v-terliu
Thu Jun 26 21:50:39 PDT 2008
Hello Jimmy,
Thank you for posting here. Let's also thank Joe for the good questions.
According to your description, I understand that your partner unable to
access your network EDI system thru http 5080 and 4080 ports. If I have
misunderstood the problem, please don't hesitate to let me know.
First, I want to confirm that 63.139.25.xxx is your SBS external NIC IP
address. Am I right?
If this is the case, I suggest we try the following steps to create 2 web
publishing rules to resolve this issue:
1. Open ISA server 2004 management on SBS
2. Right click Firewall Policy, select New > Web Server Publishing Rule
3. In the New Web Publishing Rule Wizard, input:
Web publishing rule name: EDI 5080
Select Rule Action: Allow
Computer name or IP address: input SBS internal IP if the EDI system on
SBS, if the EDI system on internal client, please input the client's IP.
Tick the option Forward the original host header instead of the actual one
(specified above).
Path: /*
Accept requests for: Any domain name
4. New a web listener:
Web listener name: 5080 listener
IP addresses: select External
HTTP port: 5080
5. Finish the New Web Publishing Rule Wizard
6. Open properties of the new rule, select Bridging tab, input 5080 in the
Redirect requests to HTTP port box.
This is the first rule. Then please repeat all 6 steps above to change the
send rule, change all 5080 to 4080 when you repeat the steps.
Then, move the 2 new rules to top of the rules list, click Apply button at
the top of the list to save and apply the new configuration.
Then, test this issue.
If we cannot resolve the issue after we perform the steps above, please
help me collect some information for further investigation:
1. Please help to gather the ISA Info:
1) Download the file from the following URL:
http://www.isatools.org/tools/isainfo.zip
2) Extract all files to a folder on ISA server.
3) Double click Isainfo.js. This will generate 2 files
ISAInfo2004-<computer-name>.log and ISAInfo2004-<computer-name>.xml in the
current folder.
4) Please send these files to me at v-terliu@microsoft.com
2. Please also help to gather the ISA logs:
1) Schedule a down time.
2) Open ISA 2004 management console.
3) Expand the server node and highlight 'Monitoring'.
4) In the right pane, switch to the 'Logging' tab, make sure the 'Task
Pane' is showed there.
5) In the 'Task Pane', click 'Configure Firewall Logging' under 'Logging
Tasks', and then switch the 'log storage format' from 'MSDE database'
(default) to 'File'.
6) Switch to the 'Fields' tab, click 'Select All', and then click OK.
7) In the 'Task Pane', click 'Configure Web Proxy Logging' under 'Logging
Tasks', and then switch the 'log storage format' from 'MSDE database'
(default) to 'File'.
8) Switch to the 'Fields' tab, click 'Select All', and then click OK.
9) Click 'Apply' to save changes and update the configuration.
10) Temporarily disable the Firewall service. To do that, please click
Monitoring | Services tab, and then right click 'Microsoft Firewall' to
choose 'Stop'.
11) Clear the current existing W3C logs. To do that, go to the log saving
directory and clean any existing .W3C logs. By default, the logs will be
saved to 'C:\Program Files\Microsoft ISA Server\ISALogs'. (Some MDF may not
be able to deleted, that's normal.) You may backup them first and then
delete them.
12) Go back to the ISA 2004 management console, and then Start the stopped
'Microsoft Firewall' service.
13) Reproduce the problem, stop the service, and then gather the resulting
W3C files to me for analysis.
14) Please also let me know the IP address of the testing clients so that I
can filter the data.
3. Gather MPS network report on SBS:
a. Download MPSrepot_network from
http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0bd9
15706/MPSRPT_NETWORK.EXE
b. Run MPSRPT_NETWORK.exe.
c. The tool will automatically collect the information. This procedure will
take 10~15 minutes.
d. Open Windows Explorer, navigate to the folder:
%SystemRoot%\MPSReports\Network\Reports\Cab\
e. Send the .cab file directly to me at v-terliu@microsoft.com
I hope these steps will give you some help.
Thanks and have a nice day!
Best regards,
Terence Liu (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check
http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
>Thread-Topic: Firewall block access
>thread-index: AcjXs8xehaA+/EGFQia3QgCo14rKUQ==
>X-WBNR-Posting-Host: 207.46.19.168
>From: =?Utf-8?B?SmltbXk=?= <Jimmy@discussions.microsoft.com>
>References: <7BFF2BB0-5E7B-4A02-9DEC-5F02C0A0E7D9@microsoft.com>
<uV87LF71IHA.528@TK2MSFTNGP02.phx.gbl>
>Subject: Re: Firewall block access
>Date: Thu, 26 Jun 2008 10:41:00 -0700
>Lines: 24
>Message-ID: <B170CC0C-7CA5-4784-A78B-42B4BB2A1A45@microsoft.com>
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="Utf-8"
>Content-Transfer-Encoding: 7bit
>X-Newsreader: Microsoft CDO for Windows 2000
>Content-Class: urn:content-classes:message
>Importance: normal
>Priority: normal
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2992
>Newsgroups: microsoft.public.windows.server.sbs
>Path: TK2MSFTNGHUB02.phx.gbl
>Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:113160
>NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
>X-Tomcat-NG: microsoft.public.windows.server.sbs
>
>Server has two LANs cards and there is no router before server. I have
ISA
>server, and I have opened ports. It still have problem. Now, I ran wizard
to
>turn off firewall, but it is still not working.
>
>"Joe" wrote:
>
>> Jimmy wrote:
>> > Server is SBS2003. I try to set up EDI with partners, so I have
opended
>> > ports 5080 and 4080.
>> > Can anyone help me to find out why and how I can fix this problem
>> >
>>
>> Not a chance without knowing something of how your network and SBS are
>> organised.
>>
>> Is there a router between the SBS and Internet?
>>
>> Is the SBS using one NIC or two?
>>
>> If two, and if you have SBS Premium, are you using ISA?
>>
>> Does the netstat -an command on the SBS show anything listening on these
>> ports?
>>
>