Friday, October 22, 2004

Hosting Multiple Domains on SBS 2003 (Part 2)

In Part 1 of this discussion I talked about how to add additional e-mail domains to your SBS 2003 Server. In this post I want to focus on adding websites. I am not planning on covering any security concerns in this post, as the security of your SBS box depends on how the webpage is developed.

Adding more websites to your SBS Box
IIS is really quite a cool application that makes it very easy to add additional websites to your SBS box without much effort. Here's how:

  1. Open Server Management, expand Advanced Management, Internet Information Services, {ServerName}, and Web Sites

  2. Right click on Web Sites, and choose New, Web Site

  3. Click Next on the Welcome to the Web Site Creation Wizard

  4. Type in a description to help you easily identify the website and click Next

  5. Leave the IP address as All Unassigned and the port as 80. But put in a host header, this is what will tell IIS to answer web requests using this virtual server. You should put in the domain name you would browse to such as:, if you spell this wrong, IIS will not serve up the webpage to the requesting browser

  6. Choose the location for the actual files (it's best if you can keep this away from the system drive, for security reasons), and choose if you want anonymous access or not, depending on what type of website you are trying to create

  7. Finally, choose the permissions for the website. Since you're running on your Domain Controller, and Exchange, I suggest leaving the default, read and run scripts

  8. Finish the wizard

You will see you're newly created website appear in the list with the description you gave it. Now just start plugging webfiles into the directory that you chose and you're hosting multiple websites on your sbs box.

Too easy? Why did you read the entire post then? ;o)

Troubleshooting Tips
I thought I'd toss a few troubleshooting tips in here, since I ran into these:

  • If the webpage shows up as your default web site, your host header doesn't match what the browser is asking for, and the default web site will answer all un-answered calls

  • Get a page not found? your default start document is probably not one of the ones IIS will choose, try using default.htm or default.asp. You can change the default document in the properties of the website too

  • If you want SSL encryption, you're going to have issues with the SBS self-signed cert. Change your website to a new port that's not in use and ensure the port is open on your firewall (SSL bypasses host headers since the data is encrypted as it passes into IIS). But your users will always get a pop-up since the certificate on your SBS box is programmed to be linked to the primary domain via CEICW, and will always pop-up when the domain is different

Read on to Part 3.


Anonymous said...

Sean, when adding additional domains to Exchange, after I select SMTP and added "," I get Error ID no: c10312e6 from Exchange System Manager. That's happened twice. What should I be doing differently?

Anonymous said...

Ahh.. I missed an "@". That's my mistake!

Sean Daniel said...

Awesome, saves me from investigating for you tomorrow morning.

Don't forget the "@"! :)

Anonymous said...


Do these instructions include SBS 2003 Premium or just SBS 2003 Standard?


Sean Daniel said...

Ah yes, just standard, ISA would need some extra configuration...

Anonymous said...

Any chance I could talk you into doing some posts on hosting multiple websites on SBS 2003 with ISA? I know I'm asking a lot here, but....well...PRETTY PLEASE??

James Summerlin

Sean Daniel said...

Thanks for the suggestion, I'll keep it in mind and see if I can't put some ISA tips up on this site...

Anonymous said...

Question about multiple site hosting. I have the site configured.

If I visit the site via I can access it fine but if I do I get site not found. I am on a DHCP connection and using dns2go for dynamic hosting
thanks in advance

Sean Daniel said...

Hi Annonymous (horrible name, must have been hard as a kid :) )

You'll have to configure "www" as a host at your domain with the same IP address as, if you're hosting mail, you should create another host called "mail", so your MX record can point to, and your website answers to and

Personally, I hate the www host. Why do we need to say www (or World Wide Web), we know where we are! We just need the site! I'm not a fan of www, but that's how you do it. Let me know if you need any help.

Anonymous said...

Thanks for the great little writeup. How now do we set up ftp access to update the new domain offsite?

Sean Daniel said...

Hrm, I'm not really sure what your talking about? is this a Dynamic DNS site? or am I missing something? which FTP server are you using?

m3ckon said...


I've added my new domains to my sbs2003 box as per your article

my primary domain is

my main email server is

I've added and I got my isp to update the mx record for to point to

however when I send an email to externally (from my gmail)

I get the following bounce back:
Technical details of permanent failure:
PERM_FAILURE: SMTP Error (state 10): 501 Rejected (0)

What am I doing wrong here??


Sean Daniel said...

Hrm, I'm not sure there is enough information here to help me debug what's going on. Let's see if we can't get anymore.

Open a command prompt
Launch into nslookup
Type in set type=mx
Type in

Let me know what it says. Did you give the DNS enough time to replicate? Oh, and you should probably do these steps from outside your network if at all possible.

