SBS 2008 Std
mydomain.com

Ok, I am coming across some conflicting information so I am looking for some
clarification. I have set up an SBS 2008 server and configured an internet
domain name in the sbs (remote.mydomain.com). From there I purchased an SSL
certificate (from Godaddy) and have installed it on the server.



Normally I only open ports 443, 444, 25 and 4125 to the server (I also open
3389 for direct RDP connections) for my SBS 2003 servers. I do NOT open
port 80. I read in the SBS 2008 Console a note about opening port 80 which
I think will redirect to 443 if I do open it up. Right now I can tell my
users to open up IE and go to https://remote.mydomain.com which starts up
the \remote. Should I also turn on port 80 so users have to type in just
"remote.mydomain.com" and it will redirect to https://remote.mydomain.com
for the remote session?

Also, the 444 port was for the sharepoint/companyweb. I think has now
changed to 987 so is it valid to say turn off 444 and turn on 987 for SBS
2008 servers?

Thanks!

-Richard K

Port 444 was used for Sharepoint in 2003, in 2008 use 987 for sharepoint, so
it is valid to say switch off 444 and open 987.

In case of port 80 you do not need to open it, you can just ask the users to
type https://remote.domain.com. By not opening port 80 you won't lose any
functionality apart from automatic redirect to port 443.

With kind regards
Krystian Zieja
http://www.projectenvision.com

"Richard K" wrote:

> SBS 2008 Std
> mydomain.com
>
> Ok, I am coming across some conflicting information so I am looking for some
> clarification. I have set up an SBS 2008 server and configured an internet
> domain name in the sbs (remote.mydomain.com). From there I purchased an SSL
> certificate (from Godaddy) and have installed it on the server.
>
> Normally I only open ports 443, 444, 25 and 4125 to the server (I also open
> 3389 for direct RDP connections) for my SBS 2003 servers. I do NOT open
> port 80. I read in the SBS 2008 Console a note about opening port 80 which
> I think will redirect to 443 if I do open it up. Right now I can tell my
> users to open up IE and go to https://remote.mydomain.com which starts up
> the \remote. Should I also turn on port 80 so users have to type in just
> "remote.mydomain.com" and it will redirect to https://remote.mydomain.com
> for the remote session?
>
> Also, the 444 port was for the sharepoint/companyweb. I think has now
> changed to 987 so is it valid to say turn off 444 and turn on 987 for SBS
> 2008 servers?
>
> Thanks!
>
> -Richard K
>
>
>
>

But if I do open up port 80 will the users be able to just type in
"remote.mydomain.com" and they will be redirected to
https://remote.mydomain.com? I know it may sound trivial but it's so much
easier telling them remote.mydomain.com vs. the whole https:// part because
most people miss the "s" part and can't figure out why it won't work. Is
that also safe on the server if I open port 80?

OK, on the 987 vs. 444. that part made sense.

-Richard K

"Krystian Zieja" <KrystianZieja@newsgroup> wrote in message
news:142A34EF-FFC7-40CE-93D6-5B7FCD54E5D3@newsgroup

> Port 444 was used for Sharepoint in 2003, in 2008 use 987 for sharepoint,
> so
> it is valid to say switch off 444 and open 987.
>
> In case of port 80 you do not need to open it, you can just ask the users
> to
> type https://remote.domain.com. By not opening port 80 you won't lose any
> functionality apart from automatic redirect to port 443.
>
> With kind regards
> Krystian Zieja
> http://www.projectenvision.com
>
> "Richard K" wrote:
>

>> SBS 2008 Std
>> mydomain.com
>>
>> Ok, I am coming across some conflicting information so I am looking for
>> some
>> clarification. I have set up an SBS 2008 server and configured an
>> internet
>> domain name in the sbs (remote.mydomain.com). From there I purchased an
>> SSL
>> certificate (from Godaddy) and have installed it on the server.
>>
>> Normally I only open ports 443, 444, 25 and 4125 to the server (I also
>> open
>> 3389 for direct RDP connections) for my SBS 2003 servers. I do NOT open
>> port 80. I read in the SBS 2008 Console a note about opening port 80
>> which
>> I think will redirect to 443 if I do open it up. Right now I can tell my
>> users to open up IE and go to https://remote.mydomain.com which starts up
>> the \remote. Should I also turn on port 80 so users have to type in just
>> "remote.mydomain.com" and it will redirect to https://remote.mydomain.com
>> for the remote session?
>>
>> Also, the 444 port was for the sharepoint/companyweb. I think has now
>> changed to 987 so is it valid to say turn off 444 and turn on 987 for SBS
>> 2008 servers?
>>
>> Thanks!
>>
>> -Richard K
>>
>>
>>
>>

Your users can't type in an "s"? Really they can't be taught that
little thing? I may be jaded admin but if they can't be taught that,
should they have remote access in the first place?

