Jump to content

Installing Mobile Site in DMZ


Recommended Posts

Per Best Practices, I'm putting up the mobile site in a DMZ and followed the installation instructions for installing the Mobile Client.   I copied the 4 keys over and added the hostname to my install.  Unfortunately, I'm getting a "Server Error in '/' Application" for IIS.  The details aren't helpful as it just shows that I haven't turned on custom errors.  


Where should I start for troubleshooting?   I've somewhat inherited this project from someone who left, and he setup the primary server.  There's not too much in terms of specifics in the documentation though.   


I've opened up firewall holes between the two servers, and am somewhat all permissive as I troubleshoot this issue.  The DMZ server is also NOT domain joined, per best practices.   I setup DNS so that the DMZ server can see the PWS server via its hostname, but let me know if that makes a difference.  Obviously, the two servers are on separate subnets and VLANs.  


The one error in the event log has an ASP.NET error (Event ID 1309) and alludes to an error in the w3wp.exe processes because it cannot connect to the database.  I'm going to start troubleshooting database access next, but any other thoughts?

Link to comment
Share on other sites

Hi Mike,


If you RDP into your server where you have installed the mobile client, and try to access the site from there, does IIS give you a better error that can help with this?


Also, can you try doing an open port test from your DMZ server back to your SQL server which is hosting Passwordstate, on port 1433 which is the default SQL port?  Obviously if you made changes to the SQL port you'll need to test for that instead.  powershell does an open port test as follows:


test-netconnection database-server.contoso.com -port 1433






Link to comment
Share on other sites

Got it.   Thanks for the hints.   The local error gave met the same errors as in the event logs.  It pointed me to a connection error.   As a result, there were a few things that I needed to go down as we're using SQL Express with our install.  I tested using SQL Management Studio from other machines to try and connect remotely.


1.  By default, SQLExpress doesn't allow remote connections.  The remote connection needed to be enabled and a static port set, like 1433.  (See any internet guide)

2.  Since it's a named instance (SQLEXPRESS) and not the default, SQL Browser also needs to be enabled for the connection to work. (This wasn't as common to be listed).

3.  Add appropriate local firewall rules (if applicable).

4.  Make sure the DMZ server can see the internal server via hostname.   I used the hostfile as it makes the most sense to me.  Our DMZ servers don't have access to our domain controllers/DNS.

5.  Add appropriate access rules & NAT rules for your DMZ.


As a one man IT shop, it'd be great if these were in the documentation going forward.  :)  

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...