Windows Small Business Server 2011 installation and configuration – part 3 configuring “Setup your internet address” wizard

Go directly to SBS 2011 index file. With links to all articles from this serie.

When you finished part 2 “Connect to the Internet” and returned to the SBS Console you now choose “Setup your internet address” to start the wizard.

With this wizard we are going to setup your default domain name for use with the SBS server. This domain name will be setup for use as your e-mail address but also for remote web access (web workplace, outlook web access, etc).

If you do not have any domain name registered you can purchase a domain name via this wizard by choosing the option “I want to purchase a new domain name”. I never used this option because most company’s already own one or more domain names. I heard the options are limited only for a few top level domain domains like .com, .net, etc.

So we choose “I already have a domain name that I want to use.”

You can choose to let the server manage your domain name, only this is preserved for a couple of domain name providers. If you would like to use this option you have to move your domain name to one of these providers.
In this case I will choose for “I want to manage the domain name myself.” You have to configure your DNS records (if needed) manually.

Now we have to fill in our domain name with extension. By default SBS use remote.domainname.extension for remote access. If you would change the remote domain prefix to something different choose “Advanced settings”. Because we have chosen to manually configure DNS records, make sure that the chosen domain name has a record pointing to your server.

The wizard is now configuring you server for remote web access and adding the domain name to your Exchange server.

You have successfully configured your server to use domainname.extension.
The warning you see is because the wizard cannot configure the router for remote access. This is no problem but you have to setup your router to accept the used ports manually.

Go back to part 2 “Connect to the Internet”
Continue with Part 4 configuring “Configure a Smart Host for internet e-mail” wizard

Posted in Blog, Howto, SBS 2011 by ronnypot at January 12th, 2011.
Tags: , ,

164 Responses to “Windows Small Business Server 2011 installation and configuration – part 3 configuring “Setup your internet address” wizard”

  1. henry says:

    Hi,
    I have problems accesing my internet address from internet.
    In my LAN I no have problems, but, from internet I can access the web page.
    Ej. https://remote.myinternet address.com

    Can you help me with this issue.

    Best regards.

    • ronnypot says:

      Hi,
      Do you get an error? Does the external dns record remote.yourinternetaddress.com point to your network? Have you opened port 443 on your router to your SBS server? You can test if port 443 is open by using this page from your sbs server, or use telnet remote.yourinternetaddress.com 443 from outside your network and see if you go a connection.

  2. Zafi says:

    Hi

    Great tutorial, excellent work, how do i setup the external dns record, currently our site is registered with NetworkSolutions but hosted by another ISP. Any help would be great

    • ronnypot says:

      Hi,

      thanks for the compliment. About the external dns you will need to
      configure your external dns provider if you don’t know where your dns
      servers are configured, go to http://whois.sc and type your domain
      name. The result will give the registrar and domain name servers this
      is the party where the are hosted.

      Then you will need to create a A record for remote.yourdomain.com (or
      if you used another name like remote create a record for that) point
      it to the external ip address your SBS server is communicating with
      (the external ip address of your internet line). At last create a MX
      record and point it to remote.yourdomain.com.

      Make sure port 25 smtp (and port 443 https) are open in your router /
      firewall and mapped to your SBS server

      • RottPaws says:

        How do I create the A record? Is that something I do on my SBS box? Or is that something I need to get the DNS host to do?

        I do not have anything set up on the router for port 443, but the http://canyouseeme.org test reports that it is not being blocked. Does that mean I’m good to go where that is concerned?

        • ronnypot says:

          No the A record has to be created on your external DNS.

          If you want to check if port 443 is going to your SBS server please type in your browser https://yourexternalipaddress and you will first receive a certificate error then click continue and you should come to your Remote Web Workplace site

  3. Dennis says:

    Hi,

    Thank u for this great tutorial. I recently installed a SBS 2011 for a client with the help of ur tutorial. It was pretty easy. I only have a little knowledge in exchange server.My client would like to use exchange server for his mails.So can u please help me regarding the same?

    My client setup is as follows:

    10 computers ( windows 7 professional) under the SBS 2011

    Only 10 users

    Need less than a total of 15 email addresses.

    1 mbps internet connection

    DNS and DHCP are configured in SBS

    domain name = “mydomain.local” (i’m not using the real names here)

    Client already has got a website. Say “www.mydomain.com”

    Requirements:

    He needs internal as well as external email addresses. Internal emails are working now. The email addresses looks like “xyz@mydomain.local”

    He wants his email addresses to be like “xyz@mydomain.com”

    He would like to use DynDNS for public IP (this part i’m able to do)

    I need help for external mail setup. What all things i have to do to make the email addresses with .com instead of .local?
    Do i need to do any configurations or create email addresses in my client website http://www.mydomain.com?

    i searched so many sites but couldn’t find a good solution. So it would be appreciable if u could help…

    • ronnypot says:

      you need to use the setup your internet address wizard and enter yourdomain.com, this will add yourdomain.com to exchange as an accepted domain and configure the email address policy so users will get a email address @yourdomain.com. If you have run the wizard and it does not work, goto exchange management console, organization configuration, hub transport, look at accepted domains to see if yourdomain.com is added as an authoritative domain, and look at email address policies, Windows SBS Email Address Policy if @yourdomain.com is on this policy and set as reply address.

      • Dennis says:

        Thank you very much Mr.Ronny for your quick response. I need to know one more thing if u could help. When someone sends emails to mydomain.com and unfortunately if the exchange server is down, will i get those mails once the server is up?

        • ronnypot says:

          That all depends on the configuration of the sending server. An exchange server has a retry setting of 48 hours, so it will keep trying for 48 hours, before it will definately fail. But these setting differs per server and can be adjusted.

          Best would be to have a fallback or bsmtp server that will catch your email when yours is down and redeliver it when it is up. A lot of domain hosters and internet providers have such a service so you could contact yours for information.

  4. Glen says:

    We currently have a website and email addresses hosted with an internet hosting company (1&1). I know I want to keep my web site on the hosting company’s server. What is your advice on email (we have about 10 email addresses)? Should we use exchange to do our own email or keep the POP3 accounts with our web hosting company? Can we use our existing domain name and addresses without effecting our off premises website?

    • ronnypot says:

      Ofcourse this is a personal preferance, but I would always advice to use exchange if you have a SBS server, because you have so much more possibillities with using exchanged, shared calendars, room mailboxes, sharing mailboxes, distribution lists, central storage, activesync, outlook web app, and so on and so on. If you cannot change your e-mail to smtp delivery you may even choose to configure the sbs pop3 connector to just pop the email from your hosting provider to the exchange server, only note this is not the best option of SBS and it is preferable to change to smtp delivery.

      And yes you can just leave your website alone, to change to smtp delivery you only need to create an A record on your hosting party DNS server with remote.yourdomain.com and point it to the public ip address of your router and create a MX record that points to remote.yourdomain.com.

      • Glen says:

        Thanks so much for your reply. When I go to edit my MX-Record there are 2 fields ‘MX 1 / Prio:’ and ‘MX 2 / Prio:’ can you explain what that’s all about and what I should possibly be entering in those fields?

