SMB2K3 Prem: Setup with Dynamic DNS Service TZO
John
2003 utiliting a Dynamic DNS service such as TZO. I have been searching and
cannot seem to find anything.
Thanks,
John
Merv Porter [SBS-MVP]
What's your network setup (1 Nic, 2 Nics, router, SBS Premium or do you have
Standard)?
--
Merv Porter [SBS MVP]
===================================
"John" <Jo...@discussions.microsoft.com> wrote in message
news:72628D80-0B4E-4BC2...@microsoft.com...
MCLTECH
http://www.tzo.com/MainPageSupport/HowToPage/HowToMsftProxyServerPacketFilters.html
Cal
"John" <Jo...@discussions.microsoft.com> wrote in message
news:72628D80-0B4E-4BC2...@microsoft.com...
Merv Porter [SBS-MVP]
--
Merv Porter [SBS MVP]
===================================
"MCLTECH" <mcltech...@nas.net> wrote in message
news:eX536v6C...@tk2msftngp13.phx.gbl...
Merv Porter [SBS-MVP]
(feel free to point out any required corrections)
DDNS ACCOUNT
Create a DDNS (Dynamic DNS) account at dyndns.org, tzo.com, no-ip.com or
other DDNS provider. For basic services, many of these are free. This will
map your (potential changeable) Dynamic IP address from your ISP to your
DDNS account so that you can always have access to your server, even if the
IP address changes.
To determine your present public IP address, you can go to:
NETWORK SETUP
The preferred network setup is 2 NICs in the SBS server plus a router. A
network configuration diagram can be found:
http://www.smallbizserver.net/Default.aspx?tabid=50
Ignore the text as that was written for setting up SBS 2000. For SBS 2003,
just follow the diagram to set up your hardware. In your router's setup
program, forward the following ports to the external NIC of your SBS:
4125, 443. for Remote Web Access, Outlook Web Access
1723, GRE Protocol 47. for VPN; sometimes called VPN Pass-through or PPTP
Pass-through in the router setup
CEICW SETUP
For the following steps, you may want to refer to Andy Goodman's web site
for screen shots and additional setup dialog for running CEICW and Configure
Remote Access.
Configure CEICW
http://www.sbs-rocks.com/sbs2k3/sbs2k3-n2.htm
Configure Remote Access
http://www.sbs-rocks.com/sbs2k3/sbs2k3-n3.htm
After you have the hardware set up and the router configured, run CEICW
(Connect to the Internet) in the Server Management console. On the Firewall
screen, select "Enable Firewall" and then choose the services you want to
allow (FTP is not recommended). On the Web Services Configuration screen,
select OWA and RWW (and anything else you need). On the Web Server
Certificate screen, under "Create a New Web Server Certificate", enter your
new DDNS account Fully Qualified Domain Name (FQDN; e.g.,
yourcompany.dyndns.org).
SMARTHOST
As is normal with many ISPs, you'll probably need to authenticate to your
ISP's SMTP server when SENDING mail. In order to accomplish this, you'll
first need to configure Exchange server to use a Smarthost. So, continuing
on with CEICW, at the "Internet E-mail" screen, select Enable Internet
e-mail. On the Email Delivery Method screen, select "Forward all email to
the email server at your ISP". Enter your ISP's SMTP server (e.g.,
mail.yourisp.com).
POP3 CONNECTOR
Since you have a dynamic public IP address from your ISP, you'll probably
need to set up the POP3 Connector to RETRIEVE email. On the Email Retrieval
Method screen, select "Use the Microsoft Connector for POP3 Mailboxes".
Now, the presumption is that you have registered a domain name and your ISP
(or another 3rd party service) is hosting your email. So, on the Email
Domain Name screen, enter your FQDN for your email (e.g., mycompany.com).
This will be the email (domain) address which will be attached to all
outgoing mail (e.g., us...@mycompany.com). The next screen(s) will let you
set up retrieval for individual POP3 accounts or a single global account
(depending on how you will be retrieving your POP3 mail).
COMPLETING CEICW
Continue through the remainder of the CEICW screens and SBS will set itself
up.
CONFIGURE REMOTE ACCESS
If you need to set up VPN service, after CEICW has completed, run Configure
Remote Access from the Server Management console.
SMARTHOST AUTHENTICATION
In CEICW you told it to "Forward all email to the email server at your ISP"
(i.e., use the ISP as a Smarthost). Most ISPs require authentication to do
this. To configure authentication, go to:
Server Management | Advanced Management | First Organization (Exchange) |
Connectors | (right click) SmallBusiness SMTP Connector | Properties |
Advanced | Outbound Security | Basic Authentication | Modify.
and enter your authentication credentials. This is usually the primary
account username/password or an email account username/password that was set
up when you signed up with your ISP. Once you've done this, click OK three
times and your Smarthost authentication is done.
UPDATING YOUR IP ADDRESS WITH YOUR DDNS SERVICE
Now, since your ISP-assigned dynamic IP address is subject to change without
notice, you need a way to automatically update your DDNS account
periodically with the correct IP information. Some DDNS service providers
have a small application you run on either the server or a workstation on
your network. If your DDNS provider does not provide one, you can try
DirectUpdate.
