Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

In over my head!!!

  • 16-09-2010 11:10am
    #1
    Closed Accounts Posts: 51 ✭✭


    I've been "recruited" to help solve this issue for a friend with a small business.

    Long story short, SBS2003 running exchange. Everything works pretty well (except certificate issues!) but their broadband is 1mb. After weeks of nagging ISP to upgrade the line to 24mb, they have finally done so on another line.


    Every attempt to change over to the new modem/line has failed. Internet access is fine but all incoming mails are blocked and outgoing mails are very slow (1 - 2 hours).

    I've opened all of the ports nessesary and even tried 3 differnent modems. (2x BT voyager 2110 & 1 linksys).

    The original line is fixed IP setup with an old ericsson modem but it's only ADSL. NAT is disabled on it and it's plugged directly into a wireless router which is configured with the port forwarding.


    The new line is PPoE with fixed IP and of course a different DNS. I've tried it with to correct port forwarding but no joy.

    I've tried it with NAT disabled........and no joy

    I've tried it with NAT disabled and plugged into the pre-configured wireless router (after changing the WAN settings to match)...... and no joy

    Am i missing something or should i retire, crawl under a rock and never touch a computer again!!!!!


«1

Comments

  • Registered Users, Registered Users 2 Posts: 1,340 ✭✭✭bhickey


    e new modem/line has failed. Internet access is fine but all incoming mails are blocked and outgoing mails are very slow (1 - 2 hours).

    Well the fact that you have Internet access is a start and as long as the new Internet IP is static then you've just got the firewall stuff to figure out.

    How do mean that inbound e-mails are blocked? I'd think that you're on a different Internet IP now so external e-mail servers will have to deliver to this new IP. You'd need to change the domain MX records for that.


  • Registered Users, Registered Users 2 Posts: 2,393 ✭✭✭Jaden


    Find out who hosts your DNS records, have them modify the DNS MX record to be your new external IP. Open ports 25,110,143 and any others you need.


  • Closed Accounts Posts: 51 ✭✭Ruosullivan


    bhickey wrote: »
    Well the fact that you have Internet access is a start and as long as the new Internet IP is static then you've just got the firewall stuff to figure out.

    How do mean that inbound e-mails are blocked? I'd think that you're on a different Internet IP now so external e-mail servers will have to deliver to this new IP. You'd need to change the domain MX records for that.

    MX record..............sweet jesus....how did i not think of farggle rockin mx record!!! I'll contact the hoster...........test it and post my reply from under my rock


  • Registered Users, Registered Users 2 Posts: 3,180 ✭✭✭Mena


    It could also take a while for the MX to propogate so give it a few hours (day).


  • Closed Accounts Posts: 51 ✭✭Ruosullivan


    THANKS Mena & Jaden.

    I won;t get a chance until next week to do this, but i'll let you know how it goes................from under my rock


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 3,093 ✭✭✭Static M.e.


    Also make sure you have a Static IP on the new line. Saves everyone a lot of trouble


  • Closed Accounts Posts: 51 ✭✭Ruosullivan


    Also make sure you have a Static IP on the new line. Saves everyone a lot of trouble


    That's what makes this such an appalling mistake.....i remembered to get the fixed IP when i ordered the new line….. Knowing it’s needed….. but I was told that the BT Voyager 2110 won’t work with SBS2003, so concentrated on that, ordered a new modem from BT……….and waited 2 weeks for that……….and it was another voyager 2110 so when it didn’t work i bought a nice simple Netgear DM111p………but you can’t disable dhcp on a PPoE line with this model……………ordered a nice fancy Linksys………and it still didn’t work! I spend so much time looking for a complicated problem I had completely forgotten about the hoster pointing to the other IP……


  • Registered Users, Registered Users 2 Posts: 2,426 ✭✭✭ressem


    You've checked that the existing MX entry points directly at the existing server/router, and not at an external spam filter?
    If it points at an external filter, then you'll have to change the address using the spam filter's interface, rather than the MX.

    You might also want to check whether the initial installer has set an SPF text record in the domain's DNS entry.
    If so it'll need to be updated with the new IP address, otherwise some outgoing mail might be prone to being treated as spam.


  • Registered Users, Registered Users 2 Posts: 5,114 ✭✭✭corkcomp


    start by re-running the icw and updating with new info such as public IP (if different) dns and router ip .. that way ISA will also be updated for you via the wizard


  • Closed Accounts Posts: 51 ✭✭Ruosullivan


    Thanks everyone, it went pretty smoothly; however there is ONE BIG problem!!