The reason why I keep the 80 closed is that it keeps me a little bit
less paranoid. It's one less port for me to keep watch on.

Is it safe? Depends. What's the complexity of the passwords?

Richard K wrote:

> But if I do open up port 80 will the users be able to just type in
> "remote.mydomain.com" and they will be redirected to
> https://remote.mydomain.com? I know it may sound trivial but it's so much
> easier telling them remote.mydomain.com vs. the whole https:// part because
> most people miss the "s" part and can't figure out why it won't work. Is
> that also safe on the server if I open port 80?
>
> OK, on the 987 vs. 444. that part made sense.
>
> -Richard K
>
> "Krystian Zieja" <KrystianZieja@newsgroup> wrote in message
> news:142A34EF-FFC7-40CE-93D6-5B7FCD54E5D3@newsgroup

>> Port 444 was used for Sharepoint in 2003, in 2008 use 987 for sharepoint,
>> so
>> it is valid to say switch off 444 and open 987.
>>
>> In case of port 80 you do not need to open it, you can just ask the users
>> to
>> type https://remote.domain.com. By not opening port 80 you won't lose any
>> functionality apart from automatic redirect to port 443.
>>
>> With kind regards
>> Krystian Zieja
>> http://www.projectenvision.com
>>
>> "Richard K" wrote:
>>

>>> SBS 2008 Std
>>> mydomain.com
>>>
>>> Ok, I am coming across some conflicting information so I am looking for
>>> some
>>> clarification. I have set up an SBS 2008 server and configured an
>>> internet
>>> domain name in the sbs (remote.mydomain.com). From there I purchased an
>>> SSL
>>> certificate (from Godaddy) and have installed it on the server.
>>>
>>> Normally I only open ports 443, 444, 25 and 4125 to the server (I also
>>> open
>>> 3389 for direct RDP connections) for my SBS 2003 servers. I do NOT open
>>> port 80. I read in the SBS 2008 Console a note about opening port 80
>>> which
>>> I think will redirect to 443 if I do open it up. Right now I can tell my
>>> users to open up IE and go to https://remote.mydomain.com which starts up
>>> the \remote. Should I also turn on port 80 so users have to type in just
>>> "remote.mydomain.com" and it will redirect to https://remote.mydomain.com
>>> for the remote session?
>>>
>>> Also, the 444 port was for the sharepoint/companyweb. I think has now
>>> changed to 987 so is it valid to say turn off 444 and turn on 987 for SBS
>>> 2008 servers?
>>>
>>> Thanks!
>>>
>>> -Richard K
>>>
>>>
>>>
>>>

>
>

"Susan Bradley" <sbradcpa@newsgroup> wrote in message
news:uPBZb7CLKHA.5948@newsgroup

> Your users can't type in an "s"? Really they can't be taught that little
> thing? I may be jaded admin but if they can't be taught that, should they
> have remote access in the first place?
>
> The reason why I keep the 80 closed is that it keeps me a little bit less
> paranoid. It's one less port for me to keep watch on.
>
> Is it safe? Depends. What's the complexity of the passwords?
>

Susan,

I've setup all my non-SBS customers with a redirect for OWA using redirect
command in an asp page. For SBS customers, I have the SBS Welcome page
redirected, and removed Anonymous, so they must log in. Once in, I even
altered the welcome page to add an SSL VPN link to the Cisco ASA to direclty
download the SSL VPN client, as well as added a link to the OWA site.

Believe me, after I did that a few years ago, the phone calls regarding that
the OWA site won't work, went down to zero, of course unless the link or
Exchange was down. You can tell them until you're blue in the face, and
there's always that one or two that have selective listening skills that
will be calling. And if you're late responding (this happened witha specific
140 seat customer where I was just a consultant for their network admin),
they go complaining to the owner, who'll call me directly. I simply explain
that it's in the one page document how-to that I created and emailed
everyone, which is available in a public folder, as well as thumbtacked on
the bulletin board in the lunch room. The boss winds up laughing, which is
cool, but I got tired of it and just setup a redirect.