DirectUpdate
NOTE: Some DDNS providers may require additional configuration if you are
using SBS 2003 Premium (with ISA). A couple of references are:
http://www.isaserver.org/tutorials/TZO_Packet_Filters.html
http://www.tzo.com/MainPageSupport/HowToPage/HowToMsftProxyServerPacketFilters.html
ACCESSING RWW AND OWA
Once finished, you can access RWW and OWA by entering the following from any
Internet connected web browser and accepting installation of the
certificate:
https://yourcompany.dyndns.org/remote (to access RWW)
https://yourcompany.dyndns.org/exchange (to access OWA)
--
Merv Porter [SBS MVP]
"John" <Jo...@discussions.microsoft.com> wrote in message
news:72628D80-0B4E-4BC2...@microsoft.com...
John
DHCP.
If i am better off, I would use SBS as the DHCP, install 2nd nic and run ISA.
To be honest this is a home configuration and want to host web services,
email, OWA and VPN.
Merv Porter [SBS-MVP]
troubleshooting info that I've found in the newsgroups is written for a 2
NIC setup. Having a router in the mix makes for a little easier
troubleshooting. It's also more secure. If you only have 1 NIC, ISA will
not be running in firewall mode so the only protection you have is your
router. With 2 NICs, you've got your router as your first layer of defense
and then ISA takes over as the second layer.
--
Merv Porter [SBS MVP]
===================================
"John" <Jo...@discussions.microsoft.com> wrote in message
news:CC0E0543-4CC5-4D8E...@microsoft.com...
GG [MVP]
> Now, since your ISP-assigned dynamic IP address is subject to change
> without notice, you need a way to automatically update your DDNS
> account periodically with the correct IP information. Some DDNS
> service providers have a small application you run on either the
> server or a workstation on your network. If your DDNS provider does
> not provide one, you can try DirectUpdate.
>
> DirectUpdate
>
> http://www.directupdate.net
If you are using DirectUpdate, and on ISA server you are using
the option "Ask unautheticated user for authentication" you have
also configure "Basic identifation for this domain" on identification
on "Outgoing Web request" and on DirectUpdate you have to
configure proxy as ISA Server name of you SBS port 8080 and
user authentication. You can create a specific account on SBS
for on this, I don't like use basic authentification because login
and password is clear on the net, but in this case if you install
DirectUpdate on same machine then ISA (SBS) the login and
password will stay on the machine, and it works fine, I am using
and William is good guy, I am not using http ip detect, I am
using snmp with Alacatel 510/530 DSL router and it is very
good. The regular interval time of HTTP ip request is limited
each 10 minutes, normaly you cannot get down this time. that
why I am using snmp every minute. In this case you have to
configure the IP of you router in your LAT.
--
Cordialement.
GG.
http://sbsfr.mvps.org/
http://gilsga.mvps.org/
Merv Porter [SBS-MVP]
--
Merv Porter [SBS MVP]
===================================
"GG [MVP]" <ne...@nospam.assysm.com> wrote in message
news:%23eerdP8...@TK2MSFTNGP12.phx.gbl...
GG [MVP]
I'll write a page in it, with some screen capture on ISA and DU.
But in french of course, nobody is perfect. :-)
GG [MVP]
> Good info GG. I'll incorporate this into my procedure document.
An other good stuff with DU you can mention, if your SBS is managing
DSL over PPPoE you have normally to use the ISA script of Jim Harisson
to stop and start ISA server. With DU you can stop and start any service
you want on SBS without executing any script, and also ISA Server.
Last thing with DU when you restart SBS you have to configure 2 minutes
(120 s) before try to detect new IP address because DU needs DNS
server from SBS is running to request outside the new IP address, if
you are using this way.
Andrew Hodgson
TZO is not the most popular service, a lot of routers support Dyndns
and Custom DNS within Dyndns.org, so it would probably work better
with your setup, port forwarding web services etc through the router
using the port forwarding table. If you need TZO it is just a matter
of configuring port forwarding correctly on the router and then
running the TZO client on your server or any workstation connected
from the router. Unlike others here I don't like using my primary
domain controler as a router, or having it near the internet without
some form of hardware firewall.
Andrew.
--
Andrew Hodgson in Bromyard, Herefordshire, UK.
My Email: use <andrew at hodgsonfamily dot org>.
MCLTECH
that is true - though more manufacturers are enabling TZO as DDNS service.
FWIW - I have used TZO.COM on my own and several client systems for many
years. They have not failed me, have been responsive to questions (even
outside their responsibility or scope), their interface works, and they now
have a Lite Client (no web/picture server, etc.) that I (and no doubt
others) asked for.
They also are now supporting SPF records.
Other DDNS systems may work as well and as reliably, at less or no cost.
Others would need to speak for them. I for one have not seen a need to
change from TZO.
Cal
"Andrew Hodgson" <m...@privacy.net> wrote in message
news:c22d01hi40688vb1r...@4ax.com...