        • ronnypot says:

          If you have more than 1 MX record it works as follow, mail will be delivered to the MX record with the highest priority (1 is the highest). If the record configured with the highest priority can not be reached or does not have a mail server running it will try to deliver to the second highest MX record and so on and so on.

          So if have nothing like a backup mail server or more than one internet lines that will deliver to your mail server a second MX record is not necessary or can give even problems when the first is not available.

  5. Phil says:

    Hello!
    I’m too facing a problem : We have SBS2003 with exchange 2003 that I know pretty well, and we ought to move to SBS2011.. And I feel totally lost facing this new version.
    We are for now configured as follows :
    - We use exchange for internal mail.. so far, no change..
    - We have a domain and a MX configured at an ISP. (let’s call it “ourdomain.com”)
    - Every user has his own email adress “user@ourdomain.com” plus his local address user@mydomain.local.
    - We use a pop 3 connector to get our mail from our domain at our ISP that pulls “user@ourdomain.com” mails and pushes them to “user@mydomain.local” in order for the users to have their mail in their outlook.
    - We use a SMTP connector on our exchange 2003 to send our emails using our own mail adresses “user@ourdomain.com”. (We relay through the SMTP server of our ISP)
    This works pretty well and for a long time, as it is quite simple with exchange 2003, but with 2010 I’m quite scared when I look to the console as I do not find anything I’ve ever seen in 2003..
    Is the method you describe above the right one for me or is there another way to do it ? (For instance where do I do create the smtp connector, and ho do I configure it?)
    I have to move to SBS2011 by the end of the month and really anticipate it..
    Any help should be greatly appreciated.
    Thanking you in advance.
    Cheers,
    Phil.

    • ronnypot says:

      Hi,
      One of the nice features of SBS is that when you configure your server using the Wizards provided within the SBS console, you do not need to do any manual configuration within the Exchange 2010 management console. So running the “Setup your internet Address” wizard will configure exchange to use your domain name (ourdomain.com) and configure the receive connector to receive emails from the internet and configure a send connector to send email. By default the email is send via DNS if you want to send email via the server of your ISP you run the “Configure a Smart Host for internet e-mail” wizard and enter the smtp server from your ISP as smart host and your server will send via this server.

      Ofcourse there are some advanced configuration issues that cannot be done within the SBS console and you need to do via the exchange management console so it would be wise to learn your self how the console works. Because the console is indeed complete different from exchange 2003. Ofcourse a lot of options are still there but they are on another place.

  6. Vlad says:

    Dear Sirs,

    who knows is it correct to use direct domain name (second level) without remote. and etc.?
    I would like to use first page (http://mydomain.com) like normal site and https://mydomain.com/remote (or owa) for remote access…

    Many thanks for any opinions…

    • ronnypot says:

      You can configure the server to use only mydomain.com instead of remote.mydomain.com, if you follow the article and look at the fourth picture, there is the option “Do not use a domain prefix” this will configure the server for using mydomain.com.

  7. Zak says:

    Hi,

    Fist of all i wanna thank you ronnypot for your great tutorials about SBS 2011, it amazing job hard to do the same!
    My question is about Internet address wizard, i configured SBS 2011 server to mydomain.org and DNS records for this domain, it’s a domain test i can receive .. send mail all work fine. My question is if i can reuse the Wizard to change Internet address of the server to mydomain.com what repercussions will have on Exchange server ? can i still use mydomain.org for email tests?

    Thanks

    • ronnypot says:

      Thanks!

      I have not tried just re-running the wizard, but probably it will replace the existing records with the new domain. If you want to add a second or more email domain to a sbs server this can be done really easy. You need to use Exchange Management Console and add a new Accepted Domain for the domain you want to add and second you need to change the standard E-mail address policy or add a new e-mail address policy.
      Read this article for more information.

      • Zak says:

        Thank you for your fast replay !
        I didn’t reuse the Internet address wizard yet, i apprehend little bit to do it because i don’t know exactly what impacts will have in that server but, i have to use it because in the end we will use mydomain.com and i don’t want to buy a certificate for remote.mydomain.org, and use mydomain.com as accepted in Exchange, if i understand for each accepted domain i have to buy a certificate to use outlook anywhere that’s correct ?

        • ronnypot says:

          That is not true, it depends on how you use your domains and how it is configured. With SBS and running the wizard everything is configured to use remote.yourdomain.com (given in the setup your internet address). So the only name used is remote.yourdomain.com, only when you use outlook anywhere users from the outside will try to use autodiscover.yourdomain.com when you just have an A record for autodiscover it would see this name on the certificate, but you can configure a srv record and let it point to remote.yourdomain.com. see this article: http://www.thirdtier.net/2009/02/setting-up-an-external-autodiscover-record-for-sbs-2008/

      • zak says:

        Hi

        You have right Ronny, i have re-running the wizard and it’s juste replace remote.mydomain.org by remote.mydomain.com and the re-running of the wizard don’t have harmful repercussion on the server.
        i have another question about Exchange, i have notice the store.exe consume 4Go of the RAM it’s that memory leak? or they are a way to fix ?

        • ronnypot says:

          Thanks for the acknoledgement.

          About Exchange and memory usage, Exchange 2010 is optimized for memory usage, so it would by default allocate all / most available memory. This is not a memory leak, this is how it works. When another application needs some memory it will just give it away, of course you need to make sure there is enough within the server. But just adding more memory won’t create another picture exchange (and also Sql server) would allocate the newly added memory.

          • zak says:

            Thank you for your replay !

            i have made some research about exchange and memory usage and you have right, hi is very greedy,hi eat all memory that is available but i have found a trick, when store.exe start to use lake 7Go of memory you have juste to restart that service in services.msc and it’s make him use lake 100Mo of memory but it’s temporary when hi is solicited hi star to use all memory available.
            It’s a useful trick when server performance is compromised buy exchange !

  8. Andy says:

    Hello Ronnypot,

    indeed nice tutorial!

    I have a question. I am new to exchange, always worked with the pop-connector and it seems this is’t the best way.

    Got the https://remote.mydomain.com working, (CNAME to dyndns-account for dynamic IP-adress) but I also want to test the exchange.

    At the hosting company I’ve got a mailbox “andy@mydomain.com”
    There is a MX-record “mail” (value 10) and an A-record “mail” (IP-adres of hosting)
    As I understand exchange should be correct configured thanks to the wizards.

    What do I have to do to get the mail deliverd to my server?

    Add a MX-record (ex. “exchange”) with value 0 (to get priority) and add a CNAME “exchange” to the dyndns-account?

    And is the mail deliverd to the user Andy at the server?
    What if the user doens’t exsist? Where will the mail be deliverd?

    Thanks if you could help me out man!

    Andy

    • ronnypot says:

      Hi Andy,

      I am not familiar with dyndns, but it works a bit like you typed, only thing is I am not sure if priority 0 is used, so I would choose 5 it does not realy matter if it is lower than 10. Second it is not recommended to use a cname for a MX record, you should use an A record, so if your dyndns is an A record you can use this directly for your MX record.

