connect to their site
    from a workstation on our network. So it seems our SBS is still the source
    of the connection problems. And once again, I'll appreciate your help on
    this. Thanks.

    Leon



    I recently completed an installation of SBS2003 Standard without ISA using
    the two NIC configuration. At the front of the external 'WAN' NIC is a DSL
    router set up with a static IP from our ISP. This external NIC IP address is
    192.169.254.10 Our ISP (SBC) also provides us five additional static IP
    addresses which we don't use. The internal (LAN) NIC is using IP
    192.168.16.2. We also have a website hosted by SBC, but we don't use it's
    registered name or IP address for our SBS2003 network configuration. (except
    as mentioned below for a certificate).

    From inside the network, all users can access RWW and Exchange just fine.
    And the rest of the network and email works fine for all users also. Our
    problem is that we cannot connect to RWW or OWA from the Internet. When I
    try to connect using https://certificate/remote I always get the "Cannot
    find server or DNS Error" message.

    I have run CEICW a bunch of times and haven't gotten any errors. I have
    assumed that the problem is the certificate I am generating. I have tried
    using server.registered website name, but it doesn't work. I have also used
    the DSL public side IP address/remote, and that doesn't work either. It's
    pretty clear that I don't know how to fix this problem, and any help will be
    greately appreciated. Thanks.
     
    Leon Willard, Sep 21, 2006
    #1
    1. Advertisements

  2. Hi Leon,

    Could you please post an ipconfig /all for the SBS server and for a
    workstation?

    When you ran CEICW, did you select "a direct broadband connection", enable
    the firewall, select the services, select the Web Services, enter your
    Public IP address for the web server certificate, then finish the rest of
    CEICW?

    Also, try taking the router out of the equation...

    Attach a laptop that's configured for a workgroup (not a domain) to a free
    port on the router. Give it a static IP address of 192.169.254.x, a Subnet
    Mask of 255.255.255.0, and a Default Gateway of 192.169.254.10 (the LAN IP
    address of the router). Then try to RWW into the SBS server. If you're
    successful, the router configuration is the problem. If not, you're SBS
    server config (or the external NIC) is having a problem.

    --
    Merv Porter [SBS-MWP]
    ============================
     
    Merv Porter [SBS-MVP], Sep 21, 2006
    #2
    1. Advertisements

  3. Leon Willard

    Leon Willard Guest

    OK, here's where I am on this problem -- I connected my laptop to the DSL
    router port using the suggested setting and, no, I couldn't RWW in that way
    either. -- Before doing this, I reran CEICW and carefully checked all the
    settings to
    match the broadband connection, the two NIC firewall, the remote connection
    setup, and the certificate using the public IP.

    Along the way I noticed several things that may be relevant:

    - I have VPN checked, although users prefer RWW (if I ever get it to work!).

    - I checked the settings on the external NIC, and when I went to check
    bindings I got this error message: "Windows Firewall cannot run because
    another program or service is running that might use the network address
    translation component (Ipnat.sys)".

    - Only one workstation is a domain member, and it was joined manually (its
    ipconfig /all is shown below). The other workstations are still
    peer-to-peer, although they can access RWW and Exchange just fine. I had
    expected to join the other workstations once SBS was completely set up.

    Leon


    Workstation IPconfig /all




    Microsoft Windows XP [Version 5.1.2600]

    (C) Copyright 1985-2001 Microsoft Corp.



    C:\Documents and Settings\Albert>cd\



    C:\>ipconfig /all



    Windows IP Configuration



    Host Name . . . . . . . . . . . . : meridian-cadd5

    Primary Dns Suffix . . . . . . . : Meridian.local

    Node Type . . . . . . . . . . . . : Hybrid

    IP Routing Enabled. . . . . . . . : No

    WINS Proxy Enabled. . . . . . . . : No

    DNS Suffix Search List. . . . . . : Meridian.local

    Meridian.local



    Ethernet adapter Local Area Connection:



    Connection-specific DNS Suffix . : Meridian.local

    Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network
    Connecti

    on

    Physical Address. . . . . . . . . : 00-07-E9-D9-F3-54

    Dhcp Enabled. . . . . . . . . . . : Yes

    Autoconfiguration Enabled . . . . : Yes

    IP Address. . . . . . . . . . . . : 192.168.16.100

    Subnet Mask . . . . . . . . . . . : 255.255.255.0

    Default Gateway . . . . . . . . . : 192.168.16.2

    DHCP Server . . . . . . . . . . . : 192.168.16.2

    DNS Servers . . . . . . . . . . . : 192.168.16.2

    Primary WINS Server . . . . . . . : 192.168.16.2

    Lease Obtained. . . . . . . . . . : Friday, September 22, 2006


    ------------------------------------------------------------------------------------------------------------------------

    SBS2003 IPconfig /all





    Microsoft Windows [Version 5.2.3790]

    (C) Copyright 1985-2003 Microsoft Corp.



