Small Business Server

From SME Server
Revision as of 18:30, 18 October 2011 by Smeghead (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Windows Small Business Server (SBS)


  Skill level: medium
The instructions on this page require a basic knowledge of linux.


Description

How to configure SME for an internal Windows Small Business Server (SBS); Exchange and Remote Web Access.

This howto is cobbled together from a variety of sources and was tested on a HP Servers running SBS2003, SBS2008, and SBS2011.

The main sources were:


Forum Post talking about Exchange 2003 [[1]]
Len Goldsteins Blog talking about Exchange 2007/10 [2]
Tek-Tips post on Activesync [3]

The infrastructure setup used was:

Internet ~~ Router - SME - Internal Network (inc SBS).

Assumptions

  • I have assumed that you already know how to configure the router to provide the appropriate port access for SBS.
  • The DNS has been configured with a 'remote.xxx.xxx' record for the domain in use; an 'autodiscover' record is also useful down the track.
  • IIS has been configured to publish these sites for external access.
  • IIS has been configured to accept external connections using its self signed certificate or a public certificate has been installed.

Step-by-step HowTo

1. Preparation


1.0 Log into the SME Server Manager, and
1.1 Get direct shell access and login as root.

2. Modifications

2.0 Add hostname for internal server
Using the Server Manager, under Configuration, open Hostnames & Addresses and add a hostname pointing to the internal servers IP address.

2.1 Create new template fragment for ProxyPass directives
Most of the work in accessing the internal server is performed by using proxypass redirects within Apache.
In order to add these directives to Apaches config file (httpd.conf) we need to create a custom template fragment.

Create the folder for the fragment

mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf

Create the fragment itself, it's empty to start

touch /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/91ProxyPassSBS

2.2 Add directives to fragment
At this point you can use whatever editor you prefer, I'll use pico

pico -w /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/91ProxyPassSBS

Now paste in the following, including the comment lines top and bottom

#------------------------------------------------------------
# ProxyPass Support for Internal SBS Server
#------------------------------------------------------------

        ProxyPreserveHost On
        SSLProxyEngine On

        #Force RequestHeader in order to get IE to work
        RequestHeader set Front-End-Https "On"

        #OWA % character in email subject fix
        RewriteEngine On
        RewriteMap percentsubject int:escape
        RewriteCond $1 ^/exchange/.*\%.*$
        RewriteRule (/exchange/.*) ${percentsubject:$1} [P]

        #OWA
        ProxyPass /owa https://x.x.x.x/owa
        ProxyPassReverse /owa https://x.x.x.x/owa
        ProxyPass /public https://x.x.x.x/public
        ProxyPassReverse /public https://x.x.x.x/public

        #RPC
        ProxyPass /rpc https://x.x.x.x/rpc
        ProxyPassReverse /rpc https://x.x.x.x/rpc
        ProxyPass /Rpc https://x.x.x.x/Rpc
        ProxyPassReverse /Rpc https://x.x.x.x/Rpc
        ProxyPass /RPC https://x.x.x.x/RPC
        ProxyPassReverse /RPC https://x.x.x.x/RPC

        #OMA
        ProxyPass /oma https://x.x.x.x/oma
        ProxyPassReverse /oma https://x.x.x.x/oma

        #ActiveSync (for WM5+ devices)
        ProxyPass /Microsoft-Server-ActiveSync https://x.x.x.x/Microsoft-Server-ActiveSync
        ProxyPassReverse /Microsoft-Server-ActiveSync https://x.x.x.x/Microsoft-Server-ActiveSync

        #Remote Web Workplace
        ProxyPass /Remote https://x.x.x.x/remote
        ProxyPassReverse /Remote https://x.x.x.x/remote
        ProxyPass /webhelp https://x.x.x.x/webhelp
        ProxyPassReverse /webhelp https://x.x.x.x/webhlp

        #Autodiscover for Exchange
        ProxyPass /autodiscover https://x.x.x.x/autodiscover
        ProxyPassReverse /autodiscover https://x.x.x.x/autodiscover

#------------------------------------------------------------
# End of SBS settings
#------------------------------------------------------------
 

Change the x.x.x.x to match the IP of the Internal SBS server.

2.3 Finalisation
In order to make sure the hostname is fully recognised & the template fragment fully integrated I prefer to perform a full server update routine

signal-event post-upgrade; signal-event reboot

If you wish to verify that the template fragment is syntatically correct then run

signal-event ibay-update

This will then display any issues the system has with the template fragment (if any) and they can be dealt with prior to the full server update routine.

2.4 Gotchas
Some of the above entries may not be rquired depending on your circumstances & the version of SBS being used, comment out all not in use.
SME/Apache, and to a lessor extent SBS, are very sensitive to case, if the entry is capitalised in any way it is done so for good reason.
If a directive doesn't work check the URL internally to see if the capitalisation matches.

3. Testing


Once the server has rebooted the following URL's should work from the Internet

https://xxx.xxx.xxx/remote
https://xxx.xxx.xxx/owa

Done!