      When the MX record is pointing to your SBS server mail will be delivered to all mail addresses available on your exchange (SBS) server, if you used the wizard everything is configured for you. Make sure you configured your router / firewall to passthrough port 25 to your SBS server. For email addresses that doesn’t exist the email will bounce to the sender that the email address does not exist.

      • Andy says:

        Thanks for your answer.

        In meantime I haven’t got the time to test it.
        I’ve searched more info about CNAME/A-record for MX-record and I should be possible, even it is not recommended.

        The dyndns is a CNAME because of the changing IP-adres but I know it is possible so if I need it… :-)

        Greetz

        • ronnypot says:

          I understand that dyndns is for changing ip addresses. I only need to note that it is against RFC’s to use a Cname for MX records. This could anti-spam filters mark your domain as not trusted.

          The characteristic payload information of an MX record is the fully qualified domain name of a mail host and a preference value. The host name must map directly to one or more address record (A, or AAAA) in the DNS, and must not point to any CNAME records.[1]
          source: http://en.wikipedia.org/wiki/MX_record

  9. Simon says:

    Hello,

    Great tutorial!!

    I have inherited a SBS 2011 network to look after. The owner has purchased a new BT Home Hub Router and I have installed that on his network. I have internet working on all client / server machines.

    The problems I have are related to remote access to the server and mail outside of the domain (incoming / outgoing), using MS Exchange.

    The new router has a default gateway of .254 whereas the old one had a .1 gateway, would this have any impact with this problem?

    I have opened the requested ports on the new router but the SBS 2011 wizard is still reporting them as closed? I know BT homehub has a feature of closing them automatically unless the services are running have you came across this before?

    With the new router in place do I have to change any records at the ISP / DNS etc. ?

    Thank you for your assistance in advance

    Kind regards

    • ronnypot says:

      Hi,

      If you just changed the router and not changed from isp you would not need to change anything at your ISP / DNS.
      What you might need to do because the default gateway is changed (I presume you changed the default gateway on the server) you need to run the fix my network wizard this will bind all network services to the new ip information you entered. The wizard can be found in the SBS console, network on the connectivity tab it is in the tasks panel on the right.

      • Simon says:

        Thank you for the reply.

        The ISP was changed to a new provider. The website has not changed.

        I have set the default gateway back to .1 and ran the network connection wizard with all clients / server seeing the internet.

        We had remote connectivity (tested from outside of the domain) and e-mail – in / out, but it will not connect now. I am not on site at the moment but will run the internet address wizard again, I have tried both options i.e. Hosted with go-daddy (their site is with them) and host on the server.

        Any advice would be greatly appreciated, thank you for your time.

        Kind regards

        Simon

        • ronnypot says:

          If you changed ISP, you need to change the external dns records used for remote.yourdomain.com and if any other records are used for the MX record or for autodiscover. They must point to the new public ip address of your router.

          After changing the gateway (and or ip address) of the server run the Fix my Network wizard on the network, connectivity tab.

  10. Simon says:

    One final question!

    Is SBS 2011 capable of running terminal services?

  11. Mura Lee says:

    Hi
    I am new to sbs 2011 as well as win servers. I have read this article, excellent, cured lot of doubts about sbs. Still I have some more issues. Currently I can access my web using http://www.mydomain.com or http://mydomain.com with prefix “www” or without. How to setup like this on the server?

    I have another issue, in this article I got almost all information about mail port 25. How about port 110? Do I have to open it at my router as well?

    Kind regards
    Mura

    • ronnypot says:

      Hi,

      Do I get your question right and do you want to host your website (www) on your SBS server? This is not a best practice, it is also good to host your public website on a hosting provider and not on your SBS server. Only remote.yourdomain.com is needed for access to remote web access, outlook web app and maybe companyweb.

      About ports, port 25 is needed for SMTP email this is for sending and receiving email directly to your server. Port 110 is used by POP3 so if you need to your users to pull email from your server with the pop3 protocol you need to configure the port, but this is probably not the best configuration, it would be wise to let them use Outlook Anywhere. Also if you pull your email from you hosting provider via the Pop3 connector port 110 is used that route.

  12. Jack says:

    Ronny,

    Set up your Internet Address Wizard on SBS 2011 observations:

    - Defaults to “remote” prefix unless you click the very small “advanced” link
    - Important if you are a geek making your living doing this and you always set up “mail.domain.com/owa” or mail.domain.com/remote
    - Be aware this wizard alters all of the Settings from EMC (ECP, OWA, etc to reflect “remote”. This bit me on several SBS 2011 installs
    - Also if you are also a RTM Echange geek and manually set these virtual directory addresses be aware this wizard will overwrite all of these diectories including EWS. This won’t make you happy if you have mail flow already and auto discover already set.
    - But like in Dirty Harry…I gotta know, what is Microsoft doing with the DNS Forward Lookup zone this thing creates? Are they thinking the SBS should host its own DNS?

  13. Jack says:

    2nd Post

    - I have 2 SBS 2011 servers that RWW login works fine
    - RDP from RWW to SBS server gets credentials denied even though
    - You can rdp to the server the traditional way with no problem
    - I have seen the threads about domain\username or fqdn\username
    - None of these will allow successful RDP login from RWW for these 2 servers.

    Any idea? SBS Diva had no joy for me here either. Thanks!

  14. Paul says:

    Right now I have SBS 2003 with Exchange. We plan to move to sbs 2011 in 2-3 months. Mail is routed via ISP with Exchange being mail repository.
    Do I have to register MX record if all mail will be routed via my ISP (POP and SMTP connectors on Exchange)?
    currently I have abc.local at the server with abc.ca hosted by my asp
    I need to switch my client default POP e-mail from john@abc.ca to Exchange being sent as john@abc.ca.
    Thank you,
    Paul

    • ronnypot says:

      You always need a MX record but if you pop your email from your ISP it will be delivered to the server of your ISP. To start, please note that the pop connector used with sbs 2011 (and 2008) has no catch all (global) mailbox function so you need to create separate pop mailboxes for every user. Also the pop connector is not the best part of SBS there are a couple of known issues you should be aware of. Most will end up with mail not being delivered to the exchange server and or placed to the badmail folder or left on your isp so the connector will try to download it everytime over and over again.

      So it would be wise to change mail delivery to SMTP and mail will be delivered direct to your exchange server, if you go for this configuration you need to have a MX record that points to an A record that points to the external ip address of your router.

  15. Paul says:

    Thank you for your reply. One more question, is a smarthost a substitute for MX record?

    • ronnypot says:

      No, MX records are used for delivering emal, it is like some address book if you want to send an email to lets say domain.com it will search the dns servers to which server (mx record) it must deliver the email.

      A smarthost is for sending email, if you configure a smarthost email send from your mail server is always delivered first to the smart host server which will than delivered it to the right mail server. If you won’t use a smarthost your exchange server will always try to deliver it directly to the recipients email server. This is used if for example the isp blocks port 25 on its network or you need to control the outgoing email via a dedicated server which does anti- virus / spam.

  16. Tom says:

    Ronny,

    I, too, can’t say enough good things about your tutorials. They are the abbsolute best guide out there for setting up SBS.

