• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Remote Web Workplace / DNS woes

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> ISA 2000 SBS >> Remote Web Workplace / DNS woes Page: [1]
Login
Message << Older Topic   Newer Topic >>
Remote Web Workplace / DNS woes - 30.Dec.2005 1:41:45 PM   
davidiwharper

 

Posts: 3
Joined: 29.Dec.2005
Status: offline
Greetings,

 

I'm trying to configure a new ISA Server 2000 installation, integrated with Windows Small Business Server 2003 SP1 (the reason we're using ISA 2000 is that Symantec AV for ISA doesn't support 2004 as yet).

 

Anyway, I'm a total newbie at this, and I've run into a problem publishing Remote Web Workplace. Our setup looks like this:

 

SpeedStream ADSL modem (public IP / 10.0.0.138) --->  Netgear firewall/router (10.0.0.1 / 192.168.0.1) --->  SBS (192.168.0.40 / 10.17.1.254) ---> local network (10.17.1.xxx)


ISA rules: Permit all outbound traffic (just for testing!), the default SBS CEICW publishing rules (edited to direct from publishing.domain.local to www.domain.com.au), and a 444 publication rule.



I've set up a simple split DNS, and RWW/OWA/SharePoint etc can all be accessed via their proper domain names on the internal network. The same cannot be said, however, for external clients. When we try to access the site externally, http access works fine, but https does not. When we go to /Remote, the browser hangs. We can access /Remote/login.aspx (or whatever the URL is) but can't log in.

 

In the ISA log, we get a 302 message (redirect?) but no further information that I can discern. When I was playing around trying to fix the errors, for a time we would get 502 and 407 errors instead, but the reproduction steps elude me (I'd been bashing my head against this for two days straight before the Christmas break).

The bad part is that I think I've managed to stuff something up - RWW was working this morning, but SharePoint wasn't; it didn't work from RWW, and going to http://www.domain.com.au:444/ internally timed out. So I ran the vb script from the MS KB to add 444 into the SSL ports, added a new commercial SSL certificate to wwwroot, transferred the inhouse SSL certificate to the SharePoint site and then ran the SBS wizard thingy (CEICW) again. The result: we can now access http://www.domain.com.au:444/ and http://www.domain.com.au/Remote/ internally, but neither SharePoint or RWW are accessable outside the firewall - the connection just times out. Also, connecting to http://www.domain.com.au:443/ internally times out as well (maybe this is the problem?

The ISA log suggests it is forwarding the SSL connection to http://www.domain.com.au:443/ rather than https://www.domain.com.au/). Looking at the log on the Netgear, it appears as if the port forwarding is working. If I connect up a Linux box, I can https in all I want.

I'm really stuck -- and have probably missed something obvious -- so if you can help that would be great.


Thanks!
David

< Message edited by davidiwharper -- 4.Jan.2006 6:05:19 AM >
Post #: 1
RE: Remote Web Workplace / SSL woes - 3.Jan.2006 2:20:10 AM   
davidiwharper

 

Posts: 3
Joined: 29.Dec.2005
Status: offline
I'm back at work, and have more information.

The ipconfig /all output from the server is: 
Windows IP Configuration
  Host Name . . . . . . . . . . . . : arigal
  Primary Dns Suffix  . . . . . . . : domain.local
  Node Type . . . . . . . . . . . . : Unknown
  IP Routing Enabled. . . . . . . . : Yes
  WINS Proxy Enabled. . . . . . . . : Yes
  DNS Suffix Search List. . . . . . : domain.local

