Search

March 2005
M T W T F S S
« Feb   Apr »
 123456
78910111213
14151617181920
21222324252627
28293031  

CEICW_ Missing option in Firewall_WebServices Configuration

March 12th, 2005 by


From: <PierreHonsberger@discussions.microsoft.com>


Subject: CEICW: Missing option in Firewall/WebServices Configuration


Date: Fri, 11 Mar 2005 01:01:03 -0800


Newsgroups: microsoft.public.windows.server.sbs


 


Hi


 


I have SBS 2003 Premium installed (with ISA 2000), 2 nics


 


I wanted to make companyweb accessible to Internet.


 


In CEICW when I arrive to Firewall/WebServices Configuration I’m missing the ‘Windows SharePoint Services intranet site.’ option.


I have only:


– Outlook Web Access


– Remote Web Workplace


– Server performance…


– Outlook Mobile Access


– Outlook via the Internet


– Business Web site (wwwroot)


 


Any ideas? Is this normal as I have ISA 2000 installed and need another way of configuring?


 


Thanks for an answer!


 


*************************************


 


From: “Les Connor [SBS Community Member – SBS MVP]”


Subject: Re: CEICW: Missing option in Firewall/WebServices Configuration


Date: Fri, 11 Mar 2005 21:35:15 -0600


Newsgroups: microsoft.public.windows.server.sbs


 


 


Hi Pierre,


 


It’s a bit of work with ISA ;-(.


 


838304 How to publish http://Companyweb to the Internet by using ISA


Server


http://support.microsoft.com/?id=838304


 


 


This section describes how to configure Microsoft Windows Small


Business Server 2003, Premium Edition, CompanyWeb with ISA Server 2000.



 


Before you can publish http://CompanyWeb  to the Internet by using ISA


Server 2000, you must create a protocol definition and a server


publishing rule.  You must also assign a Web certificate to


http://Companyweb by using Internet Information Services (IIS), and


then you must modify the registry settings for the Remote Web Workplace


feature on the SBS 2003 server to make the remote workplace accessible


from the Internet. The following four procedures explain how to make


these modifications.


 


Configure a new protocol definition in ISA Server 2000


——————————————————


 


1. Click “Start”, point to “Programs”, point to “Microsoft ISA Server”,


   and then click “ISA Management”.


 


2. In the ISA Management console, expand “Policy Elements”, right-click


   “Protocol Definitions”, click “New”, and then click “Definition”.


 


3. On the “Welcome to the New Protocol Definition Wizard” page, type


   “Companyweb Inbound 444” (without the quotation marks) in the   


   “Protocol definition name” box, and then click “Next”.


 


4. On the “Primary Connection Information” page, type “444” (without


   the quotation marks) in the “Port Number” box. Leave the “Protocol


   type” setting as “TCP”. In the “Direction” list, click “Inbound”,   


   and then click “Next”.


 


5. On the “Secondary Connections” page, leave the “Do you want to use


   secondary connections?” setting as “No”, click “Next”, and then   


   click “Finish”.


 


 


Publish Companyweb by using ISA Server 2000


——————————————-


 


1. Click “Start”, point to “Programs”, point to “Microsoft ISA Server”,


   and then click “ISA Management”.


 


2. In the ISA Management console, expand “Publishing”, right-click


   “Server Publishing Rules”, click “New”, and then click “Rule”.


 


3. On the “Welcome to the New Server Publishing Rule Wizard” page, type


   a name for the new rule (for example, type “Companyweb” (without the


   quotation marks)), and then click “Next”.


 


4. On the “Address Mapping” page, under “IP address of internal


   server”, type the internal IP address of the server that is running


   Windows Small Business Server 2003. (For example, type      


“192.168.16.2”    (without the quotation marks)). Then, under   


“External IP address on ISA Server”, type the appropriate IP address   


for the external interface of the server that is running Windows   


Small Business Server 2003, and then click “Next”. Note Microsoft   


recommends that you use a static IP for the external network adapter   


on the computer that is running ISA Server 2000. If you use a   


dynamic IP address, you must modify the server publishing rule   


whenever the dynamic IP address changes on the external network   


adapter on the computer that is running ISA Server 2000.


 


5. On the “Protocol Settings” page, click “Companyweb Inbound 444” in


   the “Apply the rule to this protocol” list, and then click “Next”.


 


6. On the “Client Type” page, click the appropriate client type under


   “Apply the rule to requests from”. Note If the server is used by


   computers that are on the Internet, “Any request” is the best


   choice.


 


7. Click “Next”, and then click “Finish”.


 


8. Restart the ISA Server 2000 Firewall service. To do so, follow these


steps:


 


 a. Click “Start”, point to “Programs”, point to “Microsoft ISA


Server”, and then click “ISA Management”.


 


 b. In the ISA Management console, expand “Servers and Arrays”, expand


     “<ISAServerName>”, expand “Monitoring”, and then click “Services”.