    We’ve run various versions of SBS for many years. We just set up a brand new server with SBS 2011 from scratch. I thought that’d be a lot easier than going through the migration. I followed your tutorials and ran the “Setup your internet Address” wizard and everything worked great.

    The problem I am having is once a week (alomost like clockwork) the server stops accepting emails and we cannot access remote web access, OWA or get to the server in anyway from outside the network. Internal email works fine. Anything from outside does not get through. we can access the internet from the LAN.

    I then re-run the “Setup your internet Address” wizard and it all works just fine again for about a week. This has happened to us 4 times now.

    I sure would appreciate it if you would point me in the right direction as to what to look for. Our router is a Lynksis E4200. Thanks!

    • ronnypot says:

      Hi,

      I have never seen or heard this behaviour before and this is by far how it should be. Are there any errors or warning in the eventlog that will give you a clue?

      I also would suggest to post the question on the SBS Technet forum , maybe there are other professionals that have seen this issue before and can help

      • Tom says:

        Thanks for the response. I can’t find anything in the event logs that give a clue. The system, email, remote access, etc. just stopped working again this morning. So, now I’m certain it’s a time related issue. It happens every week +/- 10 hours. Is there anything in SBS 2011 that repeats in a pattern like that? I am aslo going to post this in SBS Technet as you suggested.

        • ronnypot says:

          If you got any solution please post, maybe this will help others in the future.

          • Tom says:

            Sorry for the delay getting back. It has now done the same thing one day after the last time the “Setup your internet Address” wizard needed to be run. Then about 5 days later again. So the idea that it is time based and only occurring after 7 days is gone. Still cannot find anything in event logs or services being turned off that point us in any direction.

    • Tom says:

      did you ever find out what is happening?
      I am having the exact same problem.
      our router is a E4200 also, I wonder if something is going on with that.

      • Dario says:

        I’ve got the same issue. randomly the SMTP stop accepting connection. so I restar the server than it works for a while.
        if anyone have a solutions please post it.

        regards

        • ronnypot says:

          Are there any errors or warnings in your Application or System event log when this happens?

          This could happen if the server is running out of resources, you should find additional information in the event logs about this.

  17. jlig says:

    I have setup SBS 2011 Standard, with 10 users, POP3 connector configured for each user, all working fine. But have a couple of Exchange/iPhone questions:

    1) The iPhone Exchange wizard cannot connect or find the SBS server?
    - SBS has a static IP from the ISP
    - Using a SmartHost to Forward All Email thru the ISP (mail.xx.com)
    - Emails and http://www.xxx.com domain are hosted at everyone.net
    - The account with everyone.net does not allow any changes to DNS/MX/A records
    - The owner likes the idea of having the email hosted/scanned by everyone.net, but also wants Exchange to download the emails, as well as have their iPhones be able to sync with Outlook/Calendars/Contacts/etc..

    Is it possible to
    a) keep the everyone.net hosting (with no MX/A record changes),
    b) and continue with the POP3 connector on SBS
    c) and get an iPhone to sychronize with Exchange..?

    I told him that I don’t think the iPhone will ever work unless the MX/A records are pointed to the SBS server..?

    If he has the everyone.net account updated to allow MX/A updating, then the yearly cost goes from $105.00 to $495.00 per year!

    Lastly, if he lets Exchange host the email, does SBS2011 have builtin/sufficient AV/Spyware protection to keep email safe..?

    ps: RWA & RD work fine to connect to the server or a user remotely.. also, the certificate is the free, self-signed type the server created.

    • ronnypot says:

      If you do not want to change or add any dns records you may just use the external ip address of your router, but if your device to sync needs a certificate to authenticate it won’t work.

      Otherwise you could always use another A record (by default SBS uses remote.yourdomain.com) and point that to the static ip address of your router.

      Make sure port 443 is accepted on your router and forwarded to the SBS server.

      SBS or let say exchange has some basic anti-spam filtering.

  18. Taty says:

    Hello, ronny.
    Can you please work me through.
    I have set up a SBS 2011, and configured exchange as required, first i had set up via console as am a bit conversant with exchange. But mails did not seem to get into the exchange, then i reconfigured using the wizard but still no success.

    The set up is as follows,
    I already have a domain and a web mail service from network solutions. I want mails to be received at webmail service of network solutions and at the same time emails to be received at the local exchange server.
    What configuration i am to do?
    At the moment i can sent emails from the local exchange to the internet. but when emails are receive at the webmail(at network solutions) they do not get at our exchange. I have a public IP for the router from my ISP.

    • ronnypot says:

      You cannot deliver email to 2 different servers, only way to work arround is if you have the abillity at your webmail service to configure a forward.

      Second option would be to use the SBS pop connector to pull the emails away from the web service. BUT I have to say the SBS pop3 connector is not the best part of SBS there are some known issues that could bring in trouble. I would always recommend to let the email deliver directly to you SBS server, only if there is no option for this go look for the pop connector.

  19. cp says:

    Hi
    i recently rolled out a sbs 2011 install. Everything is going well but i may have messed up on the internet connection wizard. i was hoping you could suggest a work around for me. We have a public website host with a web hosting company. lets say http://www.web.com. Our mail server is mail.web.com and that works fine. when i ran the internet wizard it asked me what our email addresses were and i entered @web.com. now the problem i have is the sbs 2011 server is coming up as web.com internally and the staff can not get to the public website hosted by the web hosting company since the sbs internal dns is directing the requests for the web.com to itself. Did i totally screw this up?
    Thanks in advance for any suggestions.

    • ronnypot says:

      If I got you right you named your SBS domain web.com? Normal the internal domain name should be something like web.local. But if there is a internal domain name web.com there is also a internal dns zone web.com. If you want the users to be able to go to http://www.web.com, you can create an A record in your local SBS dns server zone web.com with the name web and point it to the ip address of the website.

  20. Taty says:

    Thanks ronny, for the clarification.
    From webmail service i see i can not create a forward rule. ( I will try consult the webmail service provider)

    What are the known issues of setting up a pop connector?
    Can you direct me on the set up for pop connector to be pulling emails, please?

  21. Kristi says:

    Hello Ronny – I have been reading your blog with great interest. I am working with a colleague on a SBS 2011 install and have agreed to gather information. Server installation went fine – small company with email still sitting out at godaddy.com. Bringing email to the SBS 2011 server is an issue for another day. Today, however, is a question with respect to RWW. Domain is registered at godaddy.com; dns at 1and1.com. 1and1 wants us to create a subdomain for remote.company.com and create an MX record directing it to the address of the SBS server. Can you clarify if this is how it should be done? Thank you for your expertise.

    • ronnypot says:

      I do not understand the creation of the subdomain? You should go fine by just creating an A record for remote.yourdomain.com and point this to the external ip address of your router and create a MX record that points to the remote.yourdomain.com. And make sure your router accepts port 25 (SMTP) and sends it through to your SBS server

  22. Kristi says:

    Hello – I did forget one more ? Should the DHCP server be on at server or router level? Also – if IPv6 was “unticked” without making changes to Registry, can it just be “ticked” again on the protocols?

