Cannot open port 80 for http access

I recently rebuild our server, installed SBS 2003 std (no isa). Everything
ported great and internal clients have no problems, using
http://www.mydomain.com or https://myip. however when i am outside the office
I cannot use http or www, only https. I need to change either the port on the
"Welcome to SBS server" so that http works. When i do a port scan from
outside the only open ports i have are tcp/25 and tcp/3389. If I run netstat -
a I do not see port 80? I have run CEICW numerous times and have enabled
these ports. If I check my network connections for HTTP on /ROUTING AND
REMOTE/IP ROUTING/NAT-BASIC FIRWALL / port 80 for http is open and sending
to a private address 127.0.0.1 Under IIS all 4 webs ip adress is
"unassigned"
default web site port 80 ssl 443
ms sharepoint admin port 6486
sharepoint central admin port 8081
companyweb port 80 ssl 444

I am not sure if my ISP blocks port 80, ( two much trouble to find out - they
are not very co-operative)
How cannot i redirect my traffic so that HTTP works, i need this for exchange
updates to a mobile phone ( ie exchange logs in via the ipadress)
thanks
mark

--
Message posted via http://www.winserverkb.com

In news:642f7d341cdb7@uwe,
rondgefok <u24194@uwe> typed:
> I recently rebuild our server, installed SBS 2003 std (no isa).

Note for future reference that SBS2003 questions are best posted in
microsoft.public.windows.server.sbs. You will get a lot of help in there.
SBS is its own beast.

> Everything ported great and internal clients have no problems, using
> http://www.mydomain.com or https://myip. however when i am outside
> the office I cannot use http or www, only https. I need to change
> either the port on the "Welcome to SBS server" so that http works.

You really do not want to open port 80. It's quite dangerous enough to open
up 443 for SSL secured access to your SBS server and LAN. Perhaps your
public DNS host can create some sort of aliasing/redirect for you - so you
can just enter remote.mycompany.com and have it redirect to
https://my.domain.com/remote . Either that, or you could simply get used to
the minor inconvenience of typing in https://my.domain.com/remote.


> When i do a port scan from outside the only open ports i have are
> tcp/25 and tcp/3389.

You need 4125 also, if you're going to use RWW. And you don't absolutely
need 3389 - you can do server mgmt via RWW (and subsequent RD to the
server).

> If I run netstat - a I do not see port 80? I
> have run CEICW numerous times and have enabled these ports.

You'd need to have it open / forwarded in your router/firewall.... I hope
you have one, and aren't just using 2 NICs and the built-in stuff!

> If I
> check my network connections for HTTP on /ROUTING AND REMOTE/IP
> ROUTING/NAT-BASIC FIRWALL / port 80 for http is open and sending to
> a private address 127.0.0.1 Under IIS all 4 webs ip adress is
> "unassigned"
> default web site port 80 ssl 443
> ms sharepoint admin port 6486
> sharepoint central admin port 8081
> companyweb port 80 ssl 444
>
> I am not sure if my ISP blocks port 80, ( two much trouble to find
> out - they are not very co-operative)

You might consider getting a business-class account from a better ISP, then.
If your ISP blocks port 80 inbound it tells you that they don't want their
customers running webservers, and you may be in violation of your agreement
with them. That said, if you don't have any of your own stuff blocking port
80, and you can't get in, then it's probably them.



> How cannot i redirect my traffic so that HTTP works, i need this for
> exchange updates to a mobile phone ( ie exchange logs in via the
> ipadress)
> thanks
> mark

Ah, that's the detail I was missing above. What kind of mobile phone is
this, and doesn't it support SSL ? I bet there's a better way to do this,
but we'd need more info from you...

Lanwench [MVP - Exchange] wrote:
>> I recently rebuild our server, installed SBS 2003 std (no isa).
>
>Note for future reference that SBS2003 questions are best posted in
>microsoft.public.windows.server.sbs. You will get a lot of help in there.
>SBS is its own beast.
>
>> Everything ported great and internal clients have no problems, using
>> http://www.mydomain.com or https://myip. however when i am outside
>> the office I cannot use http or www, only https. I need to change
>> either the port on the "Welcome to SBS server" so that http works.
>
>You really do not want to open port 80. It's quite dangerous enough to open
>up 443 for SSL secured access to your SBS server and LAN. Perhaps your
>public DNS host can create some sort of aliasing/redirect for you - so you
>can just enter remote.mycompany.com and have it redirect to
>https://my.domain.com/remote . Either that, or you could simply get used to
>the minor inconvenience of typing in https://my.domain.com/remote.


thanks, is their a way to change the port to 81 or something?

>
>> When i do a port scan from outside the only open ports i have are
>> tcp/25 and tcp/3389.
>
>You need 4125 also, if you're going to use RWW. And you don't absolutely
>need 3389 - you can do server mgmt via RWW (and subsequent RD to the
>server).

>how and where do i do this

>> If I run netstat - a I do not see port 80? I
>> have run CEICW numerous times and have enabled these ports.
>
>You'd need to have it open / forwarded in your router/firewall.... I hope
>you have one, and aren't just using 2 NICs and the built-in stuff!
>
due to budget constraints i am using the min requirements, 2 nics no external
firewall, using sbs2003 software basic firewall

>> If I
>> check my network connections for HTTP on /ROUTING AND REMOTE/IP
>[quoted text clipped - 8 lines]
>> I am not sure if my ISP blocks port 80, ( two much trouble to find
>> out - they are not very co-operative)
>
>You might consider getting a business-class account from a better ISP, then.
>If your ISP blocks port 80 inbound it tells you that they don't want their
>customers running webservers, and you may be in violation of your agreement
>with them. That said, if you don't have any of your own stuff blocking port
>80, and you can't get in, then it's probably them.
>
how do i check if it is not an internal block? ( is there some software?)