Ethernet adapter Server Local Area Connection:
  Connection-specific DNS Suffix  . :
  Description . . . . . . . . . . . : HP NC1020 Gigabit Server Adapter 32 PCI
  Physical Address. . . . . . . . . : 00-14-38-B8-FE-C7
  DHCP Enabled. . . . . . . . . . . : No
  IP Address. . . . . . . . . . . . : 10.17.1.254
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Default Gateway . . . . . . . . . :
  DNS Servers . . . . . . . . . . . : 10.17.1.254
  Primary WINS Server . . . . . . . : 10.17.1.254
Ethernet adapter Network Connection:
  Connection-specific DNS Suffix  . :
  Description . . . . . . . . . . . : Embedded Broadcom NetXtreme 5721 PCI-E Gigabit NIC
  Physical Address. . . . . . . . . : 00-13-21-B4-8A-E8
  DHCP Enabled. . . . . . . . . . . : No
  IP Address. . . . . . . . . . . . : 192.168.0.40
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Default Gateway . . . . . . . . . : 192.168.0.1
  DNS Servers . . . . . . . . . . . : 10.17.1.254
  Primary WINS Server . . . . . . . : 10.17.1.254
  NetBIOS over Tcpip. . . . . . . . : Disabled
From a workstation: Windows IP Configuration        Host Name . . . . . . . . . . . . : TES01
       Primary Dns Suffix  . . . . . . . : domain.local
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : domain.local
                                           domain.localEthernet adapter Local Area Connection:        Connection-specific DNS Suffix  . : domain.local
       Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
       Physical Address. . . . . . . . . : 00-14-C2-C5-94-44
       Dhcp Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       IP Address. . . . . . . . . . . . : 10.17.1.23
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 10.17.1.254
       DHCP Server . . . . . . . . . . . : 10.17.1.254
       DNS Servers . . . . . . . . . . . : 10.17.1.254
       Primary WINS Server . . . . . . . : 10.17.1.254
       Lease Obtained. . . . . . . . . . : Tuesday, 3 January 2006 11:12:47 AM
       Lease Expires . . . . . . . . . . : Wednesday, 11 January 2006 11:12:47 AM This just gets weirder and weirder. Get this: from an external Konqueror client (Workspot) I can access RWW and OWA. The log reads: 64.71.163.158      anonymous      Mozilla/5.0 (compatible; Konqueror/3.1; Linux)      2006-01-03      00:53:00      ARIGAL      -      www.domain.com.au      10.17.1.254      80      -      440      270      http      GET      http://www.domain.com.au/Remote      Inet      302
64.71.163.158      anonymous      Mozilla/5.0 (compatible; Konqueror/3.1; Linux)      2006-01-03      00:53:01      ARIGAL      -      www.domain.com.au      -      443      -      326      404      http      GET      http://www.domain.com.au:443/Remote      Cache      0
64.71.163.158      anonymous      Mozilla/5.0 (compatible; Konqueror/3.1; Linux)      2006-01-03      00:53:01      ARIGAL      -      www.domain.com.au      10.17.1.254      443      16      327      492      http      GET      http://www.domain.com.au:443/Remote/      Inet      302
64.71.163.158      anonymous      Mozilla/5.0 (compatible; Konqueror/3.1; Linux)      2006-01-03      00:53:02      ARIGAL      -      www.domain.com.au      10.17.1.254      443      -      372      9088      http      GET      http://www.domain.com.au:443/Remote/logon.aspx?ReturnUrl=%2fRemote%2fDefault.aspx      Inet      200
64.71.163.158      anonymous      Mozilla/5.0 (compatible; Konqueror/3.1; Linux)      2006-01-03      00:53:02      ARIGAL      -      www.domain.com.au      -      443      -      569      43295      http      GET      http://www.domain.com.au:443/Remote/images/login.gif      Cache      0
64.71.163.158      anonymous      Mozilla/5.0 (compatible; Konqueror/3.1; Linux)      2006-01-03      00:53:04      ARIGAL      -      www.domain.com.au      -      443      -      574      377      http      GET      http://www.domain.com.au:443/Remote/images/RwwOEMLogo.gif      Cache      0
64.71.163.158      anonymous      Mozilla/5.0 (compatible; Konqueror/3.1; Linux)      2006-01-03      00:53:04      ARIGAL      -      www.domain.com.au      -      443      -      569      1936      http      GET      http://www.domain.com.au:443/Remote/images/winxp.gif      Cache      0
64.71.163.158      anonymous      Mozilla/5.0 (compatible; Konqueror/3.1; Linux)      2006-01-03      00:53:05      ARIGAL      -      www.domain.com.au      -      -      -      331      -      -      GET      http://www.domain.com.au/favicon.ico      -      12202
64.71.163.158      anonymous      Mozilla/5.0 (compatible; Konqueror/3.1; Linux)      2006-01-03      00:53:24      ARIGAL      -      www.domain.com.au      10.17.1.254      443      235      2148      792      http      POST      http://www.domain.com.au:443/Remote/logon.aspx?ReturnUrl=%2fRemote%2fDefault.aspx      Inet      302
64.71.163.158      anonymous      Mozilla/5.0 (compatible; Konqueror/3.1; Linux)      2006-01-03      00:53:24      ARIGAL      -      www.domain.com.au      10.17.1.254      443      16      722      1196      http      GET      http://www.domain.com.au:443/Remote/default.aspx      Inet      200
