none
Connectivity to sbs2011 owa stopped working externally, but still works internally

    Question

  • Hi, I have a sbs2011 server where everything was working just fine, and one day users reported that they cannot connect to owa externally and mobile devices are not connecting as well. Nothing has changed. I checked router was forwarding correct ports, Even tried a new router, with same results. Everyone can connect just fine internally, server says that all ports that need to be are listening, I am stumped....any help appreciated.
    Monday, August 19, 2013 10:20 PM

Answers

  • Hi:

    There aren't many choices remaining.  Either the request from the remote station is not reaching the server, or the server is not responding to the request.  You said earlier you can ping the name you are not able to reach with http://xxxyyyzzz.tld, but something is still not right.  Please examine the address you use to try to connect to the server, then open a command prompt and try to ping that name.  If it responds to the ping request, can you verify that the ip in the response is in fact the ip of the WAN side of the edge device at the office?


    Larry Struckmeyer[SBS-MVP] If your question is answered, please mark the response as the answer so that others can benefit.

    Wednesday, August 21, 2013 2:24 AM
    Moderator

All replies

  • Hi:

    It is not clear if the public DNS servers are actually "serving".  From outside the LAN can you ping the public IP of the firewall/router by IP and by Name.  That is:  ping ip address and ping remote.domain.com or whatever your external RWA name is?


    Larry Struckmeyer[SBS-MVP] If your question is answered, please mark the response as the answer so that others can benefit.

    Monday, August 19, 2013 11:52 PM
    Moderator
  • Thanks for the reply....yes I can ping the remote.domain.com. I actually can connect via rdp to the server by using the public dns name. It hits the router and redirected to the server, so I am assuming the redirecting is working.

    Tuesday, August 20, 2013 12:25 AM
  • Good.  So the problem is internal to the SBS.  When you say connect via RDP, are you including RWA in that, or do you mean you have forwarded 3389 to the ip of the server?  From outside the LAN does the RWA logon page present, and can you logon?

    I am suspecting a problem with IIS, but can't tell from here of course.  <g>  Any errors in the event logs?  Are all services marked "automatic" actually starting?  In IIS (start - admin tools - iis are all the web sites running?

    Anything of note in the SBS BPA? 

    www.sbsbpa.com


    Larry Struckmeyer[SBS-MVP] If your question is answered, please mark the response as the answer so that others can benefit.



    Tuesday, August 20, 2013 1:04 AM
    Moderator
  • I am not actually using 3389..I change the port to 3399 to connect to the server. All services are running...remember all sites run internally just fine. Is there something in IIS that restricts external access.

    Could something have changed to only accept internal connections? But the router is internal.

    Nothing in the BPA in relation to IIS configuration.

    ??

    Tuesday, August 20, 2013 1:12 AM
  • yep, but you did not say if the RWA landing page presents if, from outside, you use your internet browser to navigate to https://remote.your-domain.tld

    Interested to know what you do to connect to RDP on 3399 after changing the port? 


    Larry Struckmeyer[SBS-MVP] If your question is answered, please mark the response as the answer so that others can benefit.

    Tuesday, August 20, 2013 1:47 AM
    Moderator
  • When I try to connect to rwa I get a blank page "Page cannot be displayed"

    whether it is http or https.

    Tuesday, August 20, 2013 2:00 AM
  • Yes, this is something related to port 443.

    From outside, please telnet to your public IP on port 443.

    I believe port 443 might be closed on the router. (Had it been on the server, you would not have been able to browse the websites internally as well).

    So, check port 443 from outside.

    Regards

    Akash

    Tuesday, August 20, 2013 4:25 AM
  • Hi Akash,

    I did try, obviously the connection failed, it is open on the router, as I mentioned before It was working just fine.

    Tuesday, August 20, 2013 9:35 PM
  • Hi:

    There aren't many choices remaining.  Either the request from the remote station is not reaching the server, or the server is not responding to the request.  You said earlier you can ping the name you are not able to reach with http://xxxyyyzzz.tld, but something is still not right.  Please examine the address you use to try to connect to the server, then open a command prompt and try to ping that name.  If it responds to the ping request, can you verify that the ip in the response is in fact the ip of the WAN side of the edge device at the office?


    Larry Struckmeyer[SBS-MVP] If your question is answered, please mark the response as the answer so that others can benefit.

    Wednesday, August 21, 2013 2:24 AM
    Moderator
  • I think I will try another brand of router again to see if resolves things...just weird how it stopped working.

    Friday, August 23, 2013 5:39 AM
  • Could the server be not responding from external requests? It responds internally.
    Friday, August 23, 2013 5:40 AM
  • Hi All 

    Apologies that this is an old post - however, I have just migrated a Client from 2003 to 2011 SBS and they can get OWA internally fine along with remote web - however, externally there is no connectivity - the ports are all open on the firewall (Draytek 2830) and I have confirmed this by canyouseeme and it can see the 443 port being open. 

    I can navigate to both (Internally) mail.domainname.com/owa and localhost/owa and IP address/OWA and all report the login screen - but - externally nothing. 

    Can a SBS server block this ?

    Friday, January 17, 2014 12:58 AM