    C:\Documents and Settings\Administrator>cd\



    C:\>ipconfig /all



    Windows IP Configuration



    Host Name . . . . . . . . . . . . : meridian-2003

    Primary Dns Suffix . . . . . . . : Meridian.local

    Node Type . . . . . . . . . . . . : Unknown

    IP Routing Enabled. . . . . . . . : Yes

    WINS Proxy Enabled. . . . . . . . : Yes

    DNS Suffix Search List. . . . . . : Meridian.local



    Ethernet adapter Network Connection:



    Connection-specific DNS Suffix . :

    Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network
    Connection

    Physical Address. . . . . . . . . : 00-16-76-32-45-E5

    DHCP Enabled. . . . . . . . . . . : No

    IP Address. . . . . . . . . . . . : 192.168.254.10

    Subnet Mask . . . . . . . . . . . : 255.255.255.0

    Default Gateway . . . . . . . . . : 192.168.254.254

    DNS Servers . . . . . . . . . . . : 192.168.16.2

    NetBIOS over Tcpip. . . . . . . . : Disabled



    Ethernet adapter Server Local Area Connection:



    Connection-specific DNS Suffix . :

    Description . . . . . . . . . . . : Intel(R) PRO/100+ Server Adapter
    (PILA847

    0B)

    Physical Address. . . . . . . . . : 00-D0-B7-85-C7-5B

    DHCP Enabled. . . . . . . . . . . : No

    IP Address. . . . . . . . . . . . : 192.168.16.2

    Subnet Mask . . . . . . . . . . . : 255.255.255.0

    Default Gateway . . . . . . . . . :

    DNS Servers . . . . . . . . . . . : 192.168.16.2

    Primary WINS Server . . . . . . . : 192.168.16.2



    C:\>






     
    Leon Willard, Sep 23, 2006
    #3
  4. Leon Willard

    Leon Willard Guest

    Whoa! -- The ipconfig /all stuff I cut and pasted into my response looks
    ugly now, and with too much space in between lines. It was formatted using
    courier, and looked OK before I hit the Send button.
    Is there a better way to do it?
    - Leon





     
    Leon Willard, Sep 23, 2006
    #4
  5. Are you running SBS 2003 Standard or Premium (ISA installed)?
    Is this SBS 2003 SP1 with ISA 2004 installed?

    (Don't worry about the ipconfig /all format for now).

    --
    Merv Porter [SBS-MVP]
    ============================

     
    Merv Porter [SBS-MVP], Sep 23, 2006
    #5
  6. - I checked the settings on the external NIC, and when I went to check

    This sounds like a Windows Firewall problem. SBS 2003 does not use Windows
    Firewall. In fact, it should have been removed during the normal Integrated
    install of SBS. Try this:

    Start | Control Panel | Administrative Tools | RRAS | rt. click
    <yourservername> (local) | Disable Routing and Remote Access

    Start | Control Panel | Administrative Tools | Services... assure that the
    Routing and Remote Access service is stopped.

    Then re-run CEICW, ebanle the firewall, select the services you want, enter
    your public WAN IP for the certificate and finsih the rest of CEICW.

    Now try again both checking the bindings on the external NIC (should only
    have TCP/IP - not "Client for Microsoft Networks" or File and Printer
    Sharing") and accesing RWW from your laptop attached directly to a port on
    the router.

    --
    Merv Porter [SBS-MVP]
    ============================

     
    Merv Porter [SBS-MVP], Sep 23, 2006
    #6
  7. Leon Willard

    Leon Willard Guest

    Merv,

    We're running SBS2003 Standard SP1, and no ISA. I'll probably have to make
    these changes Monday morning. It's hard for us to get into the building over
    the weekend without prior notice - although I'm going to call and see. No
    matter, when I make the changes and test them, I'll give you an update. --
    It's funny, the more I work with SBS2003, the more I respect its abilities
    and complexities - in spite of its utter frustrating aspects along the way.
    I have also come to greatly respect all the MVP's and others on this
    newsgroup who freely offer their assistance - in ways that not only helps
    fix complex problems, but also teaches the rest of us too. So thanks again!

    Leon


     
    Leon Willard, Sep 23, 2006
    #7
  8. Leon Willard

    Leon Willard Guest

    In trying what Merv suggested below, this is what I found. --Apparently, the
    'Windows Firewall cannot run because another program . . . " is a false
    message since I found that Windows Firewall services were disabled and the
    external NIC has only TCP/IP enabled.

    After that I re-ran CEICW, this time eliminating VPN since it is unlikely to
    ever be used. I enabled the firewall, checking only email, and selecting
    only OWA, RWW, and Sharepoint Web services. I left the certificate
    originally created that points to the WAN IP address.