    Neither IMAP or POP3 work from within the building! Bring your laptop home, everything works great. Bring it into work and error connecting

    Ports are open


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 5,114 ✭✭✭corkcomp


    Thanks everyone, it went pretty smoothly; however there is ONE BIG problem!!

    Neither IMAP or POP3 work from within the building! Bring your laptop home, everything works great. Bring it into work and error connecting

    Ports are open

    you need to enable pop and imap as exceptions on the ISA firewall client


  • Closed Accounts Posts: 51 ✭✭Ruosullivan


    corkcomp wrote: »
    you need to enable pop and imap as exceptions on the ISA firewall client

    Started "Repair Internet & Email Settings"
    Ran through ICW
    Added acceptions for pop3 (110) & IMAP (143)


    still no joy


  • Registered Users, Registered Users 2 Posts: 7,606 ✭✭✭Jumpy


    ISA has a monitoring option. Monitor the traffic while trying to connect to POP3 and identify the blocking rule. Then add an allow rule for that traffic.


    I havent used SBS so not sure if its the same.


  • Registered Users, Registered Users 2 Posts: 7,606 ✭✭✭Jumpy


    Also what IP are you using to connect to POP3 when inside the building? The internal address of the server or the external?

    Remember ISA has three default Networks. Internal, External and Local Host. The rules must specify which direction the traffic is coming from.


  • Registered Users, Registered Users 2 Posts: 5,114 ✭✭✭corkcomp


    Started "Repair Internet & Email Settings"
    Ran through ICW
    Added acceptions for pop3 (110) & IMAP (143)


    still no joy

    those settings apply to the firewall on server though / packet filter.. you need to allow the clients access also (hard to explain but different rule sets apply) - see attached ..


  • Closed Accounts Posts: 51 ✭✭Ruosullivan


    Jumpy wrote: »
    Also what IP are you using to connect to POP3 when inside the building? The internal address of the server or the external?

    Remember ISA has three default Networks. Internal, External and Local Host. The rules must specify which direction the traffic is coming from.

    The ip address for the users are dhcp assigned, gateway is the modem. DNS & WINS are the server IP (192.168.0.1)

    Everthing worked fine until i changed the modem and setup on the new line, so a new WAN IP and DNS were assigned through ICW yesterday.


  • Closed Accounts Posts: 51 ✭✭Ruosullivan


    corkcomp wrote: »
    those settings apply to the firewall on server though / packet filter.. you need to allow the clients access also (hard to explain but different rule sets apply) - see attached ..
    corkcomp wrote: »
    those settings apply to the firewall on server though / packet filter.. you need to allow the clients access also (hard to explain but different rule sets apply) - see attached ..

    I don't have access to any firewall setting other than assigning a port. if i choose "Configure Firewall" in server managment it forces me to go through the wizard. In there, i can only add custom services and choose my port.

    I really appreciate yours and Jumpys help, and please don;t give up on me just yet


  • Closed Accounts Posts: 51 ✭✭Ruosullivan


    What about using the POP3 connector Manager??


  • Closed Accounts Posts: 51 ✭✭Ruosullivan


    What about using the POP3 connector Manager??
    never mind!!!!

    I'm stumpted....... i can't get my head around the fact that everything works externally! especially as everything worked on the old line/modem setup


  • Registered Users, Registered Users 2 Posts: 7,606 ✭✭✭Jumpy


    Can you pm me the ruleset of the ISA server?

    Dont post it here, its not a very secure thing to do.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 7,606 ✭✭✭Jumpy


    It should look like this.

    Of course, it may not on SBS. As I said, I have never used it.

    isa_2006_2.jpg


  • Closed Accounts Posts: 51 ✭✭Ruosullivan


    Jumpy wrote: »
    Can you pm me the ruleset of the ISA server?

    Dont post it here, its not a very secure thing to do.


    ISA Server is not installed!


  • Registered Users, Registered Users 2 Posts: 7,606 ✭✭✭Jumpy


    Sorry I thought it was part of SBS.


  • Registered Users, Registered Users 2 Posts: 7,606 ✭✭✭Jumpy


    When you connect to POP3 inside the building, do you use the same target IP as you would from outside?


  • Closed Accounts Posts: 51 ✭✭Ruosullivan


    Jumpy wrote: »
    Sorry I thought it was part of SBS.
    only if your willing to part with the best part of a grand


  • Registered Users, Registered Users 2 Posts: 7,606 ✭✭✭Jumpy


    Its a great firewall for small enterprises though. Super simple.


  • Closed Accounts Posts: 51 ✭✭Ruosullivan


    I could download a free trial; however i'd be worried everything would stop working at the end'o'freebie rather than limit my access!