    Thank you.

    • ronnypot says:

      Hi,
      DHCP should be on the SBS server, or if you would use the router DHCP this could do if the DNS server is pointing to the SBS servers DNS server otherwise you will have all kind of domain problems.
      If it is just unticked, as far as I know you would go fine by just ticking it again.

  23. Tater says:

    Hi Ronny,

    I used your tutorial to set up a test server here in my house and your help was invaluable. I have a question(s).
    My brother owns a small company (less than 35 employees at 2 locations) He has pop email and a website hosted externally. Both locations use a peer to peer model. There is a VPN between the the two sites that’s used sparsely (a couple of users doing accounting) and maybe an RDP session here and there)
    I have suggested moving to a SBS standard server due to the number of users. I am …lets be generous and say “weak” when it comes to my knowledge of Exchange (and Sharepoint)
    You recommend using smtp instead of pop mail. When I contact his hosting service, what exactly do I need them to change in order to have the email come to our exchange server. Will every user have 2 email addresses? One for internal, one for external? All users have pop accounts right now and he would like those email addresses (user@hisdomain.com) to stay. His ISP does block port 25.
    Will we have to ask his hosting service to provide relays?
    I have another question about the remote site.
    The users at the remote site are at a business my brother purchased recently. They have their email and website hosted by a different company and he wants them to be part of this new domain. What would be the best way to set this up?

    Thanks in advance Ronny,

    Tater

    • ronnypot says:

      Hi,

      If the ISP blocks port 25 there is no way you could use SMTP by default, most providers that block port 25 have a relay server so you can deliver the email via there server. In that case best would be to contact them and ask how this should be configured.

      About the second domain, you can just setup your SBS (Exchange) server to host more than one domain. See this guide for more information.

  24. Dzimap says:

    HI Ronny

    I have ran the wizard and I cant connect to http://remote.mydomain.com
    Can you please show me what to do and also DO I create the A records on the firewall or let the ISP do it?

    • ronnypot says:

      the A record for remote.yourdomain.com should be created at your external DNS zone, so if this is hosted by your ISP that is the place. The A record should point to the external ip address of your router.

  25. Dzimap says:

    I have opened the following ports on our FIREWALL port 443, port 987 , port 80 and port 25. the exchange is working fine but I just cant access the Remote.mydomain.com website please help

    regards,
    Dzimap

  26. Dzimap says:

    Hi I did just that and now when I type in https://remote.mydomain.com
    It takes me to our firewall. Can you please Show me what to do or what kind of infomation I must send to my ISP

    Regards

  27. Dzimap says:

    Our firewall has a 41….170 public address and our router has a 41…..169 address, which address must the https://remote.mydomain.com point to?
    it is currently pointing to our firewall. What must I do on the firewall or should I rerun the setup your Internet address wizard?

    • ronnypot says:

      It should point to the firewall, and on the firewall you should accept ports 25 and 443 and map them to your SBS server.

  28. Hi Ronny

    First I must say wow your support to all these people is great! you really are good at explaining how to setup SBS.

    I have a quick question I have setup my SBS 2011 Standard with the help of your guide. I am now able to send emails from my exchange server just not receive them. So I am changing my domain hosts A Record and MX Record to my external IP address the problem is that my ISP don’t supply static IP addressed they use dynamic IP’s I currently use http://www.dyndns.org which maps my ISP’s IP address to a domain called something.homeip.net.

    I can only enter an IP address for the A record someone above mentioned he has the same issue and created a CNAME but you advised against this can you suggest a work around please?

    Cheers
    Paul

    • ronnypot says:

      Hi Paul,

      It is not recommended to use Cnames for MX records, becuase there are spam filters will report your email as spam, but the same is for using dynamic ip addresses. So best would be to go for a internet line with a static ip address, if this is not an option then you have to go for that option there is no other solution.

  29. Michael says:

    Hi Ronny

    I am just reading your blogs, I am configuring a SBS 2011 EXCHANGE
    in the forward lookup zone i have remote.mywebsite.com and xxxx.local
    my mx is under remote.mywebsite.com and is pointing to mail.mywebsite.com
    not sure if this is correct

    i had deleted and recreated my connectors however when i run fix my network its reporting invalid connectors and gives and error when i select fix it.

    i need your help and advice

    thanks very much

  30. Michael says:

    Also Ronny,

    whenever i send an email out for most servers its undelivered, and whenever i send an email from out to in i am recieving smtp authentication error. I need to enable smtp authentication.

    I’ve tried everything i have read so far the only thing i have not done is to purchase a ssl certificate

    my configuration

    forward dns==> xxxxxx.local
    remote.mywebsite.com

    ns==>mail.mywebsite.com pointing to external dns
    ns==>servername.mywebsite.local pointing to internal network
    mx==>mail.mywebsite.com

  31. Herman says:

    Hi Ronny. Indeed this is a great site. Reading all the questions and answers, I believe one of the most urgent information should be a quick understanding of how SBS communicates with the internet. For instance, what is the flow chart, if there is no ISP, but you have registrated a domain( this is also confusing. Internet domain, windows domain etc), how does it look if there is an ISP with your internet domain name, how is email transferred if you have, or not have an internet ISP domain with your email accounts. How does SBS interact. It would be nice to see this in an addition page or pop-up on your web site. I believe this would answer a lot of questions. I personally spend 4 days now to get an connection to the internet with sbs. Eventhough I can access the internet by the IE, the wizzard can not find the connection( 2 nics, one the local domain, the internet on the other nic). Terrible. Everything works, but not the wizzard. Additionally it claims all DHCP servers. Anyway, hartelijk bedankt voor je website en prettige pasen.

  32. Doug Dorbuck says:

    Hi Ronny, Great site! and your a nice resource for everyone, keep up the great work! I have a ‘hopefully’ easy question. I followed the standard setup for SBS 2011 and used the remote.mydomain.com config for exchange. I have the dns A records set to remote.mydomain.com and the mx record for mydomain.com pointing to remote.mydomain.com so it looks like dns is good. Dns is handled by a third party which is another story in itself but it looks solid.
    After testing yesterday I cannot receive emails into the server but outbound emails go instantly. I have the server off-line until I can test since they have an old SBS 2003 server and exchange was not used on the older SBS 2003.
    My question is can it be the TTL for the dns causing my issues with incoming email not working where the server is not online most of the time until I can test? The mx records point to a static address that is correct but port 25 is not normally open but it was yesterday when I was testing and outbound worked fine. Since I followed the practice of remote.mydomain.com for exchange whats the best way to verify it’s accepting delivery for mydomain.com in exchange? via the organization configuration, hub transport, accepted domains and check if mydomain.com is included? I believe it is, I’m just trying to rule out TTL issues.

    Thanks. Doug D

    • ronnypot says:

      Hi,

      TTL only says something on the time the DNS records at your dns provider update. TTL is set in seconds so if the TTL is set to 86400 the DNS records at your provider are update once a day, after they are changed the change are replicated to other servers that might have cached the record, this may take up to 48 hours worldwide.