    After that, I tried accessing RWW from my laptop connected to a router port,
    thus bypassing the DSL router. No luck, I couldn't connect. However, I could
    connect to RWW from several workstations from within the network.

    Here's another peculiarity: During a setup problem with the Adaptec RAID
    controller, Adaptec requested that we connect to their website using the
    adaptec.com/remote command from out server. I didn't work at all. However, I
    could go to any workstation and connect to them just fine.

    This is a very frustrating problem. In all other respects the SBS server and
    all internal functions work just fine. But from outside the network, no
    connection seems possible. It's as if the built-in firewall is working too
    good! -- Any further suggestions will be greatly appreciated. Thanks.

    Leon






     
    Leon Willard, Sep 26, 2006
    #8
  9. Do you have any 3rd party Firewall software on the laptop?
    What error(s) do you get on the laptop (and maybe in the event logs on the
    server) when you fail to access RWW with the laptop?

    --
    Merv Porter [SBS-MVP]
    ============================

     
    Merv Porter [SBS-MVP], Sep 26, 2006
    #9
  10. Leon Willard

    Leon Willard Guest

    No, I don't have a 3rd party firewall, and it's a pretty plain vanilla WinXP
    Pro laptop. Connected to the network like the other workstations, I can get
    email and have Internet access the same as all the others.

    As for error messages when I fail to access RWW with the laptop, I don't get
    any. All that happens is it times out and then says the 'Page cannot be
    displayed'. I don't find any errors or other strange messages in the SBS
    event viewer either.

    Leon



     
    Leon Willard, Sep 26, 2006
    #10
  11. Does the "page cannot be displayed" error appear at the top of the page with
    the rest of the page blank? Or does it additionally show "cannot find
    server or dns" somewhere on the error page? I'm trying to determine if port
    443 is being blocked.

    Can you access OWA externally? (https://<PublicIPAddress>/exchange)


    Merv Porter [SBS-MVP]
    ============================
     
    Merv Porter [SBS-MVP], Sep 27, 2006
    #11
  12. Leon Willard

    Leon Willard Guest

    Merv, I get 'cannot find server or dns error' on both
    https://<PublicIPAddress>/remote and https://<PublicIPAddress>/exchange.
    Previously I had opened port 443 (and all the others you listed) in the
    Efficient DSL router. I used their command <system addserver 192.168.254.10
    TCP [port number]> to open the ports. The only way I knew to test whether
    the port was still open, was to try opening it again. It then gives an
    error. Is there a way to test whether SBS sees these ports as open or not?

    Leon


     
    Leon Willard, Sep 27, 2006
    #12
  13. Please post an IP ipconfig /all for the server and for the workstation
    that is joined to the SBS domain.

    I'm concerned that you can't access RWW by attaching a non-domain laptop (IP
    address: 192.168.254.xxx, Subnet Mask: 255.255.255.0, Default Gateway:
    192.168.254.254) directly to a port on the router and then trying to access
    RRW using the public IP address specified in the Web Server Certificate
    during CEICW. If you can't remote into the SBS server from a port on the
    router, the problem is with the SBS server setup (since the router doesn't
    come into play with this method of troubleshooting).

    I'm also concerned that you get an error trying to check the NIC bindings on
    the SBS server.

    --
    Merv Porter [SBS-MVP]
    ============================

     
    Merv Porter [SBS-MVP], Sep 28, 2006
    #13
  14. Leon Willard

    Leon Willard Guest

    No, I still cannot access RWW or Exchange using your suggested settings.
    So, it certainly appears to be something about the SBS configuration. Here
    are the postings of a domain joined workstation, and the SBS. I sure hope
    they help in fixing this frustrating problem. And thanks a lot for your help
    on this, Merv.

    Windows WORKSTATION XP Pro - Domain Member
    Windows IP Configuration
    Host Name . . . . . . . . . . . . : JOANNE01
    Primary Dns Suffix . . . . . . . :Meridian.local
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : Meridian.local
    Meridian.local Ethernet adapter Local Area Connection:
    Connection-specific DNS Suffix . : Meridian.local
    Description . . . . . . . . . . . : CNet PRO200WL PCI Fast Ethernet
    Adapter
    Physical Address. . . . . . . . . : 00-08-A1-1D-DA-06
    Dhcp Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    IP Address. . . . . . . . . . . . : 192.168.16.117
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.16.2
    DHCP Server . . . . . . . . . . . : 192.168.16.2
    DNS Servers . . . . . . . . . . . : 192.168.16.2
    Primary WINS Server . . . . . . . : 192.168.16.2
    Lease Obtained. . . . . . . . . . : Thursday, September 28, 2006
    5:16:42 PM
    Lease Expires . . . . . . . . . . : Friday, October 06, 2006 5:16:42
    PM