>> How cannot i redirect my traffic so that HTTP works, i need this for
>> exchange updates to a mobile phone ( ie exchange logs in via the
>> ipadress)
>> thanks
>> mark
>
>Ah, that's the detail I was missing above. What kind of mobile phone is
>this, and doesn't it support SSL ? I bet there's a better way to do this,
>but we'd need more info from you...

the phones are tmobile mda's and verizon xv6700's. when i sync inside the
lan it works great( connected to a pc) outside it does not connect, just
shows "waiting for network". i know that if http works i can setup the phone
to loginto the server via the ip address, I have run vpn wizard etc nothing
works, the whole issue above is so that employess calendars and emails are
update externaly and visa versa. any help would be appreciated. i have reset
the phones, reinstalled activesync, but get still get server problems. based
on past experiences and forums i now that most people recommend diasabling
SSL as this solves a few problems for companies with budget constraints, ie:
our certificate is created through CEICW not bought. i remember that there is
a workaround by changing port 80 to 81 which will allow http access

thanks

--
Message posted via WinServerKB.com
http://www.winserverkb.com/Uwe/Forum...rking/200608/1

.....I'm crossposting this to m.p.windows.server.sbs to cast a wider net.

In news:64394681f38c2@uwe,
rondgefok via WinServerKB.com <u24194@uwe> typed:
> Lanwench [MVP - Exchange] wrote:
>>> I recently rebuild our server, installed SBS 2003 std (no isa).
>>
>> Note for future reference that SBS2003 questions are best posted in
>> microsoft.public.windows.server.sbs. You will get a lot of help in
>> there. SBS is its own beast.
>>
>>> Everything ported great and internal clients have no problems, using
>>> http://www.mydomain.com or https://myip. however when i am outside
>>> the office I cannot use http or www, only https. I need to change
>>> either the port on the "Welcome to SBS server" so that http works.
>>
>> You really do not want to open port 80. It's quite dangerous enough
>> to open up 443 for SSL secured access to your SBS server and LAN.
>> Perhaps your public DNS host can create some sort of
>> aliasing/redirect for you - so you can just enter
>> remote.mycompany.com and have it redirect to
>> https://my.domain.com/remote . Either that, or you could simply get
>> used to the minor inconvenience of typing in
>> https://my.domain.com/remote.
>
>
> thanks, is their a way to change the port to 81 or something?

That doesn't address the overall question.
>
>>
>>> When i do a port scan from outside the only open ports i have are
>>> tcp/25 and tcp/3389.
>>
>> You need 4125 also, if you're going to use RWW. And you don't
>> absolutely need 3389 - you can do server mgmt via RWW (and
>> subsequent RD to the server).
>
>> how and where do i do this
>
>>> If I run netstat - a I do not see port 80? I
>>> have run CEICW numerous times and have enabled these ports.
>>
>> You'd need to have it open / forwarded in your router/firewall.... I
>> hope you have one, and aren't just using 2 NICs and the built-in
>> stuff!
>>
> due to budget constraints i am using the min requirements, 2 nics no
> external firewall, using sbs2003 software basic firewall

Buy yourself a decent little SPI-capable broadband router/firewall
appliance, seriously. How much would it cost you to recover from a huge
disaster brought about by your having used a screen door as a firewall? I
exaggerate slightly, but this is not a place to skimp.

>
>>> If I
>>> check my network connections for HTTP on /ROUTING AND REMOTE/IP
>> [quoted text clipped - 8 lines]
>>> I am not sure if my ISP blocks port 80, ( two much trouble to find
>>> out - they are not very co-operative)
>>
>> You might consider getting a business-class account from a better
>> ISP, then. If your ISP blocks port 80 inbound it tells you that they
>> don't want their customers running webservers, and you may be in
>> violation of your agreement with them. That said, if you don't have
>> any of your own stuff blocking port 80, and you can't get in, then
>> it's probably them.
>>
> how do i check if it is not an internal block? ( is there some
> software?)
>
>>> How cannot i redirect my traffic so that HTTP works, i need this for
>>> exchange updates to a mobile phone ( ie exchange logs in via the
>>> ipadress)
>>> thanks
>>> mark
>>
>> Ah, that's the detail I was missing above. What kind of mobile phone
>> is this, and doesn't it support SSL ? I bet there's a better way to
>> do this, but we'd need more info from you...
>
> the phones are tmobile mda's

http://www.t-mobile.com/wmupgrade/ and Activesync. No port 80. Just 443.

> and verizon xv6700's.


I don't know that model, sorry.

> when i sync
> inside the lan it works great( connected to a pc)

That isn't doing anything useful as a test ...

> outside it does not
> connect, just shows "waiting for network". i know that if http works
> i can setup the phone to loginto the server via the ip address, I
> have run vpn wizard

Not related.

> tc nothing works, the whole issue above is so
> that employess calendars and emails are update externaly and visa
> versa. any help would be appreciated. i have reset the phones,
> reinstalled activesync, but get still get server problems. based on
> past experiences and forums i now that most people recommend
> diasabling SSL as this solves a few problems for companies with
> budget constraints, ie: our certificate is created through CEICW not
> bought.

Doesn't matter. See
http://www.petri.co.il/adding_root_c...e_2003_ppc.htm -
export your self-signed cert to a .CER file exactly as per instructions
therein - cable/cradle your device, copy the file over to the device in
Explorer, find the file on the device, launch it once, and you're done.

> i remember that there is a workaround by changing port 80 to
> 81 which will allow http access

No. Do not even play with that.
>
> thanks

You're welcome!