    There a 68 critical updates for the server so i'm going to update it, restart and see if that does anything; although i'm grasping at straws now!


    If that fails, i'll download the trial of ISA


  • Registered Users, Registered Users 2 Posts: 7,606 ✭✭✭Jumpy


    No, dont go that far.

    Can you answer the above question about POP target IPs


  • Closed Accounts Posts: 51 ✭✭Ruosullivan


    Jumpy wrote: »
    When you connect to POP3 inside the building, do you use the same target IP as you would from outside?

    I'm not sure, do you mean the IP assigned by the ISP?


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 7,606 ✭✭✭Jumpy


    No. When you connect to your mail server to get POP and IMAP you specify an IP address or host name.


  • Closed Accounts Posts: 51 ✭✭Ruosullivan


    Jumpy wrote: »
    No. When you connect to your mail server to get POP and IMAP you specify an IP address or host name.


    a hostname, mail.*******.ie


    I've tried the wan ip but i get the same message.


  • Registered Users, Registered Users 2 Posts: 7,606 ✭✭✭Jumpy


    What is the message?


  • Closed Accounts Posts: 51 ✭✭Ruosullivan


    Jumpy wrote: »
    What is the message?

    Log onto incoming mail server (POP3): Outlook cannot connect to your incoming (POP3) e-mail server. If you continue to receive this message, contact your server administrator or Internet service provider (ISP).



    Send test e-mail message: Outlook cannot connect to your outgoing (SMTP) e-mail server. If you continue to receive this message, contact your server administrator or Internet service provider (ISP).


  • Closed Accounts Posts: 51 ✭✭Ruosullivan


    Seeing as the only server settings that were changed were through ICW, is it possible the problem lies elsewhere?

    Here's a quick run through of what i did yesterday.

    1) Had domain host change mx records to new fixed WAN IP Address supplied by ISP
    2) Changed modem and configured Port forwarding to match old router
    3) Ran ICW and input ISP provided IP address and new DNS settings


    All computers that use exchange work fine

    also

    The hoster just notified me that the IP address was not responding to ICMP pings...........could this be related


  • Registered Users, Registered Users 2 Posts: 7,606 ✭✭✭Jumpy


    No. Your router will block ICMP by default. As long they can connect to your SMTP server on port 25 then your connection is up.

    You have tried downloading POP3 mail using the LAN address? 192.168.x.x?


  • Advertisement
  • Closed Accounts Posts: 51 ✭✭Ruosullivan


    Jumpy wrote: »
    You have tried downloading POP3 mail using the LAN address? 192.168.x.x?


    That works, but that means that it won't work outside the network!!


  • Registered Users, Registered Users 2 Posts: 7,606 ✭✭✭Jumpy


    Can PCs on the LAN access the internet?


  • Registered Users, Registered Users 2 Posts: 7,606 ✭✭✭Jumpy


    That works, but that means that it won't work outside the network!!

    Your DC is a DNS server yes?

    When the PCs are given an address internally by DHCP do they have their DNS server set to the SBS server?

    I am beginning to think it might be your internal DNS still hanging onto the old Public IP of your router.


  • Closed Accounts Posts: 51 ✭✭Ruosullivan


    I've setup two outlook profiles for those who use their computer out of the office.

    It's not ideal but it'll have to do for the moment. I've been doing everything remotely; however i'm going to the premises later in the week and i'll stick the old line&modem setup on to see if it works. if it does, i'll happily blame the BT Voyager 2110


    I'm extreeemly grateful of your time and patience


  • Registered Users, Registered Users 2 Posts: 7,606 ✭✭✭Jumpy


    From one of the PCs on your LAN that isnt working with POP3 try running the following command from a DOS window.

    nslookup externalhostname

    where externalhostname is the host name that you usually use for pop3.

    See if the IP matches what you expect (ie your newly assigned IP from your ISP)


  • Advertisement
  • Closed Accounts Posts: 51 ✭✭Ruosullivan


    Jumpy wrote: »
    Your DC is a DNS server yes?

    When the PCs are given an address internally by DHCP do they have their DNS server set to the SBS server?

    I am beginning to think it might be your internal DNS still hanging onto the old Public IP of your router.

    DHCP assigns the server IP as the DNS settings.

    I've put the DNS settings manually via ICW twice now, how would i check to see if their being used???

    despite this, e-mail via blackberry, pop3 & imap from outside the network are fine


  • Closed Accounts Posts: 51 ✭✭Ruosullivan


    Jumpy wrote: »
    See if the IP matches what you expect (ie your newly assigned IP from your ISP)

    ran on the server and another pc, came up with witht he correct WAN IP on both


  • Registered Users, Registered Users 2 Posts: 7,606 ✭✭✭Jumpy


    Ok so something is stopping your internal machines getting access to your Public address.