The easier you make it for them, the less phone calls. :-)

Ace

Can your users remember the url for your company web site? For example:
www.microsoft.com

If so, could they rememember www.yourwebsite.com/remote or some similar
link?

If so, create a page on your company web site with no links, in essence a
hidden page.

Put the https://blah-blah/remote link, along with any others you want them
to link to on that hidden page.

Now, all they have to remember is www.yourwebsite.com/hidden-page

--
Larry
Please post the resolution to your
issue so that others may benefit.

Get a Health Check for SBS at:
www.sbsbpa.com


"Susan Bradley" <sbradcpa@newsgroup> wrote in message
news:uPBZb7CLKHA.5948@newsgroup

> Your users can't type in an "s"? Really they can't be taught that little
> thing? I may be jaded admin but if they can't be taught that, should they
> have remote access in the first place?
>
> The reason why I keep the 80 closed is that it keeps me a little bit less
> paranoid. It's one less port for me to keep watch on.
>
> Is it safe? Depends. What's the complexity of the passwords?
>
> Richard K wrote:

>> But if I do open up port 80 will the users be able to just type in
>> "remote.mydomain.com" and they will be redirected to
>> https://remote.mydomain.com? I know it may sound trivial but it's so
>> much easier telling them remote.mydomain.com vs. the whole https:// part
>> because most people miss the "s" part and can't figure out why it won't
>> work. Is that also safe on the server if I open port 80?
>>
>> OK, on the 987 vs. 444. that part made sense.
>>
>> -Richard K
>>
>> "Krystian Zieja" <KrystianZieja@newsgroup> wrote in
>> message news:142A34EF-FFC7-40CE-93D6-5B7FCD54E5D3@newsgroup

>>> Port 444 was used for Sharepoint in 2003, in 2008 use 987 for
>>> sharepoint, so
>>> it is valid to say switch off 444 and open 987.
>>>
>>> In case of port 80 you do not need to open it, you can just ask the
>>> users to
>>> type https://remote.domain.com. By not opening port 80 you won't lose
>>> any
>>> functionality apart from automatic redirect to port 443.
>>>
>>> With kind regards
>>> Krystian Zieja
>>> http://www.projectenvision.com
>>>
>>> "Richard K" wrote:
>>>
>>>> SBS 2008 Std
>>>> mydomain.com
>>>>
>>>> Ok, I am coming across some conflicting information so I am looking for
>>>> some
>>>> clarification. I have set up an SBS 2008 server and configured an
>>>> internet
>>>> domain name in the sbs (remote.mydomain.com). From there I purchased
>>>> an SSL
>>>> certificate (from Godaddy) and have installed it on the server.
>>>>
>>>> Normally I only open ports 443, 444, 25 and 4125 to the server (I also
>>>> open
>>>> 3389 for direct RDP connections) for my SBS 2003 servers. I do NOT
>>>> open
>>>> port 80. I read in the SBS 2008 Console a note about opening port 80
>>>> which
>>>> I think will redirect to 443 if I do open it up. Right now I can tell
>>>> my
>>>> users to open up IE and go to https://remote.mydomain.com which starts
>>>> up
>>>> the \remote. Should I also turn on port 80 so users have to type in
>>>> just
>>>> "remote.mydomain.com" and it will redirect to
>>>> https://remote.mydomain.com
>>>> for the remote session?
>>>>
>>>> Also, the 444 port was for the sharepoint/companyweb. I think has now
>>>> changed to 987 so is it valid to say turn off 444 and turn on 987 for
>>>> SBS
>>>> 2008 servers?
>>>>
>>>> Thanks!
>>>>
>>>> -Richard K
>>>>
>>>>
>>>>
>>>>

>>

I don't do VPN.

I have given them a quick landing page so they don't have to do
remote.domain.com nor mail.domain.com it's a unique url similar to our
email domain but just a little bit different. I don't tell them until
I'm blue in the face, it's an easy url with an 's'.