64.71.163.158      anonymous      Mozilla/5.0 (compatible; Konqueror/3.1; Linux)      2006-01-03      00:53:26      ARIGAL      -      www.domain.com.au      10.17.1.254      443      -      658      1417      http      GET      http://www.domain.com.au:443/Remote/loading.aspx?header.aspx      Inet      200
64.71.163.158      anonymous      Mozilla/5.0 (compatible; Konqueror/3.1; Linux)      2006-01-03      00:53:26      ARIGAL      -      www.domain.com.au      10.17.1.254      443      -      646      1417      http      GET      http://www.domain.com.au:443/Remote/loading.aspx      Inet      200
64.71.163.158      anonymous      Mozilla/5.0 (compatible; Konqueror/3.1; Linux)      2006-01-03      00:53:27      ARIGAL      -      www.domain.com.au      10.17.1.254      443      62      645      7104      http      GET      http://www.domain.com.au:443/Remote/header.aspx      Inet      200
64.71.163.158      anonymous      Mozilla/5.0 (compatible; Konqueror/3.1; Linux)      2006-01-03      00:53:28      ARIGAL      -      www.domain.com.au      -      443      -      780      8136      http      GET      http://www.domain.com.au:443/Remote/images/sbslogo.gif      Cache      0
64.71.163.158      anonymous      Mozilla/5.0 (compatible; Konqueror/3.1; Linux)      2006-01-03      00:53:28      ARIGAL      -      www.domain.com.au      -      443      -      779      326      http      GET      http://www.domain.com.au:443/Remote/images/spacer.gif      Cache      0
64.71.163.158      anonymous      Mozilla/5.0 (compatible; Konqueror/3.1; Linux)      2006-01-03      00:53:29      ARIGAL      -      www.domain.com.au      10.17.1.254      443      343      644      18988      http      GET      http://www.domain.com.au:443/Remote/admin.aspx      Inet      200
64.71.163.158      anonymous      Mozilla/5.0 (compatible; Konqueror/3.1; Linux)      2006-01-03      00:53:29      ARIGAL      -      www.domain.com.au      -      443      -      778      1104      http      GET      http://www.domain.com.au:443/Remote/images/server.gif      Cache      0
64.71.163.158      anonymous      Mozilla/5.0 (compatible; Konqueror/3.1; Linux)      2006-01-03      00:53:29      ARIGAL      -      www.domain.com.au      -      443      -      778      1820      http      GET      http://www.domain.com.au:443/Remote/images/myDesk.gif      Cache      0
64.71.163.158      anonymous      Mozilla/5.0 (compatible; Konqueror/3.1; Linux)      2006-01-03      00:53:29      ARIGAL      -      www.domain.com.au      -      443      -      778      326      http      GET      http://www.domain.com.au:443/Remote/images/spacer.gif      Cache      0
64.71.163.158      anonymous      Mozilla/5.0 (compatible; Konqueror/3.1; Linux)      2006-01-03      00:53:29      ARIGAL      -      www.domain.com.au      -      443      -      782      1926      http      GET      http://www.domain.com.au:443/Remote/images/compint_sm.gif      Cache      0
64.71.163.158      anonymous      Mozilla/5.0 (compatible; Konqueror/3.1; Linux)      2006-01-03      00:53:30      ARIGAL      -      www.domain.com.au      -      443      -      779      1922      http      GET      http://www.domain.com.au:443/Remote/images/compint.gif      Cache      0
64.71.163.158      anonymous      Mozilla/5.0 (compatible; Konqueror/3.1; Linux)      2006-01-03      00:53:30      ARIGAL      -      www.domain.com.au      -      443      -      776      1632      http      GET      http://www.domain.com.au:443/Remote/images/perf.gif      Cache      0
64.71.163.158      anonymous      Mozilla/5.0 (compatible; Konqueror/3.1; Linux)      2006-01-03      00:53:30      ARIGAL      -      www.domain.com.au      -      443      -      777      1663      http      GET      http://www.domain.com.au:443/Remote/images/usage.gif      Cache      0
64.71.163.158      anonymous      Mozilla/5.0 (compatible; Konqueror/3.1; Linux)      2006-01-03      00:53:30      ARIGAL      -      www.domain.com.au      -      443      -      782      1302      http      GET      http://www.domain.com.au:443/Remote/images/outlook_sm.gif      Cache      0
64.71.163.158      anonymous      Mozilla/5.0 (compatible; Konqueror/3.1; Linux)      2006-01-03      00:53:30      ARIGAL      -      www.domain.com.au      -      443      -      777      630      http      GET      http://www.domain.com.au:443/Remote/images/cm_sm.gif      Cache      0
64.71.163.158      anonymous      Mozilla/5.0 (compatible; Konqueror/3.1; Linux)      2006-01-03      00:53:30      ARIGAL      -      www.domain.com.au      -      443      -      783      870      http      GET      http://www.domain.com.au:443/Remote/images/helppage_sm.gif      Cache      0
64.71.163.158      anonymous      Mozilla/5.0 (compatible; Konqueror/3.1; Linux)      2006-01-03      00:53:30      ARIGAL      -      www.domain.com.au      -      443      -      779      880      http      GET      http://www.domain.com.au:443/Remote/images/help_sm.gif      Cache      0
64.71.163.158      anonymous      Mozilla/5.0 (compatible; Konqueror/3.1; Linux)      2006-01-03      00:53:30      ARIGAL      -      www.domain.com.au      -      443      -      783      1329      http      GET      http://www.domain.com.au:443/Remote/images/communities.gif      Cache      0