      If you want to test your connection there is a great microsoft website: Exchange connectivity analyzer where you can test your connections and it will give some information where it might fail

  33. ShopTurn says:

    Hello Ronny – trying to get a few things fixed on our SBS 2011. Kristi has written before and is working with me. Email is at godaddy.com and 1and1.com hosts DNS. SBS2011 has DNS off and Netopia router has DNS set at NS51.___. etc.; 1and1 had us create a subdomain for remote because there is an MX record for email (secureserver) and you cannot just put in remote.company.com for an A record with 1and1. Everything was working fine; however, 1and1 changes the IP of DNS on irregular basis – so everytime remote quits working. How do YOU suggest we set it up? I will be happy to move email from godaddy to SBS2011 server if that will help. Thank you so much.

  34. ShopTurn says:

    This is the current error on remote access.

    The remote device or resource won’t accept the connection Detected

    The device or resource (remote.COMPANY.com) is not set up to accept connections on port “https”.

  35. Tony says:

    Hey Ronny

    got a strange one for you, I have run the Setup your internet address wizard

    all seemed to go fine and i can see in the SBS console that it has created the correct certificate but it does not create the cer file in public download for me to add to my workstation

    look forward to hearing your ideas on this

    cheers

    Tony

    • ronnypot says:

      Hi,

      Never seen that problem, but I have to say we always use publicly trusted third party certificates. As far as I know the certificate is generated with running the SBS wizards during setup. Did you ran these when setting up your server? You could try running the FIx my network wizard this might correct the problem.

  36. Larry says:

    Hi Ronny, this blog is great, it got me thru the initial setup of SBS 2011 standard. I need to set up RWA only on our server, no exchange. All client email is thru gmail. We have a static ip address from our ISP. From our ISP modem there is a netgear router that goes to the server and the workstations.
    We have one employee that needs to access the server files and applications (Quickbooks) remotely. My question is, since we do not plan on ever running exchange, when I run the wizard can I disregard any thing pertaining to exchange?

    • ronnypot says:

      I would suggest just to enter the information for exchange, because within SBS everything is bound to each other. you might choose just to use a fake address for email of enter yourdomain.local. You might stop the exchange services but this would give some errors in the logging.

      About the RWA you could remove components by configuring RWA via the SBS console.

      • Larry says:

        Hi Ronny thanks for your last reply. I can’t seem to get RWA working. I ran the wizard no problems. The isp is Comcast. The public side of the Comcast device is 50.xx.xxx.xx and the lan side is 10.1.10.x. At the hosting company, I created the new A record pointing remote.”mydomain”.com to the Comcast static ip of 50.xx.xxx.xx ip. We have a Netgear router connected to the Comcast modem and the router gets the 10.1.10.x ip from the Comcast modem. In the router I did port forwarding for TCP on ports 25 and 443 to the domain server which has a static ip address of 192.168.1.9. DHCP is turned off in the router, as the domain server does the DHCP. The wan side of the router is 10.1.1.x and the the lan side of the router is 192.168.1.x. Do I need to change the Lan side of the router to the 10.1.10.x network of the Comcast device? All the workstations and the server can get internet the way it is set up. Running the free open port check tool on the server, it says failure on both 443 and 25. When I go to whatismyip.com on the server, it gives the 50.xx.xxx.xx ip address. Thanks for any help you can give, much appreciated!

        • Larry says:

          Hi Ronny, I re-read some of the blog posts and figured out the comcast device needed the port forwarding configured. RWA now works, but users do get an intial warning about a Certificate Error –see below

          “There is a problem with this website’s security certificate.
          The security certificate presented by this website was not issued by a trusted certificate authority.
          Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.
          We recommend that you close this webpage and do not continue to this website.
          Click here to close this webpage.
          Continue to this website (not recommended). ”

          After clicking on RWA loads and is OK. Do you know what I have to do get this error message from appearing? Thanks again Ronny

          • Larry says:

            after clicking on RWA loads and is OK

          • Larry says:

            Correction: after clicking on “continue to this website…” RWA loads …..

          • ronnypot says:

            Are you using the built-in self signed certificate, if so you need to install the certificate on the computer you are using RWA.

            Better would be to install a trusted third party certificate with the name you use for RWA on the certificate. Than you will not get the warning anymore and you do not have to install the certificate on all computers using RWA.

            See also this blog post, read on the bottom about certificates: http://blogs.technet.com/b/sbs/archive/2011/03/10/introduction-to-sbs-2011-remote-web-access-rwa.aspx

          • Larry says:

            Thanks Ronny, got the certificate installed and the remote user can use RWA. They have access to any pc in the domain and they can use the QB installed on that pc. Is there any way to enable them to use QB without going thru a domain pc? We can purchase an extra QB license for the server or for the remote user. I am not sure how to set this up. Thanks again for all your help. Larry

          • ronnypot says:

            yw
            I think you mean with QB quick books? I am sorry I am not familiar with quick books, but I think the only way you can work with quickbooks without going to a pc is if they have a web interface. I would advice to contact quickbooks and ask for possibilities.

  37. figment says:

    Great resource!! I wish I had seen this before I began SBS 2003 to 2011 migration.

    Can you direct me to some resource that will guide me through setting firewall to pass remote.xx.xxx traffic via the ports 25 and 443? For years I have been reading about doing this but every writer just assumes we all know how to do it. I have fumbled around a bit inside various router but never felt comfortable doing this.

    Also if I set up Exchange to retrieve mail via POP3, will it be difficult to switch to SMTP to avoid the problems you allude to re. that service.

    • ronnypot says:

      Hi, thanks!

      The problem with allowing ports through a router / firewall is every router / firewall has its own configuration settings, there is no default.

      For switching from POP3 to SMTP first you have to make sure port 25 is open on your router / firewall and sends the incoming packets through to your SBS server. After that make sure there is an A record configured in your external dns server for remote.yourdomain.com this has to point to the external ip address of your router. And then the last step is to change the existing MX record or add a new one with a higher priority to remote.yourdomain.com

  38. Ivan says:

    Hi,

    in desperate need of help here, so here’s the thing…

    got my exchange to work great in SBS 2011 but now i have to setup access to OWA from the internet…how do i do that? i can access OWA localy from my domain users pc’s so owa is working fine, my server ip address is in DMZ on my router so nothing is blocking traffic that is pointing to my server… helpppp :)

    • ronnypot says:

      for letting OWA through from the outside to inside only thing is needed is your router / firewall lets port 443 through and pass it through to the SBS server

  39. rfoulk says:

    I’ve setup the first SMB2011 server and all appears well except that it isn’t viewable from either Win7 or WinXP machines. It returns no ping response and and remote desktop can’t see it at the IP. I’ve shut down the Windows Firewall with no improvement. This a very small office and we really only need to see the shares as without being domain members as was done with 2003. This host no web site and Exchange is not used (SMB was purchased because the overall price was less than the regular server version plus CALs. I would appreciate any thoughts on this.

    Thanks.

  40. rfoulk says:

    I rebooted and found out that GPO objects in 2011 are not necessarily dynamic. Most all the problems are solved aside from some DNS issues. However, any thoughts would be helpful.

    • ronnypot says:

      Did you setup the SBS server using the wizards. You need to start with at least the connect to the internet wizard, this will setup dhcp / dns / networking etc.

      Are the client computers connected to the SBS domain and are they using the DHCP and DNS from the SBS server?

  41. Joe Chau says:

    Hi,
    I just installed a SBS 2011 Server, Using the wizards and did everything ! configured the router firewall, however I am only able to send out mail, but unable to receive incoming mail ,
    could you suggest me where to look for the problems first !!! I am lost ! please help

    • ronnypot says:

      Hi,

      there is a nice test site here that does some test for at least in and out bound connectivity this might help point you to where it goed wrong.

      In basic lines for inbound email, you should have 2 external dns records, one A record for remote.yourdomain.com that points to the external ip address of your router and one mx record that points to remote.yourdomain.com, than your router should accept port 25 and send this to your SBS server. If you configured your SBS server using the SBS wizards this should be fine.

  42. Tallpaul says:

    Hi Ronny
    Valuable info here – thanks.
    Running SBS 2011 with Exchange 2010. Using POP3 Connector to fetch mail from ISP. They have opened port 995 with SSL but their certificate has expired. Can I tell it to use the expired certificate? If I connect to them directly from Outlook (on a workstation) – it prompts me to accept the certificate and then I can fetch the mail but my SBS server refuses to collect the mail. It works fine with a test mail box on port 110.
    Thanks for your input.
    Paul

    • ronnypot says:

      thanks!
      I am not sure about this one, but I don’t think this is going to work, because of the expired certificate, but what you could try is to import the expired certificate on your server.

  43. Trevor Cross says:

    Hi,

    Great post!

    I have just installed SBS 2011, and I am just setting up exchange, my client currently uses heart internet webmail, am I right in saying that I need to add the information in the wizard, then delete the old pop email accounts and then add a mx record pointing it to remote.domain.com?

    I don’t yet have the login information for the domain, but is it as simple as typing the domain name in the wizard and putting the username and password?

    Your help is much appreciated

    Cheers,

    T

    • ronnypot says:

      If your domain is hosted by a DNS provider that is supported by SBS (I have to say I never use this) than SBS can manage your external DNS. I always manage the external dns manual, by changing the records where needed and seperate them from the SBS configuration.

  44. Larry says:

    hey Ronny, u r right, Quickbooks does have a remote access, but is same as any other remote access software. We will stay with RWA. thanks again for all the help u provide to everyone.

  45. Cactus says:

    Hi,

    First of all, thanks a lot for your tuto.

    I have a problem on remote access.
    It’s configured and work well on local but I fall on a iis page when trying form outside the network.

    The DNS remote.xxx.xxx redirects well, as I connect to the IP I entered for redirection.
    Ports are opened. It should be the remote app answering, not the IIS page?
    How do I make the remote app answer?

    Sorry for my English, I hope I’m rather clear

    • ronnypot says:

      If I got your right when you just enter the external ip address from outside your network you will connect to the Remote Web App? Or does this also doesn’t work? If this works then when you do a ping remote.yourdomain.com give the same ip address?
      If it does not work, can you try from outside telnet externalip 443 this should make a connection, if not and you get a connection failed it is for 99% sure a misconfiguration in your router.

  46. Dave says:

    Thanks a lot for the great post on Windows Small Business Server 2011 installation and configuration – part 3 configuring “Setup your internet address” wizard. This is very helpful for a newbie like me .

  47. Hey Ronny, Trust me when I say your are good. Love your comprehensive and prompt responses. I have successfully installed SBS 2011. The only issue I have is that the required ports are opened on the router, and tested by using canyouseeme.org. However once the Internet Address wizard is complete, it gives me the error shown above. I am currently using the pop3 connector along with smart host to achieve the mail process. Is there any way I can force the Wizard to see that the ports are indeed open. Please assist. Thanks.

  48. ADF says:

    Your answers are all very reassuring!
    I stupidly ran the the Internet Address Wizard several times, experimenting, each with a different prefix…eg remote then mailgate then mail.
    I now realise this has created forward lookup zones for each and one of those I think is stopping me getting remote connections back to my current server (on seperate site)..
    Can I just safely delete the foward lookup zones that I don’t want? (It gives a warning about being tied to Active Directory or something)
    Any advice very much appreciated.

    • ronnypot says:

      you can remove the not wanted forward lookup zones without any problem, you only need to keep the one you used with the latest run this is the one that is used within several configuration settings.

  49. ope says:

    Great tips, thanks Ronny
    1. What do you mean by external DNS? Is the external DNS with the company registering my domain? For example, PowerPipe.com(hosts my domain name).

    If yes, what addresses or names do I enter under the DNS for me to access my mails on my SBS server.

    2. What other information do I need from my ISP apart from the IP and DNS addresses supplied?

    • ronnypot says:

      1. External DNS is indeed the DNS hosted by the company where you domain name is registered.

      You need to register the remote.yourdomain.com as an A record which points to the public ip address of your router.
      And a MX record yourdomain.com which points to remote.yourdomain.com

      2. beside the 2 records described above you normally don’t need anything.

  50. Peter says:

    Hi Ronny

    Read through all the posts but don’t see the answer which I suspect is staring me in the face. I have SBS2011 Standard and the Mail Server is working fine (through 1and1). However remote.*****.com isn’t working at all. I’m sure that the problem lies with the way I have set up my 1and1 forwarders. The Router shows the 443 is open but I can’t successfully ping the domain (even though mail is getting through OK? Help appreciate.

    Peter

    • ronnypot says:

      Hi Peter,

      If ping is not working probably this is not allowed by your firewall, this is something that can be enabled or disabled, most firewalls don’t allow this by default. Ping uses icmp packeages, this has nothing to do with your email because email is using the smtp protocol. For remote.yourdomain.com you are probably talking about remote secure webaccess or webmail access over port 443.

      There are 2 things needed for this, you first need to configure a DNS A record for remote.yourdomain.com on your external dns (I think this would be 1and1) and point it to your external ip address of your router / firewall. Second configure your router firewall to accept port 443 and send the requests to your SBS server.

  51. Walter says:

    hi mr. ronny..
    I’ve set up an sbs2011
    It’s running well,(shows no errors)
    my problem ist the MX record i will need for proper work.
    the server has an internal ip 192.xxx.xxx.100
    and a hard IP from 2. provider.

    during installation remote.domain.eu was created.
    I have an external IP, and the 1. provider
    sets the MX record to this IP with >mail.domain.eumail.domain.eu?server1.domain.localserver1.domain.eu or to remote.domain.eu<

    may be better, that there is an other MX record with lower
    priority pointing to the provider?
    so I can recieve mail with pop if my sbs is down

    may be I declare this with some confusion …
    ok:
    1 provider (homepage)
    2 provider DSL with hard IP

    sorry about my bad english
    walter

    • ronnypot says:

      Hi,

      sorry for the late response. But to clarify a MX record may never point to an ip address it should always point to a dns name. With SBS the most logical choice would be remote.yourdomain.com, but you can also use anything else if you like.

