Friday, April 29, 2005

SBS 2003 port assignments

Always searching the internet for the ports used for SBS 2003 I decided to post them in a place I can always find them. You would think I could memorize this short list, but I'm horrible remembering numbers.


































































































Ports that Enable Remote Access to SBS Services

TCP Port

Service

Description

21

FTP

Enables external
and internal file transfer



25

Exchange Server

Enables incoming
and outgoing SMTP mail



80 (http://)

IIS

Enables all
nonsecure browser access, including: internal access to IIS Webs including
the company Web, Windows SharePoint Web, Windows SharePoint administration
Web, and server monitoring and usage reports Enables internal access to
Exchange by OWA and OMA clients



110

POP3

Enables Exchange
to accept incoming POP3 mail



123 (UDP port)

NTP

Enables the
system to synchronize time with an external Network Time Protocol (NTP)
server



143

IMAP4

Enables Exchange
to accept incoming IMAP4-compliant messages



220

IMAP3

Enables Exchange
to accept incoming IMAP3-compliant messages



443 (https://)

Outlook

Enables all
secure browser access, including external access to Exchange for Outlook
2003, OWA, and OMA clients; required for external access to server
monitoring and usage reports





444

Windows Share
Point Services

Enables internal
and external access to the SharePoint Web







500

IPSec

Enables external
VPN connections by using IPSec



1701

L2TP clients

Enables external
L2TP VPN connections



1723

PPTP clients

Enables external
PPTP VPN connections

3389

Terminal
Services

Enables internal
and external Terminal Services client connections



4125 (Note: you
can change this port in RRAS)

Remote Web
Workplace

Enables external
OWA access to Exchange, plus internal and external HTTPS access to the
client Web site

4500

IPSec

Internet Key
Exchange (IKE) Network Address Translation (NAT) traversal

Tuesday, April 26, 2005

Reinstall Your Default Web Site Version 2

So after I regrouped from the nightmare of recovering the default web site in SBS 2003 I started looking a little deeper into how it all worked. During my research I came across KB 887305 that gave instructions on how to reinstall IIS on SBS 2003. It never occurred to me to reinstall IIS since there was nothing wrong with it. Well the reinstall procedure blows away the existing default site and recreates it. I followed the procedures and it worked like a champ. Man I could have used this info a couple of days ago...

Friday, April 22, 2005

SBS 2003 default web site... Guard it with your life

I had a rough couple of days at a new client. I was called in because the original consultant who installed SBS 2003 server was unable to get all the features working correctly. There was a laundry list of problems, but mainly he couldn't get the clients iPAQ's connected to their server when they were in the field. After several months of trying to get things working he stopped returning the clients phone calls. The client then had a "friend" look at the server to see if he could get it to work. Being the security minded person that he was he deleted the default web site in IIS on the server. This opened up a huge can of worms. Suddenly the client had a ten sales people that could not even access their email from OWA. That's when they called me. I came in to find a server that was so messed up it wasn't even funny.

* AV not running on the server
* AV updates not being pulled down to the clients
* All website deleted from the server
* N0 full backups (at least they were backing up their user data)

And the list goes on....

All these things need to be addresses, but I need to get OWA working again. You would think that something as important as the default web site would be easy to reinstall. I searched high and low for a solution to reinstall the default web site. I did find a kb article on how to get company web and Sharepoint admin back. Things would have been so much easier if a proper backups were being done.

As I thought through the issue my partner came up with the idea of building a parallel server with the same config and then just copy the sites over. Hey that's just crazy enough to work! Six hours later I had built up another server and migrated the IIS sites over to the client's server. Holding my breath I entered in the OWA address in IE.... No dice. I spent the next five hours plowing though every setting on the default web site. If you've never looked there are about 10,000 of them. I finally go it to work for the most part. If you ever have to do this you will need to do a couple of things.

* A migration tool (I used IIS Export Utility)
* Check the NTFS permissions on the files
* Check the Directory Security of all site and virtual directories in IIS
* Reinstall any SSL certificates

After all this RWW works as designed and OWA works, but you are challenged with a password popup rather than the OWA login page. Oh well. It works and the server will need to be rebuilt because of all the cooks that have been in the kitchen. The client was happy that his sales staff can get their email and that's all that matters.