 


 c. In the right pane, right-click  “Firewall”, and then click “Stop”.


 


 d. After the Firewall service stops, right-click “Firewall”, and then


     click “Start” to restart the Firewall service.


 


 


Important   If your server is behind a hardware firewall, make sure


that TCP port 444 is open on the hardware firewall.


 


 


Assign a Web server certificate to http://CompanyWeb by using ISS


—————————————————————–


 


1. Click “Start”, point to “Administrative Tools”, and then click


   “Internet Information Services (IIS) Manager”.


 


2. In the left pane of the IIS Manager console, click your server name.


 


3. In the right pane, double-click “Web Sites”.


 


4. In the right pane, right-click “Companyweb”, and then click


   “Properties”.


 


5. Click “Directory Security”, and then click “Server Certificate”.


 


6. On the “Welcome to the Web Server Certificate Wizard” page, click


   “Next”.


 


7. On the “Server Certificate” page, click “Assign an existing


    certificate”, and then click “Next”.


 


8. On the” Available Certificates” page, click the installed


   certificate that you want to assign to this Web site, and then click


   “Next”. Make sure that the name of the certificate matches the name


   that you specified when you ran the Configure E-mail and Internet


   Connection Wizard. Do not click “<publishing.InternalDomain.local>”,


   where <InternalDomain.local> is your internal DNS domain name.


 


9. On the “SSL Port” page, type “444” (without the quotation marks) in


   the “SSL port this web site should use” box, and then click “Next”.


 


10. On the “Certificate Summary” page, review the information about the


      certificate, and then click “Next”.


 


11. On the “Completing the Web Server Certificate Wizard” page, click


      “Finish”, and then click “OK”.


 


 


Important If your server is behind a hardware firewall, make sure TCP


port 444 is open on the hardware firewall.


 


 


Configure Remote Web Workplace


——————————


 


To publish http://Companyweb in Remote Web Workplace on the Internet,


you must change certain registry values. To do so, follow these steps.


 


 


 


Warning   If you use Registry Editor incorrectly, you may cause serious


problems that may require you to reinstall your operating system.


Microsoft cannot guarantee that you can solve problems that result from


using Registry Editor incorrectly. Use Registry Editor at your own


risk.


 


1. Click “Start”, click “Run”, type “regedit” (without the quotation


   marks) in the “Open” box, and then click “OK”.


 


2. In Registry Editor, locate and then click the following registry


subkey:


 


 “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SmallBusinessServer\Re


moteUserPortal\AdminLinks”


 


3. In the right pane, right-click “HelpDesk”, and then click “Modify”.


 


4. In the “Value data” box, type “1” (without the quotation marks).


 


5. Locate and then click the following subkey:


 


 “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SmallBusinessServer\Re


moteUserPortal\AdminLinks”


 


6. In the right pane, right click “STS”, and then click “Modify”.


 


7. In the “Value data” box, type “1” (without the quotation marks).


 


8. Repeat steps 5 through 7 for the following subkey:


 


 “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SmallBusinessServer\Re


moteUserPortal\KWLinks”


 


9. Close Registry Editor. Important After you have made the changes


   that are described in steps 1 through 9, if you run the Configure


   E-mail and Internet Connection Wizard in Windows Small Business    


Server 2003, Premium Edition, the registry values will be reset from   


1 to 0.


   Therefore, after you run the wizard, make sure that you run Registry


   Editor again and that you change the values back to 1.


 



Les Connor [SBS Community Member – SBS MVP]


———————————————————–


SBS Rocks !


 


*************************************


 


From: <PierreHonsberger@discussions.microsoft.com>


Subject: Re: CEICW: Missing option in Firewall/WebServices


Configuration


Date: Sat, 12 Mar 2005 01:53:01 -0800


Newsgroups: microsoft.public.windows.server.sbs


 


Hi Les


 


Thanks for your detailed description. I will try it soon.


 


The advantage, when you have to configure something yourself and not


through a ‘magic’ wizard is, that you then better understand what


happens behind the scene, and for me this is worth a lot, because so I


learn a lot more about the subject.


 


Ideally every wizard should have a detailed step by step explanation of


what it’s been configured (for the interested people) really through


it.


 


Thanks again!


Pierre


 


*************************************


 


From: “Les Connor [SBS Community Member – SBS MVP]”


Subject: Re: CEICW: Missing option in Firewall/WebServices


Configuration


Date: Sat, 12 Mar 2005 08:56:53 -0600


Newsgroups: microsoft.public.windows.server.sbs


 


 


If you take the time to read the last panel on every wizard, (or, even


copy/paste it into notepad and save it), you get a fairly good


explanation. If you want more detail than can be understood by mere


mortals, then a logfile is written each time a wizard runs, you can


read that.


 


The wizards do exactly what is required to have the functionality you


select.


 



Les Connor [SBS Community Member – SBS MVP]


———————————————————–


SBS Rocks !



 

Posted in SBS03_Tips | No Comments »



Comments are closed.