    Can they access the internet normally?


  • Closed Accounts Posts: 51 ✭✭Ruosullivan


    Jumpy wrote: »
    Ok so something is stopping your internal machines getting access to your Public address.

    Can they access the internet normally?

    Internet work perfectly


  • Registered Users, Registered Users 2 Posts: 7,606 ✭✭✭Jumpy


    I can only assume there is an issue with the port forwarding then. I dont know the router, maybe its set to only forward requests coming from external.

    You can add an A record to your Domain Controllers DNS to point the public host name to a private IP to sort of do a "band-aid" fix, but that might be getting overcomplicated if you dont know DNS.


  • Registered Users, Registered Users 2 Posts: 5,114 ✭✭✭corkcomp


    Jumpy wrote: »
    I can only assume there is an issue with the port forwarding then. I dont know the router, maybe its set to only forward requests coming from external.

    You can add an A record to your Domain Controllers DNS to point the public host name to a private IP to sort of do a "band-aid" fix, but that might be getting overcomplicated if you dont know DNS.

    all of that might apply IF there wasnt an ISA component involved.. if there were issues with port forwarding or dns then the mail wouldnt be working on the server.. ive seen this hundreds of times and is very common with ISA - you need to ammend settings on firewall client to allow clients access pop and lots of other external ports..

    if you want to test once and for all just disable firewall client on one of the PC's and set a static IP and make sure to put the IP address of ISA server as default GW and it should work ..


  • Registered Users, Registered Users 2 Posts: 7,606 ✭✭✭Jumpy


    There isnt an ISA component involved. Hes already stated that. Hes just using the broadband router as the gateway device.

    Internet to Mail Server via Router (Public IP) = working - this means that he has port forwarding set correctly.
    PC to Mail Server via Router (Public IP) = not working - This is the primary issue.
    PC to mail server via router (Private IP) = working - This means the PCs themselves are not the problem.

    In theory when he uses the PCs on the private network to access the Public IP it should still route correctly, but it isnt. The PCs can access POP3 fine, just not from the Public address.


  • Closed Accounts Posts: 51 ✭✭Ruosullivan


    corkcomp wrote: »
    ive seen this hundreds of times and is very common with ISA - you need to ammend settings on firewall client to allow clients access pop and lots of other external ports..


    I had been told before that the BT Voyager 2110 is know to have issues with SBS.

    I have a zyxel and a linksys that i'm going to pre-configure. I'm heading up to them on thursday so i'll swap out the modem early am and see how it goes, i can't think of anything else!

    The problem on occured when the new modem was installed on the new line, i have to believe that the problem lies there. I can't use the old modem as it's ancient and only supports ADSL, the new line is ADSL2+

    The dual profiles in outlook will keep them happy for a couple of days.

    Thankyou both for your time and patience, i'll let you know ho i get on


  • Registered Users, Registered Users 2 Posts: 2,426 ✭✭✭ressem


    Jumpy wrote: »
    There isnt an ISA component involved. Hes already stated that. Hes just using the broadband router as the gateway device.

    Internet to Mail Server via Router (Public IP) = working - this means that he has port forwarding set correctly.
    PC to Mail Server via Router (Public IP) = not working - This is the primary issue.
    PC to mail server via router (Private IP) = working - This means the PCs themselves are not the problem.

    In theory when he uses the PCs on the private network to access the Public IP it should still route correctly, but it isnt. The PCs can access POP3 fine, just not from the Public address.

    Isn't this routing issue fairly typical using consumer level broadband routers with NAT?
    As Jumpy stated, typical solution is to set up the internal DNS server, i.e. Windows SBS to direct the mail.****.ie as an alias to the server's internal IP address.

    Then the issue is that you don't want this server to be the authoritive server for all ****.ie records. i.e you might not want to have to duplicate and maintain all the www.****.ie, ftp.****.ie, smtp.****.ie or whatever else you might have on your domain.

    So on the windows domain server, you go to the DNS server management console, create a forward zone for the full domain name mail.****.ie.
    Then within this you create an alias record with a blank name, and with the address set to the internal server name.


  • Closed Accounts Posts: 51 ✭✭Ruosullivan


    I wen't to log in via remote acces last night and the line was down. I rang BT Business care and they stated that it's a common fault with the Voyager 2110. I pointed out that this was our second one, and i was told that this is also quite common!!!


    I setup a linksys this morning, drove up to the premises and swapped out the modem.......... lo and behold, everything works great. So it turns out it was the modem after all!!!


  • Advertisement
Advertisement