Certificate trouble with https://ipaddress/remote MM <nosend2me[ at ]hotmail.com> 05.07.2007 01:31:52 We've just upgraded from SBS2K and I'm trying to get RWW to work on our new SBS2K3 R2 set-up. When running the Internet Connection Wizard, I set the certificate to SBSName.domain.com (tried to use the IPAddress but it wouldn`t take it) and continued OK. When I connect https://ipaddress/remote I get a certificate error and it won`t connect I have all the ports open (can VPN and RDP OK) and pointed to the outside network card. We have a fixed ip but no domain name connected to it yet. Possible Newbie Question Alert!!!!!! If we register a domain name, how do I publish it (Name Servers) so it connects to my IP to make it easier for our oustside people to remember the àddress. Thx

Re: Certificate trouble with https://ipaddress/remote "Russ Grover \(SBITS.Biz\)" <support[ at ]REMOVETHIS.SBITS.Biz> 05.07.2007 02:38:01 Where you host did you have them create an A record of sbsServer.yourdomain.com and point to your external IP? (Use this as your Web Cert) and When you run CEICW have these boxes changed. http://www.sbits.biz/CEICW_Web_Services_Configuration.jpg and if you have a firewall port 443 and 4125 for RWW open If you want Company web then port 444 https://sbsServer.yourdomain.com:444/ If you want VPN then run the Remote Connector Port 1723 and GRE on your firewall and use the sbsServer.yourdomain.com as the FQDN Russ -- Russell Grover SBITS.Biz Microsoft Certified Small Business Specialist. MCP, MCPS, MCNPS, (MCP-SBS) support [ at ] SBITS.Biz Remote SBS2003 Support http://www.SBITS.Biz "MM" <nosend2me[ at ]hotmail.com> wrote in message news:1183599112.553375.49670[ at ]m36g2000hse.googlegroups.com... We've just upgraded from SBS2K and I'm trying to get RWW to work on our new SBS2K3 R2 set-up. When running the Internet Connection Wizard, I set the certificate to SBSName.domain.com (tried to use the IPAddress but it wouldn`t take it) and continued OK. When I connect https://ipaddress/remote I get a certificate error and it won`t connect I have all the ports open (can VPN and RDP OK) and pointed to the outside network card. We have a fixed ip but no domain name connected to it yet. Possible Newbie Question Alert!!!!!! If we register a domain name, how do I publish it (Name Servers) so it connects to my IP to make it easier for our oustside people to remember the àddress. Thx

Re: Certificate trouble with https://ipaddress/remote "Cris Hanna [SBS-MVP]" <crisnospamhanna[ at ]computingnospampossibilities.net> 05.07.2007 02:40:06 Since you won't host your new domain name's website on your SBS server, simply register the domain at godaddy.com or someother registrar and pay the 4.00 for their basic website. You will then get access to the DNS control panel and modify your MX records and create the A record which points mail.domainname.com to your public IP (mail.domainname.com is simply an example...it could be remote.domainname.com or sbsservername.domainname.com or whatever you want) -- Cris Hanna [SBS-MVP] ------------------------------ Please do not contact me directly, only respond in the Newsgroups MVPs do not work for Microsoft ------------------------------ Send via Windows Mail on Vista Ultimate connected to SBS 2003 R2 "MM" <nosend2me[ at ]hotmail.com> wrote in message news:1183599112.553375.49670[ at ]m36g2000hse.googlegroups.com... We've just upgraded from SBS2K and I'm trying to get RWW to work on our new SBS2K3 R2 set-up. When running the Internet Connection Wizard, I set the certificate to SBSName.domain.com (tried to use the IPAddress but it wouldn`t take it) and continued OK. When I connect https://ipaddress/remote I get a certificate error and it won`t connect I have all the ports open (can VPN and RDP OK) and pointed to the outside network card. We have a fixed ip but no domain name connected to it yet. Possible Newbie Question Alert!!!!!! If we register a domain name, how do I publish it (Name Servers) so it connects to my IP to make it easier for our oustside people to remember the àddress. Thx