However, STS doesn't work:

64.71.163.158      anonymous      Mozilla/5.0 (compatible; Konqueror/3.1; Linux)      2006-01-03      00:38:43      ARIGAL      -      www.domain.com.au      10.17.1.254      443      219      3063      574      http      POST      http://www.domain.com.au:443/Remote/admin.aspx      Inet      302
64.71.163.158      anonymous      Mozilla/5.0 (compatible; Konqueror/3.1; Linux)      2006-01-03      00:38:44      ARIGAL      -      www.domain.com.au      10.17.1.254      443      16      753      1417      http      GET      http://www.domain.com.au:443/Remote/loading.aspx?https://www.domain.com.au:444/_layouts/1033/settings.aspx      Inet      200
64.71.163.158      anonymous      Mozilla/5.0 (compatible; Konqueror/3.1; Linux)      2006-01-03      00:38:55      ARIGAL      -      www.domain.com.au      -      443      -      778      326      http      GET      http://www.domain.com.au:443/Remote/images/spacer.gif      Cache      0

But when we do it from an external Internet Explorer 6 client, we can't access anything; the IE client simply times out with no error (white screen). The ISA log shows: 211.30.98.249      anonymous      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322)      2006-01-03      00:42:42      ARIGAL      -      www.domain.com.au      -      80      -      376      1441      http      GET      http://www.domain.com.au/      Cache      0
211.30.98.249      anonymous      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322)      2006-01-03      00:42:47      ARIGAL      -      www.domain.com.au      10.17.1.254      80      -      382      270      http      GET      http://www.domain.com.au/remote      Inet      302
211.30.98.249      anonymous      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322)      2006-01-03      00:42:47      ARIGAL      -      www.domain.com.au      10.17.1.254      443      31      382      419      http      GET      http://www.domain.com.au:443/remote      VFInet      301
211.30.98.249      anonymous      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322)      2006-01-03      00:42:47      ARIGAL      -      www.domain.com.au      10.17.1.254      443      -      383      492      http      GET      http://www.domain.com.au:443/remote/      Inet      302
211.30.98.249      anonymous      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322)      2006-01-03      00:44:54      ARIGAL      -      www.domain.com.au      10.17.1.254      443      126406      428      3922      http      GET      http://www.domain.com.au:443/Remote/logon.aspx?ReturnUrl=%2fremote%2fDefault.aspx      Inet      64 Bizarre. Interestingly, from Galeon (Mozilla), we get the same problem as with IE - a blank page (although the SSL connection is made before the timeout). The log:

64.71.163.158      anonymous      Mozilla/5.0 (X11; U; Linux i686) Gecko/20030428 Galeon/1.3.3      2006-01-03      01:12:41      ARIGAL      -      www.domain.com.au      10.17.1.254      80      15      534      270      http      GET      http://www.domain.com.au/Remote      Inet      302
64.71.163.158      anonymous      Mozilla/5.0 (X11; U; Linux i686) Gecko/20030428 Galeon/1.3.3      2006-01-03      01:12:42      ARIGAL      -      www.domain.com.au      10.17.1.254      443      31      437      419      http      GET      http://www.domain.com.au:443/Remote      VFInet      301
64.71.163.158      anonymous      Mozilla/5.0 (X11; U; Linux i686) Gecko/20030428 Galeon/1.3.3      2006-01-03      01:12:42      ARIGAL      -      www.domain.com.au      10.17.1.254      443      16      438      492      http      GET      http://www.domain.com.au:443/Remote/      Inet      302 It doesn't look like I can telnet in from Workspot: telnet> open www.domain.com.au
Trying [external IP]...
... and it just hangs.

(in reply to davidiwharper)
Post #: 2
RE: Remote Web Workplace / SSL woes - 4.Jan.2006 5:51:12 AM   
davidiwharper

 

Posts: 3
Joined: 29.Dec.2005
Status: offline
Okie dokie. Looks like this is a DNS error.

Win32 error 64 = Host not available. So, question now is, why does it do this, and why does Konqy work???

(in reply to davidiwharper)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> ISA 2000 SBS >> Remote Web Workplace / DNS woes Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts