Internal access to external website.

Hello,

I have a sbs 2003 box with thats hosting a few static html pages for an
external website. The problem is is that when a user tries to access the
external website from a workstation attached to the network by simply typing
the web address in their IE address line they are prompted with the following
login popup window that states: (I altered the web address)

The server www.xxx.com at WebAdmin requires a username and password.

Warning: This server is requesting that your username and password be sent
in an insecure manner (basic authentication without a secure connection).

All users including the admin are prompted with this request and when we try
typing in the server name in the address line such as http://xxx-sbserver a
401 unauthorized page is returned.

None of their login id's or passwords work on the login popup. The website
works just fine externaly as well as the other RWW features.(from internet)

Any ideas?

Thanks, Charles

1. You should not be hosting any website on your sbs box...you are just asking to have your server compromised...its not a matter of if...just a matter of when

2. Move your site to godaddy or some other national hosting company for about 5.00 a month and this issue goes away and your network is more secure

3. Your issue has to do local DNS not resolving properly and security on the site.

--
Cris Hanna [SBS-MVP]
-------------------------------------------------
Microsoft MVPs
Independent Experts (MVPs do not work for MS)
Real World Answers
---------------------------------------------------------
Please do not contact me directly regarding issues

"Charles" <Charles@discussions.microsoft.com> wrote in message news:B144A965-47D6-4545-976B-FE96356939ED@microsoft.com...
Hello,

I have a sbs 2003 box with thats hosting a few static html pages for an
external website. The problem is is that when a user tries to access the
external website from a workstation attached to the network by simply typing
the web address in their IE address line they are prompted with the following
login popup window that states: (I altered the web address)

The server www.xxx.com at WebAdmin requires a username and password.

Warning: This server is requesting that your username and password be sent
in an insecure manner (basic authentication without a secure connection).

All users including the admin are prompted with this request and when we try
typing in the server name in the address line such as http://xxx-sbserver a
401 unauthorized page is returned.

None of their login id's or passwords work on the login popup. The website
works just fine externaly as well as the other RWW features.(from internet)

Any ideas?

Thanks, Charles

3. is actually that the request is being sent to his router (WAN IP) and the
router is not properly handling 'loopback processing'. 'WebAdmin' is the
router's configuration pages.

'Loopback processing' being where a client on the LAN side of the router
requests a service on the WAN IP which theoretically should be forwarded to
the SBS (or some other box) using the router's port forwarding rules. Most
'commodity' routers do not handle it properly, matter of fact I don't know a
single one that does. More 'high end' equipment handles it properly, but
even then not always.

"Cris Hanna [SBS-MVP]" <crisnospamhanna@cpunospamservices.net> wrote in
message news:O5lMPJHgIHA.4880@TK2MSFTNGP03.phx.gbl...
1. You should not be hosting any website on your sbs box...you are just
asking to have your server compromised...its not a matter of if...just a
matter of when

2. Move your site to godaddy or some other national hosting company for
about 5.00 a month and this issue goes away and your network is more secure

3. Your issue has to do local DNS not resolving properly and security on
the site.

--
Cris Hanna [SBS-MVP]
-------------------------------------------------
Microsoft MVPs
Independent Experts (MVPs do not work for MS)
Real World Answers
---------------------------------------------------------
Please do not contact me directly regarding issues

"Charles" <Charles@discussions.microsoft.com> wrote in message
news:B144A965-47D6-4545-976B-FE96356939ED@microsoft.com...
Hello,

I have a sbs 2003 box with thats hosting a few static html pages for an
external website. The problem is is that when a user tries to access the
external website from a workstation attached to the network by simply
typing
the web address in their IE address line they are prompted with the
following
login popup window that states: (I altered the web address)

The server www.xxx.com at WebAdmin requires a username and password.

Warning: This server is requesting that your username and password be sent
in an insecure manner (basic authentication without a secure connection).

All users including the admin are prompted with this request and when we
try
typing in the server name in the address line such as http://xxx-sbserver
a
401 unauthorized page is returned.

None of their login id's or passwords work on the login popup. The
website
works just fine externaly as well as the other RWW features.(from
internet)

Any ideas?

Thanks, Charles

Looks like you are right on the money. Sure enough when I input the routers
login info the routers config page loads. I know that it worked in the past
but now that i think of it, it stopped working when we had to change
routers/modem setup just didnt realize it till now.

i was able to fix it so they could use the server name now to access the
website but this is only temporary until we are able to procure some sort of
offsite hosting for them.

Thanks for the help everyone.

Charles

"SuperGumby [SBS MVP]" wrote:

> 3. is actually that the request is being sent to his router (WAN IP) and the
> router is not properly handling 'loopback processing'. 'WebAdmin' is the
> router's configuration pages.
>
> 'Loopback processing' being where a client on the LAN side of the router
> requests a service on the WAN IP which theoretically should be forwarded to
> the SBS (or some other box) using the router's port forwarding rules. Most
> 'commodity' routers do not handle it properly, matter of fact I don't know a
> single one that does. More 'high end' equipment handles it properly, but
> even then not always.
>
> "Cris Hanna [SBS-MVP]" <crisnospamhanna@cpunospamservices.net> wrote in
> message news:O5lMPJHgIHA.4880@TK2MSFTNGP03.phx.gbl...
> 1. You should not be hosting any website on your sbs box...you are just
> asking to have your server compromised...its not a matter of if...just a
> matter of when
>
> 2. Move your site to godaddy or some other national hosting company for
> about 5.00 a month and this issue goes away and your network is more secure
>
> 3. Your issue has to do local DNS not resolving properly and security on
> the site.
>
> --
> Cris Hanna [SBS-MVP]
> -------------------------------------------------
> Microsoft MVPs
> Independent Experts (MVPs do not work for MS)
> Real World Answers
> ---------------------------------------------------------
> Please do not contact me directly regarding issues
>
> "Charles" <Charles@discussions.microsoft.com> wrote in message
> news:B144A965-47D6-4545-976B-FE96356939ED@microsoft.com...
> Hello,
>
> I have a sbs 2003 box with thats hosting a few static html pages for an
> external website. The problem is is that when a user tries to access the
> external website from a workstation attached to the network by simply
> typing
> the web address in their IE address line they are prompted with the
> following
> login popup window that states: (I altered the web address)
>
> The server www.xxx.com at WebAdmin requires a username and password.
>
> Warning: This server is requesting that your username and password be sent
> in an insecure manner (basic authentication without a secure connection).
>
> All users including the admin are prompted with this request and when we
> try
> typing in the server name in the address line such as http://xxx-sbserver
> a
> 401 unauthorized page is returned.
>
> None of their login id's or passwords work on the login popup. The
> website
> works just fine externaly as well as the other RWW features.(from
> internet)
>
> Any ideas?
>
> Thanks, Charles
>
>
>