How to publish http://Companyweb to the Internet by using ISA Server 2000 on a server that is running Windows Small Business Server 2003, Premium Edition (838304)


The information in this article applies to:

  • Microsoft Windows Small Business Server 2003, Premium Edition
Important This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry

SUMMARY

This article describes how to publish the company's internal Web site (http://Companyweb) to the Internet by using Microsoft Internet Security and Acceleration (ISA) Server 2000 on a server that is running Microsoft Windows Small Business Server 2003, Premium Edition, so that external clients can access http://Companyweb directly by using https://FQDN:444, where FQDN is the fully qualified domain name of the server that is running Windows Small Business Server 2003. Alternatively, external clients can access http://Companyweb from the Remote Web Workplace feature on the SBS 2003 server by using https://FQDN/remote.

MORE INFORMATION

This section describes how to configure Microsoft Windows Small Business Server 2003, Premium Edition, CompanyWeb with ISA Server 2000.

Before you can publish http://CompanyWeb to the Internet by using ISA Server 2000, you must create a protocol definition and a server publishing rule. You must also assign a Web certificate to http://Companyweb by using Internet Information Services (IIS), and then you must modify the registry settings for the Remote Web Workplace feature on the SBS 2003 server to make the remote workplace accessible from the Internet. The following four procedures explain how to make these modifications.
%

Configure a new protocol definition in ISA Server 2000

  1. Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Management.
  2. In the ISA Management console, expand Policy Elements, right-click Protocol Definitions, click New, and then click Definition.
  3. On the Welcome to the New Protocol Definition Wizard page, type Companyweb Inbound 444 in the Protocol definition name box, and then click Next.
  4. On the Primary Connection Information page, type 444 in the Port Number box. Leave the Protocol type setting as TCP. In the Direction list, click Inbound, and then click Next.
  5. On the Secondary Connections page, leave the Do you want to use secondary connections? setting as No, click Next, and then click Finish.

Publish Companyweb by using ISA Server 2000

  1. Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Management.
  2. In the ISA Management console, expand Publishing, right-click Server Publishing Rules, click New, and then click Rule.
  3. On the Welcome to the New Server Publishing Rule Wizard page, type a name for the new rule (for example, type Companyweb), and then click Next.
  4. On the Address Mapping page, under IP address of internal server, type the internal IP address of the server that is running Windows Small Business Server 2003. (For example, type 192.168.16.2). Then, under External IP address on ISA Server, type the appropriate IP address for the external interface of the server that is running Windows Small Business Server 2003, and then click Next.

    Note Microsoft recommends that you use a static IP address for the external network adapter on the computer that is running ISA Server 2000. If you use a dynamic IP address, you must modify the server publishing rule whenever the dynamic IP address changes on the external network adapter on the computer that is running ISA Server 2000.
  5. On the Protocol Settings page, click Companyweb Inbound 444 in the Apply the rule to this protocol list, and then click Next.
  6. On the Client Type page, click the appropriate client type under Apply the rule to requests from.

    Note If the server is used by computers that are on the Internet, Any request is the best choice.
  7. Click Next, and then click Finish.
  8. Restart the ISA Server 2000 Firewall service. To do so, follow these steps:
    1. Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Management.
    2. In the ISA Management console, expand Servers and Arrays, expand ISAServerName, expand Monitoring, and then click Services.
    3. In the right pane, right-click Firewall, and then click Stop.
    4. After the Firewall service stops, right-click Firewall, and then click Start to restart the Firewall service.
Important If your server is behind a hardware firewall, make sure that TCP port 444 is open on the hardware firewall.

Assign a Web server certificate to http://CompanyWeb by using IIS

  1. Click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
  2. In the left pane of the IIS Manager console, click your server name.
  3. In the right pane, double-click Web Sites.
  4. In the right pane, right-click Companyweb, and then click Properties.
  5. Click Directory Security, and then click Server Certificate.
  6. On the Welcome to the Web Server Certificate Wizard page, click Next.
  7. On the Server Certificate page, click Assign an existing certificate, and then click Next.
  8. On the Available Certificates page, click the installed certificate that you want to assign to this Web site, and then click Next. Make sure that the name of the certificate matches the name that you specified when you ran the Configure E-mail and Internet Connection Wizard. Do not click publishing.InternalDomain.local, where InternalDomain.local is your internal DNS domain name.

    The publishing.InternalDomain.local certificate is only used internally. The certificate that you assign to the Companyweb site must match the Uniform Resource Locator (URL) that users enter to connect to the server from the Internet.
  9. On the SSL Port page, type 444 in the SSL port this web site should use box, and then click Next.
  10. On the Certificate Summary page, review the information about the certificate, and then click Next.
  11. On the Completing the Web Server Certificate Wizard page, click Finish, and then click OK.
Important If your server is behind a hardware firewall, make sure TCP port 444 is open on the hardware firewall.

Configure Remote Web Workplace

To publish http://Companyweb in Remote Web Workplace on the Internet, you must change certain registry values. To do so, follow these steps.

Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
  1. Click Start, click Run, type regedit in the Open box, and then click OK.
  2. In Registry Editor, locate and then click the following registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SmallBusinessServer\RemoteUserPortal\AdminLinks

  3. In the right pane, right-click HelpDesk, and then click Modify.
  4. In the Value data box, type 1.
  5. Locate and then click the following subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SmallBusinessServer\RemoteUserPortal\AdminLinks

  6. In the right pane, right click STS, and then click Modify.
  7. In the Value data box, type 1.
  8. Repeat steps 5 through 7 for the following subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SmallBusinessServer\RemoteUserPortal\KWLinks

  9. Close Registry Editor.

    Important After you have made the changes that are described in steps 1 through 9, if you run the Configure E-mail and Internet Connection Wizard in Windows Small Business Server 2003, Premium Edition, the registry values will be reset from 1 to 0. Therefore, after you run the wizard, make sure that you run Registry Editor again and that you change the values back to 1.

REFERENCES

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

816794 HOW TO: Install imported certificates on a Web server in Windows Server 2003

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

283284 Blank page or page cannot be displayed when you view SSL sites through ISA Server

Modification Type:MinorLast Reviewed:10/13/2004
Keywords:kbhowto KB838304 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.