    Windows SMALL BUSINESS SERVER 2003 Windows IP Configuration
    Host Name . . . . . . . . . . . . : meridian-2003
    Primary Dns Suffix . . . . . . . : Meridian.local
    Node Type . . . . . . . . . . . . : Unknown
    IP Routing Enabled. . . . . . . . : Yes
    WINS Proxy Enabled. . . . . . . . : Yes
    DNS Suffix Search List. . . . . . : Meridian.local

    Ethernet adapter Network Connection:
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network
    Connection
    Physical Address. . . . . . . . . : 00-16-76-32-45-E5
    DHCP Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 192.168.254.10
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.254.254
    DNS Servers . . . . . . . . . . . : 192.168.16.2
    NetBIOS over Tcpip. . . . . . . . : Disabled

    Ethernet adapter Server Local Area Connection:
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Intel(R) PRO/100+ Server Adapter
    (PILA8470B)
    Physical Address. . . . . . . . . : 00-D0-B7-85-C7-5B
    DHCP Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 192.168.16.2
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . :
    DNS Servers . . . . . . . . . . . : 192.168.16.2
    Primary WINS Server . . . . . . . : 192.168.16.2


     
    Leon Willard, Sep 29, 2006
    #14
  15. I can't see any problems with your ipconfgs. If you check the NIC bindings
    now, do you still get an (the same) error?

    --
    Merv Porter [SBS-MVP]
    ============================

     
    Merv Porter [SBS-MVP], Sep 29, 2006
    #15
  16. Leon Willard

    Leon Willard Guest

    Yes, this same error pops up when I try to view bindings through the
    Advanced tab on both NICs. "Windows Firewall cannot run because another
    program or service is running that might use the network address translation
    component (Ipnat.sys)". I tried disabling one card, then the other, and
    checking each one, but the error was still there. Puzzling . . .

    As for the suggestion by Neadom about IIS, how do I check that?

    Leon


     
    Leon Willard, Sep 29, 2006
    #16
  17. I'm assuming this is SBS 2003 SP1. In the Services MMC, is the Windows
    Firewall/Internet Connection Sharing (ICS) service 'Disabled'?

    --
    Merv Porter [SBS-MVP]
    ============================

     
    Merv Porter [SBS-MVP], Sep 29, 2006
    #17
  18. Leon Willard

    Leon Willard Guest

    Neadom - here's our installation:

    The server is a SBS2003 SP1 Standard box without ISA, using the two NIC
    configuration. Broadband is an Efficient 5800 Series DSL modem-router with a
    4-Port switch set up with a static IP from our (AT&T) ISP. The NIC #1
    (external WAN) has a fixed IP address192.168.254.10, and connects to the DSL
    router 4-port switch.

    DHCP is handled by the server, and the #2 NIC (internal LAN) uses fixed IP
    192.168.16.2. This NIC connects to the LAN 24-port switch along with all
    workstations. -- The laptop was plugged into the Efficient 4-port switch.

    This installation worked as expected once it was set up -- that is, all
    workstations have Internet access, Exchange server handles the email, and
    all users are able to connect printers, files, and other resources.We could
    access features like RWW and OWA internally, but not remotely. As you can
    see, Merv has been a big help on diagnosing some of these problems step by
    step.

    Here's where we are right now. If I try to check the bindings on either of
    the two NICs by clicking the Advanced tabs, it won't open that box, and
    instead pops up this message: "Windows Firewall cannot run because another
    program or service is running that might use the network address translation
    component (Ipnat.sys)".

    This turns out to be a bogus message. Windows Firewall is disabled. So
    something else seems to be seriously wrong. Your comment, "To me it sounds
    like a routing issue. Because your request to the server is not being
    answered", is probably correct. But what is causing it? And what's causing
    these network cards to be so goofy?

    Leon


     
    Leon Willard, Sep 30, 2006
    #18
  19. Hi Leon,

    I saw a post recently that was similar to your situtation with the
    "(IPNAT.sys)" error. That poster solved his problem with RWW by enabling
    the Windows Firewall service and starting it. I'm not sure why this worked
    (the Windows Firewall service should be disabled in SBS 2003 SP1) but you
    might give it a try just to see if it works and allows to to externally
    access RWW. (Then maybe we can find out why it worked).

    --
    Merv Porter [SBS-MVP]
    ============================

     
    Merv Porter [SBS-MVP], Sep 30, 2006
    #19
  20. Leon Willard

    Leon Willard Guest

    Hello Merv,

    Actually I did try that - it was when I went in to disable Windows Firewall
    and found it already disabled. I thought I would enable it to see if it
    changed anything. When I tried, I immediately got the same (ipnat.sys) error
    as before. -- When I go in on Monday (I can't get into the building over the
    weekend) I'll try it again. -- And I'll also check out the IIS settings.

    Leon
    =================


     
    Leon Willard, Sep 30, 2006
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.