Can"t connect to IIS-hosted site over internet

Can"t connect to IIS-hosted site over internet

am 29.03.2008 17:35:00 von Karl

Hi,

I wonder if anyone cal help. I have just installed SBS 2003 and am trying to
configure IIS to allow external users access to our default company website.

I just can’t get it to work. Users on the local network can access the
site, but not users outside the firewall. The server has two network cards,
one for the local connection one for connecting to ISP.

Configuration is as follows:

IIS

Description: Default Web Site
IP Address: (All Unassigned)
TCP Port: 80
SSL port: 443
Home directory: c:\inetpub\wwwroot
Enable default content page (ticked): Default.htm

ISA

I used the “Publish a web server” wizard to create a new policy called “web
server”. The details are:

From: anywhere
To: Domaincontroller.Domain.local
Public name: https:\\public ip address of server
Traffic: HTTP, HTTPS
Listener: SBS Web listener (default settings)

If I try to connect from a PC outside the network I get the error “The page
cannot be displayed”. Checking the firewall log reveals the following:

First this:

Initiated Connection SERVER 3/29/2008 4:26:43 PM
Log type: Firewall service
Status: The operation completed successfully.
Rule:
Source: External
Destination: Local Host
Protocol: HTTP
User:
Additional information

Followed closely by:

Closed Connection SERVER 3/29/2008 4:26:43 PM
Log type: Firewall service
Status: A connection was gracefully closed in an orderly shutdown process
with a three-way FIN-initiated handshake.
Rule:
Source: External
Destination: Local Host
Protocol: HTTP
User:

If anyone can help I’d be very grateful.

Thanks

Karl

Re: Can"t connect to IIS-hosted site over internet

am 30.03.2008 04:16:09 von David Wang

On Mar 29, 9:35 am, Karl wrote:
> Hi,
>
> I wonder if anyone cal help. I have just installed SBS 2003 and am trying to
> configure IIS to allow external users access to our default company website.
>
> I just can't get it to work. Users on the local network can access the
> site, but not users outside the firewall. The server has two network cards,
> one for the local connection one for connecting to ISP.
>
> Configuration is as follows:
>
> IIS
>
> Description: Default Web Site
> IP Address: (All Unassigned)
> TCP Port: 80
> SSL port: 443
> Home directory: c:\inetpub\wwwroot
> Enable default content page (ticked): Default.htm
>
> ISA
>
> I used the "Publish a web server" wizard to create a new policy called "web
> server". The details are:
>
> From: anywhere
> To: Domaincontroller.Domain.local
> Public name: https:\\public ip address of server
> Traffic: HTTP, HTTPS
> Listener: SBS Web listener (default settings)
>
> If I try to connect from a PC outside the network I get the error "The page
> cannot be displayed". Checking the firewall log reveals the following:
>
> First this:
>
> Initiated Connection SERVER 3/29/2008 4:26:43 PM
> Log type: Firewall service
> Status: The operation completed successfully.
> Rule:
> Source: External
> Destination: Local Host
> Protocol: HTTP
> User:
> Additional information
>
> Followed closely by:
>
> Closed Connection SERVER 3/29/2008 4:26:43 PM
> Log type: Firewall service
> Status: A connection was gracefully closed in an orderly shutdown process
> with a three-way FIN-initiated handshake.
> Rule:
> Source: External
> Destination: Local Host
> Protocol: HTTP
> User:
>
> If anyone can help I'd be very grateful.
>
> Thanks
>
> Karl


You said that IIS worked for Intranet, so this issue likely has
nothing to do with IIS. To prove this, you look at the IIS log file --
if you don't see your failed request in it, then the request was never
routed by your network configuration to IIS. This means you start
looking at your network configuration and determine its
misconfiguration -- an entirely different subject that is off-scope
for this newsgroup.

For an SBS all-in-one server, your question is likely more related to
ISA's web publishing configuration, which has its own newsgroup.

I am concerned with your events saying that external users are trying
to access "local host" -- which is clearly not what an external user
should be doing (external users are supposed to be accessing something
non-local). Also, the public name on your ISA rule indicates https://public
IP while the events indicate HTTP was being used. I suspect your ISA
rule is not routing HTTP traffic to your website, but that's just my
natural hunch. I don't know anything about ISA to help translate that
into action steps.


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//