Ace Fekay [MCT] wrote:

> "Susan Bradley" <sbradcpa@newsgroup> wrote in message
> news:uPBZb7CLKHA.5948@newsgroup

>> Your users can't type in an "s"? Really they can't be taught that
>> little thing? I may be jaded admin but if they can't be taught that,
>> should they have remote access in the first place?
>>
>> The reason why I keep the 80 closed is that it keeps me a little bit
>> less paranoid. It's one less port for me to keep watch on.
>>
>> Is it safe? Depends. What's the complexity of the passwords?
>>

>
> Susan,
>
> I've setup all my non-SBS customers with a redirect for OWA using
> redirect command in an asp page. For SBS customers, I have the SBS
> Welcome page redirected, and removed Anonymous, so they must log in.
> Once in, I even altered the welcome page to add an SSL VPN link to the
> Cisco ASA to direclty download the SSL VPN client, as well as added a
> link to the OWA site.
>
> Believe me, after I did that a few years ago, the phone calls regarding
> that the OWA site won't work, went down to zero, of course unless the
> link or Exchange was down. You can tell them until you're blue in the
> face, and there's always that one or two that have selective listening
> skills that will be calling. And if you're late responding (this
> happened witha specific 140 seat customer where I was just a consultant
> for their network admin), they go complaining to the owner, who'll call
> me directly. I simply explain that it's in the one page document how-to
> that I created and emailed everyone, which is available in a public
> folder, as well as thumbtacked on the bulletin board in the lunch room.
> The boss winds up laughing, which is cool, but I got tired of it and
> just setup a redirect.
>
> The easier you make it for them, the less phone calls. :-)
>
> Ace
>
>

"Susan Bradley" <sbradcpa@newsgroup> wrote in message
news:%23Ao8BTDLKHA.4168@newsgroup

>I don't do VPN.
>
> I have given them a quick landing page so they don't have to do
> remote.domain.com nor mail.domain.com it's a unique url similar to our
> email domain but just a little bit different. I don't tell them until I'm
> blue in the face, it's an easy url with an 's'.
>

I was just relating my past experience with it. I tried to ignore them after
I've told them a dozen times, but got tired of the phone calls because they
didn't read the doc or heard what I said. :-)

The VPN thing is only for a handful of customers. One, for instance, has an
ERP a few people need access to from home. Non-SBS. So I set it up a VPN to
connect in, so they can RDP into their own desktop to use the app. Otherwise
I would have needed an IP for each user to use RDP over 3389. I dont like
opening that up anyway, so the VPN was the answer. SSL VPN connects/installs
using a browser, so I didn't have to install the client, which made it
easier.

Your solution sounds easy, too.

:-)

I have been setting up 3 simple url redirects (email.mydomain.com,
remote.mydomain.com and companyweb.mydomain.com) that will redirect to the
full https://..... for \remote, \exchange and :444 so it was easy. I don't
necessarily disagree with the whole "s" thing but like others have said you
can talk until you are blue in the face. With the 3-in-1 page that SBS 2008
has set up for email, remote and companyweb/sharepoint I want to make it a
simple 1 url for them to remember. From there they login and chose which of
the 3 options they want. The biggest thing for me is to move from a
self-signed cert to a valid 3rd party like GoDaddy. After a while it's not
worth the hastle for $26/year to get a GoDaddy cert and it seems to make SBS
2008 function so much easier.

Being new to SBS 2008 I'm trying to put together my "standards" for future
clients like I have with SBS 2003 which took me a while to really nail down.
I'm always open to ideas and hear what others have done. This is some neat
stuff.

Thanks for everyone's opinions.

-Richard K

"Richard K" <rkokoski@newsgroup> wrote in message
news:eTt0txCLKHA.4432@newsgroup

> But if I do open up port 80 will the users be able to just type in
> "remote.mydomain.com" and they will be redirected to
> https://remote.mydomain.com? I know it may sound trivial but it's so much
> easier telling them remote.mydomain.com vs. the whole https:// part
> because most people miss the "s" part and can't figure out why it won't
> work. Is that also safe on the server if I open port 80?
>
> OK, on the 987 vs. 444. that part made sense.
>
> -Richard K
>
> "Krystian Zieja" <KrystianZieja@newsgroup> wrote in
> message news:142A34EF-FFC7-40CE-93D6-5B7FCD54E5D3@newsgroup