Re: Certificate trouble with https://ipaddress/remote "Claus" <cjobes[ at ]nova-tech.org> 05.07.2007 02:51:55 You can do a cert on IP but it is better to use FQDN. You should be able to connect with just http. The SBS will redirect. You will get a cert warning because you are using a self cert and not a commercial on. If you get your domain, just run the CEICW again and change the cert to the FQDN. You need to create a A record on your authoritative DNS server (normally your registrar) with the name of your server pointing to your static IP. If you also want to host your own mail, you need to create an MX record that points to your A record. Most people that host their own mail use Mail.YourDomain.com for the cert and create an A record with the name MAIL but that is totally up to you. -- Claus "MM" <nosend2me[ at ]hotmail.com> wrote in message news:1183599112.553375.49670[ at ]m36g2000hse.googlegroups.com... We've just upgraded from SBS2K and I'm trying to get RWW to work on our new SBS2K3 R2 set-up. When running the Internet Connection Wizard, I set the certificate to SBSName.domain.com (tried to use the IPAddress but it wouldn`t take it) and continued OK. When I connect https://ipaddress/remote I get a certificate error and it won`t connect I have all the ports open (can VPN and RDP OK) and pointed to the outside network card. We have a fixed ip but no domain name connected to it yet. Possible Newbie Question Alert!!!!!! If we register a domain name, how do I publish it (Name Servers) so it connects to my IP to make it easier for our oustside people to remember the àddress. Thx

Re: Certificate trouble with https://ipaddress/remote MM <nosend2me[ at ]hotmail.com> 05.07.2007 03:37:04 Thanks for your post, no A record created yet... I'll get that done and proceed. as outlined. On Jul 4, 10:38 pm, "Russ Grover \(SBITS.Biz\)" <supp...[ at ]REMOVETHIS.SBITS.Biz> wrote: [Quoted Text] > Where you host did you have them create an A record of > sbsServer.yourdomain.com and point to your external IP? > > (Use this as your Web Cert) > > and When you run CEICW have these boxes changed.http://www.sbits.biz/CEICW_Web_Services_Configuration.jpg > > and if you have a firewall > port 443 and 4125 for RWW open > > If you want Company web then port 444https://sbsServer.yourdomain.com:444/ > > If you want VPN then run the Remote Connector > Port 1723 and GRE on your firewall > and use the sbsServer.yourdomain.com as the FQDN > > Russ > > -- > > Russell Grover > SBITS.Biz > Microsoft Certified Small Business Specialist. > MCP, MCPS, MCNPS, (MCP-SBS) > support [ at ] SBITS.Biz > Remote SBS2003 Supporthttp://www.SBITS.Biz > > "MM" <nosend...[ at ]hotmail.com> wrote in message > > news:1183599112.553375.49670[ at ]m36g2000hse.googlegroups.com... > We've just upgraded from SBS2K and I'm trying to get RWW to work on > our new SBS2K3 R2 set-up. When running the Internet Connection Wizard, > I set the certificate to SBSName.domain.com (tried to use the > IPAddress but it wouldn`t take it) and continued OK. > > When I connect https://ipaddress/remoteI get a certificate error and > it won`t connect I have all the ports open (can VPN and RDP OK) and > pointed to the outside network card. We have a fixed ip but no domain > name connected to it yet. > > Possible Newbie Question Alert!!!!!! > If we register a domain name, how do I publish it (Name Servers) so it > connects to my IP to make it easier for our oustside people to > remember the àddress. > > Thx

Re: Certificate trouble with https://ipaddress/remote MM <nosend2me[ at ]hotmail.com> 07.07.2007 04:56:06 Thanks to all... I have RWW and OWA up and running! Next I need to get an internal B2B WebServer 192.168.1.25 set-up how do I get web traffic routed thourugh ISA to be answered 192.168.1.25? This B2B Server has a connection back to the SBS Box and Sql Server at 192.168.1.2 My outside LAN card is 192.168.16.253 I suspect I need to bring the B2B traffic in on a port other than 80 since it is used already Thx

Re: Certificate trouble with https://ipaddress/remote "Claus" <cjobes[ at ]nova-tech.org> 07.07.2007 05:14:09 First, it is not a good idea to open your LAN to that traffic. Put that web server into the 16.x network or totally isolated into the DMZ of your router. Second, what are you using port 80 for? RWW and OWA are not using that and you shouldn't have it open. -- Claus "MM" <nosend2me[ at ]hotmail.com> wrote in message news:1183784166.035157.279370[ at ]r34g2000hsd.googlegroups.com... [Quoted Text] > Thanks to all... I have RWW and OWA up and running! > > Next I need to get an internal B2B WebServer 192.168.1.25 set-up how > do I get web traffic routed thourugh ISA to be answered 192.168.1.25? > This B2B Server has a connection back to the SBS Box and Sql Server at > 192.168.1.2 > > My outside LAN card is 192.168.16.253 > > I suspect I need to bring the B2B traffic in on a port other than 80 > since it is used already > > Thx >