      About adding a second MX and use a pop server as fallback is a commonly used option, you create some security fot the case your server or line is down for a long time. A default configured Exchange server will keep trying to deliver emails up till 48 hours so if this is enough for you the second MX is not necesarry.

      For priority with MX records the lowest number is the highest value so if you use priority 1 it will be delivered there first.

      Hope this clarifies your questions.

  52. Eddy says:

    Hi Ronny,

    I’ve just used a bare metal restore to a new server but then I am not able to complete the wizard “set up your internet address” and into a state that it fails, run the Fix My Network Wizard. Also a exchangeserver index process is using 100% CPU time. Any idea what’s causing this problems?

    Rgds, Eddy

  53. david says:

    trying to connect using remote.mydomain.com/remote
    I can get to the sbs 2011 login page.
    when I login I get a certificate error if I try to login it give me a 404 page
    and this message.
    The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.

  54. david c says:

    have everything working good.
    how often does exchange check for email?
    is it possible to adjust time?if so where?
    nice site it helped me with my first time exchange setup.

    • ronnypot says:

      If you use direct smtp delivery there is no time frame it a direct connection and mail will be delivered direct to the server.

  55. david c says:

    installed and working ok.
    i have been put on cbl blacklist twice i have scanned all computers they appear clean. it detected a zeroacess botnet on cbl webpage.
    i have read that port 25 should be blocked.if so can someone point me to information on how to change ports for exchange.

    • ronnypot says:

      the best way to prevent workstations from spamming and putting you on a blacklist is configure your router/firewall to only allow outside smtp traffic (port 25) from the server ip address. So workstations cannot send direct to the internet but only via your mail server.

      You can change port 25 on the send connector but this can only be done via powershell. Keep in mind that if you configured your send connector to use DNS no mail will be send because every other mail server on the internet uses port 25 to accept email. Only way this could work if you use a smart host that is configured to use email on another port than 25.

      so be careful or your complete email traffic will stop.

      • david c says:

        thanks for the quick response is that adjustment on both server firewall &router firewall

        • david c says:

          a little confused i have comcast business class gateway.
          i have port 25 forwarded to the local ip address on the sbs 2011 machine.it has very few configuration option. public-local port and tcp.
          is it the sbs 2011 firewall that i need to change?
          thanks for your help

          • ronnypot says:

            you do not have to change anything on the SBS firewall, what you are talking about is only for incoming traffic. You are blacklisted because of outgoing traffic. A pc in your network is sending spam emails to the internet. So you need to block outgoing port 25 so pc’s can’t send email direct to the internet only allow outgoing traffic for your SBS server ip address so exchange can send email to the internet.

  56. david c says:

    i need to setup the firewall on each pc to block port 25?
    i did not see a option in router/gateway for outbound.

    • ronnypot says:

      that could be an option, but if you have a good router / firewall you can block it on the router / fireall, but if you only have a router / modem than it might not be included.

  57. david c says:

    sbs 2011 send and receive on port 25?
    so if i do not have that router option.
    i would need to create a firewall rule to block port 25 on the workstation.
    that will not cause a problem with sending &receiving email?

    • ronnypot says:

      Outlook does not send email using port SMTP, only if you have outlook configured to use POP and SMTP to send email it uses port 25 by default.

      Also check for applications that send directly on SMTP they would use port 25 by default. Ofcourse you can create an additional receive connector on your server using a different port and configure these programs to send via a different port (if the application supports changing the port)

  58. david c says:

    contacted comcast they do not offer feature to block ports.
    i am going to bridge the gateway to a router which comcast supports.
    any recommendations on a router?

  59. Amir Manzoor says:

    I am using small business server 2011 with Exchange server 2010 sp1. Although I have dynamic IP but GoDaddy is managing Dynamic DNS effectively. For my in house email server setup; I have problem for receiving emails because my ISP block inbound port 25 for dynamic IPs then what are possible ways to receive emails.

    Email Server IP Address Type: Dynamic
    Doman Registration: registered on Godaddy
    but not hosted on any hosting provider.
    Email Sending: through Smart host provided free by ISP.
    Email Receiving: ?

    • ronnypot says:

      if port 25 is blocked, there are limited options. One could be if you have an external spam filter that can deliver on a different port. You can change your MX records the the spam filter. Configure the receive connector in Exchange to accept email on a different port let say 4025 and let the spam filter deliver to port 4025.

      Another option would be using the POP connector to pull email from the email host. But in my opinion this is an unwanted configuration because the POP connector is not the best part of SBS.

      Last option would be changing internet provider to one that is not blocking port 25.

  60. david says:

    if a company has multiple locations and each has it own email exchange server is adding mx records the best way to go?
    all locations have same domain.

    • ronnypot says:

      I don’t understand your question, you have more sbs servers on separate location with the same email domain? That could never be a best practice. If you add mx records to the different servers mail will only be delivered to one server it will not check on what server the mailbox is located.

  61. david says:

    ok thanks
    I will use the pop connector.
    can both locations use the same domain name? like example.com
    only one location will be sbs 2011

    • ronnypot says:

      Again please note that the SBS POP connector has some limitations and known issues http://blogs.technet.com/b/sbs/archive/2009/07/01/sbs-2008-introducing-the-pop3-connector.aspx

      Another caveat if you have multiple single exchange servers use the same domain name. They cannot email to each other. Exchange is configured to accept email for example.com and knows this as an internal domain so it will never send email outside his own exchange organization.

      There are some option to configure a domain as an internal or external relay but this is a complex configuration and not supported within SBS

  62. david says:

    any suggestion? if we have two location.
    and both want their own exchange server setup.
    and be able to email each other.
    different version of exchange or server software
    or third party pop connector like gfi mail essencials

    • ronnypot says:

      If they need to email each other you will need to have different email addresses or configure the internal relay (which is not supported).

      I would advice to use a third party pop connector, I have good experience with the popconnector from gfi mailessentials.

      Suggestion for two locations and share a domain name. Create additional email domains for example location1.example.com and location2.example.com and use these as aliasses. If you want to email to users from the other location you use the alias @location1.example.com or @location2.example.com.

      Otherwise don;t use the internal exchange server and host email external with office 365 or any other provider.

  63. david says:

    if both exchange servers are doing pop will that work?
    and can domain name be used at both locations?

  64. david says:

    i see three package.is the pop3 connector available in all three packages?

  65. Ollie says:

    I can get all the services to work internally but externally the firewall on sbs2011 is blocking the port and I have tried disabling the firewall all sorts of stuff. I dont know where to look

  66. Ollie says:

    or what to do its really annoying me cause on my router I have port forwarding to the sbs2011 server and when I point it to another server with the ports open it works fine. so external dns is correct. I just want to know where on this server can i find the rule to view the site externally

    • ronnypot says:

      Hi,

      You do not have to change anything on the SBS firewall if you setup your server using the SBS wizards. You can check internal by using telnet. If you are in the domain and run telnet to the sbs server on port 25 (smtp) or 443 (https). These are the only 2 ports needs to be open in your firewall / router.

  67. geekonweb says:

    You can use http://www.portcheckers.com scan ports or test port forwarding

Leave a Reply

Current day month ye@r *

Sharing Buttons by Linksku