>> Port 444 was used for Sharepoint in 2003, in 2008 use 987 for sharepoint,
>> so
>> it is valid to say switch off 444 and open 987.
>>
>> In case of port 80 you do not need to open it, you can just ask the users
>> to
>> type https://remote.domain.com. By not opening port 80 you won't lose any
>> functionality apart from automatic redirect to port 443.
>>
>> With kind regards
>> Krystian Zieja
>> http://www.projectenvision.com
>>
>> "Richard K" wrote:
>>

>>> SBS 2008 Std
>>> mydomain.com
>>>
>>> Ok, I am coming across some conflicting information so I am looking for
>>> some
>>> clarification. I have set up an SBS 2008 server and configured an
>>> internet
>>> domain name in the sbs (remote.mydomain.com). From there I purchased an
>>> SSL
>>> certificate (from Godaddy) and have installed it on the server.
>>>
>>> Normally I only open ports 443, 444, 25 and 4125 to the server (I also
>>> open
>>> 3389 for direct RDP connections) for my SBS 2003 servers. I do NOT open
>>> port 80. I read in the SBS 2008 Console a note about opening port 80
>>> which
>>> I think will redirect to 443 if I do open it up. Right now I can tell
>>> my
>>> users to open up IE and go to https://remote.mydomain.com which starts
>>> up
>>> the \remote. Should I also turn on port 80 so users have to type in
>>> just
>>> "remote.mydomain.com" and it will redirect to
>>> https://remote.mydomain.com
>>> for the remote session?
>>>
>>> Also, the 444 port was for the sharepoint/companyweb. I think has now
>>> changed to 987 so is it valid to say turn off 444 and turn on 987 for
>>> SBS
>>> 2008 servers?
>>>
>>> Thanks!
>>>
>>> -Richard K
>>>
>>>
>>>
>>>

>
>

Susan, so is this a single url you provide and that landing page has the
urls for owa, remote and companyweb/sharepoint? Can you please provide a
sample of the url you do provide? The idea sounds simlar to what I see as
the 3-in-1 landing page for SBS 2008 once the user logs in. Up until now I
have had alot of success with the email., remote. and companyweb. approach,
especially since I don't have to tell them about the "s" in the http.

-Richard K


"Susan Bradley" <sbradcpa@newsgroup> wrote in message
news:%23Ao8BTDLKHA.4168@newsgroup

>I don't do VPN.
>
> I have given them a quick landing page so they don't have to do
> remote.domain.com nor mail.domain.com it's a unique url similar to our
> email domain but just a little bit different. I don't tell them until I'm
> blue in the face, it's an easy url with an 's'.
>
> Ace Fekay [MCT] wrote:

>> "Susan Bradley" <sbradcpa@newsgroup> wrote in message
>> news:uPBZb7CLKHA.5948@newsgroup

>>> Your users can't type in an "s"? Really they can't be taught that
>>> little thing? I may be jaded admin but if they can't be taught that,
>>> should they have remote access in the first place?
>>>
>>> The reason why I keep the 80 closed is that it keeps me a little bit
>>> less paranoid. It's one less port for me to keep watch on.
>>>
>>> Is it safe? Depends. What's the complexity of the passwords?
>>>

>>
>> Susan,
>>
>> I've setup all my non-SBS customers with a redirect for OWA using
>> redirect command in an asp page. For SBS customers, I have the SBS
>> Welcome page redirected, and removed Anonymous, so they must log in. Once
>> in, I even altered the welcome page to add an SSL VPN link to the Cisco
>> ASA to direclty download the SSL VPN client, as well as added a link to
>> the OWA site.
>>
>> Believe me, after I did that a few years ago, the phone calls regarding
>> that the OWA site won't work, went down to zero, of course unless the
>> link or Exchange was down. You can tell them until you're blue in the
>> face, and there's always that one or two that have selective listening
>> skills that will be calling. And if you're late responding (this happened
>> witha specific 140 seat customer where I was just a consultant for their
>> network admin), they go complaining to the owner, who'll call me
>> directly. I simply explain that it's in the one page document how-to that
>> I created and emailed everyone, which is available in a public folder, as
>> well as thumbtacked on the bulletin board in the lunch room. The boss
>> winds up laughing, which is cool, but I got tired of it and just setup a
>> redirect.
>>
>> The easier you make it for them, the less phone calls. :-)
>>
>> Ace
>>