Re: Certificate trouble with https://ipaddress/remote MM <nosend2me[ at ]hotmail.com> 07.07.2007 05:28:28 On Jul 7, 1:14 am, "Claus" <cjo...[ at ]nova-tech.org> wrote: [Quoted Text] > First, it is not a good idea to open your LAN to that traffic. Put that web > server into the 16.x network or totally isolated into the DMZ of your > router. > Second, what are you using port 80 for? RWW and OWA are not using that and > you shouldn't have it open. > > -- > Claus"MM" <nosend...[ at ]hotmail.com> wrote in message > > news:1183784166.035157.279370[ at ]r34g2000hsd.googlegroups.com... > > > > > Thanks to all... I have RWW and OWA up and running! > > > Next I need to get an internal B2B WebServer 192.168.1.25 set-up how > > do I get web traffic routed thourugh ISA to be answered 192.168.1.25? > > This B2B Server has a connection back to the SBS Box and Sql Server at > > 192.168.1.2 > > > My outside LAN card is 192.168.16.253 > > > I suspect I need to bring the B2B traffic in on a port other than 80 > > since it is used already > > > Thx- Hide quoted text - > > - Show quoted text - Thanks for your post, I understand the benefit of DMZ with router - how do I connect to live sql data? ISA Shows SBS Web Lister http:// port 80 https:// port 443

Re: Certificate trouble with https://ipaddress/remote "Claus" <cjobes[ at ]nova-tech.org> 07.07.2007 14:26:33 You can connect to RWW and OWA with https and you don't need 80 on the SBS. If you forward port 80 to your web server in the DMZ you don't need a second IP. As to the SQL, the safest way is to run a replica of the DB on the web server but you can also do an ODBC connection to the backend. If you do that, make sure that you create the rule in the ISA to limit access to ONLY the IP address of your web server. -- Claus "MM" <nosend2me[ at ]hotmail.com> wrote in message news:1183786108.315969.201740[ at ]o61g2000hsh.googlegroups.com... [Quoted Text] > On Jul 7, 1:14 am, "Claus" <cjo...[ at ]nova-tech.org> wrote: >> First, it is not a good idea to open your LAN to that traffic. Put that >> web >> server into the 16.x network or totally isolated into the DMZ of your >> router. >> Second, what are you using port 80 for? RWW and OWA are not using that >> and >> you shouldn't have it open. >> >> -- >> Claus"MM" <nosend...[ at ]hotmail.com> wrote in message >> >> news:1183784166.035157.279370[ at ]r34g2000hsd.googlegroups.com... >> >> >> >> > Thanks to all... I have RWW and OWA up and running! >> >> > Next I need to get an internal B2B WebServer 192.168.1.25 set-up how >> > do I get web traffic routed thourugh ISA to be answered 192.168.1.25? >> > This B2B Server has a connection back to the SBS Box and Sql Server at >> > 192.168.1.2 >> >> > My outside LAN card is 192.168.16.253 >> >> > I suspect I need to bring the B2B traffic in on a port other than 80 >> > since it is used already >> >> > Thx- Hide quoted text - >> >> - Show quoted text - > > Thanks for your post, I understand the benefit of DMZ with router - > how do I connect to live sql data? > > ISA Shows SBS Web Lister > http:// port 80 > https:// port 443 >

