Announcement

Collapse
No announcement yet.

No access to "external" hostname for internal resources when inside the network

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • No access to "external" hostname for internal resources when inside the network

    Hi all

    No idea if this is an issue with RRaS, or Exchange, or...

    So... we have an Exchange 2007 server running CAS/Hub/Mailbox on WS08. The network is currently using a Server 03 R2 box with RRaS as its edge firewall. The relevant ports for Exchange are forwarded in RRaS to the Exchange server and the Hub is configured to send and recieve without an Edge Transport.

    Background - the mail server's hostname is xyz-mail1.xyz.lan, the AD domain name is xyz.lan, the gateway's hostname is xyz-gw1.xyz.lan. The company owns the domain xyz.co.uk and the DNS record for mail.xyz.co.uk points to the gateway's external IP. The mail server has a static IP of 10.20.2.1

    Internally, we can access OWA at https://xyz-mail1/owa. Externally, https://mail.xyz.co.uk/owa works fine. Internally though, we can't access https://mail.xyz.co.uk/owa. We can however ping mail.xyz.co.uk from a computer on the LAN and get the correct IP.

    My colleague who knows more about routing tables than I do has checked the RRaS server and can't see anything wrong, but to be sure we've flattened and rebuilt that server with no effect.

    I really don't know what more detail to give, so if you do need to know something else please let me know.

    If anyone can suggest a way to resolve this issue, it would be greately appreciated
    Gareth Howells

    BSc (Hons), MBCS, MCP, MCDST, ICCE

    Any advice is given in good faith and without warranty.

    Please give reputation points if somebody has helped you.

    "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

    "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

  • #2
    Re: No access to "external" hostname for internal resources when inside the network

    If you can ping the external FQDN and get a reply from the correct ip address than I think that your routing and DNS are probably OK.

    I would install Microsoft Network Monitor 3 on an internal client and try to access it while capturing traffic and see what's happening at the packet level. This might give you some clue as to where it's hanging up.

    If that doesn't yield any helpful results, install NetMon on the Exchange server and RRAS servers and try again.

    Comment


    • #3
      Re: No access to "external" hostname for internal resources when inside the network

      Thanks Joe. It's just odd as I've setup this configuration before (albeit with Exchange 2003 rather than 2007) and not had any problems.
      Gareth Howells

      BSc (Hons), MBCS, MCP, MCDST, ICCE

      Any advice is given in good faith and without warranty.

      Please give reputation points if somebody has helped you.

      "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

      "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

      Comment


      • #4
        Re: No access to "external" hostname for internal resources when inside the network

        Well it wouldn't be a Monday (for me anyway) if there wasn't something odd going on.

        Comment


        • #5
          Re: No access to "external" hostname for internal resources when inside the network

          There's always something odd, I'm just used to it being our CEO...

          Unfortunately time is against me - I'm leaving the company on Friday and really need to get this sorted before then. We've had the problem all along since our system rebuild a few months ago and it's been on the todo list, but with Snow Leopard having come out last week and my boss using a Mac...
          Gareth Howells

          BSc (Hons), MBCS, MCP, MCDST, ICCE

          Any advice is given in good faith and without warranty.

          Please give reputation points if somebody has helped you.

          "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

          "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

          Comment


          • #6
            Re: No access to "external" hostname for internal resources when inside the network

            I would have a look at your NAT policies on your firewall to ensure that 443 is forwarded to the correct server.

            I know in our Sonciwall firewall's we need to put a loopback policy in that allows us to access external records from internal.

            Hope that makes sense to you.

            Comment


            • #7
              Re: No access to "external" hostname for internal resources when inside the network

              It does after spending a few minutes with , a dear friend of mine

              Any idea how to configure that in RRaS on WS03? As dear as Google is, he's not being much help...

              I'm sure when we had the SBS (Standard) in place, it must have been configured using RRaS, as the hardware router settings haven't been changed. Plus, our router is the BT2700HGV from 2Wire which as far as I can tell from Google, doesn't support NAT loopback. Ditto from trawling the management interface for the last 10 minutes.
              Gareth Howells

              BSc (Hons), MBCS, MCP, MCDST, ICCE

              Any advice is given in good faith and without warranty.

              Please give reputation points if somebody has helped you.

              "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

              "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

              Comment


              • #8
                Re: No access to "external" hostname for internal resources when inside the network

                Sorry m8 not a clue.

                I'll do some digging around for you though.

                Comment


                • #9
                  Re: No access to "external" hostname for internal resources when inside the network

                  Thanks. I had intended to work straight through until 5pm tom... today, but I've hit a problem I can only solve by calling Dell - and if I call their premium rate support number rather than our local rate account manager, my boss will do bad things to me. Still, working until 3am should freak the accounts department out when they go through the timesheets...
                  Gareth Howells

                  BSc (Hons), MBCS, MCP, MCDST, ICCE

                  Any advice is given in good faith and without warranty.

                  Please give reputation points if somebody has helped you.

                  "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

                  "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

                  Comment


                  • #10
                    Re: No access to "external" hostname for internal resources when inside the network

                    Originally posted by gforceindustries View Post
                    Thanks. I had intended to work straight through until 5pm tom... today, but I've hit a problem I can only solve by calling Dell - and if I call their premium rate support number rather than our local rate account manager, my boss will do bad things to me. Still, working until 3am should freak the accounts department out when they go through the timesheets...
                    Ahh the joys of Dell technical support.

                    Comment


                    • #11
                      Re: No access to "external" hostname for internal resources when inside the network

                      Indeed. Problem with one of the downloaded drivers from their website for a new laptop, it's missing a file. And since it's the RAID controller... kinda important.
                      Gareth Howells

                      BSc (Hons), MBCS, MCP, MCDST, ICCE

                      Any advice is given in good faith and without warranty.

                      Please give reputation points if somebody has helped you.

                      "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

                      "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

                      Comment

                      Working...
                      X