Re: Certificate trouble with https://ipaddress/remote MM <nosend2me[ at ]hotmail.com> 07.07.2007 17:30:41 On Jul 7, 10:26 am, "Claus" <cjo...[ at ]nova-tech.org> wrote: [Quoted Text] > You can connect to RWW and OWA with https and you don't need 80 on the SBS. > If you forward port 80 to your web server in the DMZ you don't need a second > IP. > As to the SQL, the safest way is to run a replica of the DB on the web > server but you can also do an ODBC connection to the backend. If you do > that, make sure that you create the rule in the ISA to limit access to ONLY > the IP address of your web server. > > -- > Claus"MM" <nosend...[ at ]hotmail.com> wrote in message > > news:1183786108.315969.201740[ at ]o61g2000hsh.googlegroups.com... > > > > > On Jul 7, 1:14 am, "Claus" <cjo...[ at ]nova-tech.org> wrote: > >> First, it is not a good idea to open your LAN to that traffic. Put that > >> web > >> server into the 16.x network or totally isolated into the DMZ of your > >> router. > >> Second, what are you using port 80 for? RWW and OWA are not using that > >> and > >> you shouldn't have it open. > > >> -- > >> Claus"MM" <nosend...[ at ]hotmail.com> wrote in message > > >>news:1183784166.035157.279370[ at ]r34g2000hsd.googlegroups.com... > > >> > Thanks to all... I have RWW and OWA up and running! > > >> > Next I need to get an internal B2B WebServer 192.168.1.25 set-up how > >> > do I get web traffic routed thourugh ISA to be answered 192.168.1.25? > >> > This B2B Server has a connection back to the SBS Box and Sql Server at > >> > 192.168.1.2 > > >> > My outside LAN card is 192.168.16.253 > > >> > I suspect I need to bring the B2B traffic in on a port other than 80 > >> > since it is used already > > >> > Thx- Hide quoted text - > > >> - Show quoted text - > > > Thanks for your post, I understand the benefit of DMZ with router - > > how do I connect to live sql data? > > > ISA Shows SBS Web Lister > > http:// port 80 > > https:// port 443- Hide quoted text - > > - Show quoted text - Thanks again for your post. I am a newbie in the area of ISA and routers. To clarify: Webserver becomes 192.168.16.25 in the DMZ, port 80 fwds to 192.168.16.25 since it is not actually needed - I remove the posrt 80 rule which now I think converts port 80 to port 443. My SQL ODBC connects (with a very limited password protected B2B User Account) to the live data ISA allow only SQL traffic from 192.168.16..25 through the ODBC connection Have I got it?

Re: Certificate trouble with https://ipaddress/remote "Claus" <cjobes[ at ]nova-tech.org> 07.07.2007 17:46:37 Yup, that's it. -- Claus "MM" <nosend2me[ at ]hotmail.com> wrote in message news:1183829441.796212.215540[ at ]22g2000hsm.googlegroups.com... [Quoted Text] > On Jul 7, 10:26 am, "Claus" <cjo...[ at ]nova-tech.org> wrote: >> You can connect to RWW and OWA with https and you don't need 80 on the >> SBS. >> If you forward port 80 to your web server in the DMZ you don't need a >> second >> IP. >> As to the SQL, the safest way is to run a replica of the DB on the web >> server but you can also do an ODBC connection to the backend. If you do >> that, make sure that you create the rule in the ISA to limit access to >> ONLY >> the IP address of your web server. >> >> -- >> Claus"MM" <nosend...[ at ]hotmail.com> wrote in message >> >> news:1183786108.315969.201740[ at ]o61g2000hsh.googlegroups.com... >> >> >> >> > On Jul 7, 1:14 am, "Claus" <cjo...[ at ]nova-tech.org> wrote: >> >> First, it is not a good idea to open your LAN to that traffic. Put >> >> that >> >> web >> >> server into the 16.x network or totally isolated into the DMZ of your >> >> router. >> >> Second, what are you using port 80 for? RWW and OWA are not using that >> >> and >> >> you shouldn't have it open. >> >> >> -- >> >> Claus"MM" <nosend...[ at ]hotmail.com> wrote in message >> >> >>news:1183784166.035157.279370[ at ]r34g2000hsd.googlegroups.com... >> >> >> > Thanks to all... I have RWW and OWA up and running! >> >> >> > Next I need to get an internal B2B WebServer 192.168.1.25 set-up how >> >> > do I get web traffic routed thourugh ISA to be answered >> >> > 192.168.1.25? >> >> > This B2B Server has a connection back to the SBS Box and Sql Server >> >> > at >> >> > 192.168.1.2 >> >> >> > My outside LAN card is 192.168.16.253 >> >> >> > I suspect I need to bring the B2B traffic in on a port other than 80 >> >> > since it is used already >> >> >> > Thx- Hide quoted text - >> >> >> - Show quoted text - >> >> > Thanks for your post, I understand the benefit of DMZ with router - >> > how do I connect to live sql data? >> >> > ISA Shows SBS Web Lister >> > http:// port 80 >> > https:// port 443- Hide quoted text - >> >> - Show quoted text - > > Thanks again for your post. I am a newbie in the area of ISA and > routers. > > To clarify: > Webserver becomes 192.168.16.25 in the DMZ, > port 80 fwds to 192.168.16.25 since it is not actually needed - I > remove the posrt 80 rule which now I think converts port 80 to port > 443. > > My SQL ODBC connects (with a very limited password protected B2B User > Account) to the live data ISA allow only SQL traffic from > 192.168.16..25 through the ODBC connection > > Have I got it? > >