Let me know how it goes.

Sean Daniel said...

I think you want this post. Good luck!

Anonymous said...

I simply cannot get host headers to work properly. I just keep getting the sbs welcome page.

I have just setup a new SBS (Standard) box, uploaded all security updates, then SBS sp1 and sharepoint sp2 etc, etc. DHCP is running happily on my netgear DG834GT router with sbs handling DNS and the router using that as it primary DNS server. Server and client internet access works fine and my routers firewall is configured to forward HTTP:80 requests onto my server.

Lets say my domain is and i've setup a 'test' subdomain at my isp to point to my external ip. Then I use as the host header on my new website with all unassigned as the ip. But no luck just 'cannot find server or DNS error'.

Then I follow some more complex advice about using a specific ip; so using the DNS snapin I create a new forward lookup zone called and add a 'test' A record with ip etc. Then add my new site and specify along with But still no luck, just get 'server not found or DNS error'. However my router did confirm via DNS lookup that was correctly mapped to yet i could not get anything by typing that into a browser directly.

Eventually I removed the specific ip and revert back to all unassigned, and it all just suddenly worked, ok I had some asp errors like MSWC.Counters not being supported by IIS6.0 but host headers did work, however only for a few hours, and now for some reason does not again, possibly after rebooting or something, as I am sure i did not change anything.

So I again play around with the specific IP and whilst I do now consitently get the SBS welcome page, host headers are simply having no effect at all. I Have now reverted back to all unassigned and removed the related DNS entries. But still I only get the SBS welcome page.

One point worth noting is that if I then click upon the 'Company Website' link I always get 'Cannot find server or DNS error'.

I have another problem which may be related in that my DG834GT insists upon serving up its admin page (located at to any client on the local network that tries to access my external ip. So I cannot actually see the contents of the site unless I dialin from outside because the subdomain is mapped at my isp to point to my external ip. Remote administration does require port 8080, but annoyingly internally it does not and will popup on port 80. I have tried changing the routers ip to something else but it does not seem to make any difference. If it recognises you as a being a client on the local network then it will serve up its admin page instead of forwarding on the request to the server.

Anyway that aside I still simply cannot get host headers to work, and i suspect i just have something very basic wrong, so after several days going around in circles any ideas would be very much appreciated.

Anonymous said...

thought i should let you know i now have it all working again, can't honestly say i've done anything that different, now using 'all unassigned', no special DNS forward lookup zones, and router ip of (nothing works unless it is for some reason). Also added a line in my hosts file to map the subdomain directly to the server to bypass that annoying DG834GT admin page problem ;) will post again as when and if it falls again

Sean Daniel said...

Thanks for the follow-up Brett, I was in the middle of typing you a reply before, and apparently my manager had some top priority thing for me to do. {sigh}. Here I am tonight to write you back though...

My guess is it took a while for to replicate through the internet. That's probably what the problem was, but I thought I'd also tell you that you should probably turn off remote management of your router. It's the least secure thing you can do! it's much safer to use Remote Web Workplace, and connect to one of the PCs internal to the network and then manage your router from there.

Let me know if you have any questions!


Anonymous said...

Thanks for the response Sean, well i did wonder if replication might have been an issue but then i did connect using it at one early point so i thought it had probably fully propagated after a couple of days etc, and yes i will disable remote access by the way, just useful at the moment to isolate server overhead, in other words i can roughly compare the speed a page loads from the router against one from the server. Which brings me on to my next point, which i think may have been complicating matters...

Essentially the performance is hopeless, the server is on broadband with an upstream of 288kbsp, and i'm testing with a dialup from outside, but the pages just take forever to deliver, and sometimes i just get the 'cannot find server or DNS error'. Yesterday it seemed reasonable but now i notice that there really is a big difference between my sharepoint site and my hostheader site's.

Simply put the dialup activity (two screens flashing) is constant when i browse to my sharepoint sbs welcome page, all is fine and the speed is reasonable, but if i browse to my it sits around for ages waiting for my server to respond. Often it just gives up half way through a page, or i just get the familiar 'Cannot find server or DNS error'. Note at 5 this morning it was fine, i change nothing, get some sleep, have a play 5 hours later and it is just hopeless.

I've removed the site re-installed it added other sites etc and they all suffer in teh same way. I did think it was related to DNS changes at my isp etc but when i remove the host header site and allow things to default to the sbs one performance is fine.

Well ok it is fine on parts of the site. Only one of the four links on the SBS welcome page will actually deliver a page...

The first 'My Company's Internal Website' displays a blank page, waits around forever and finally gives gives cannot find page. But then for some reason the url is http://companyweb rather than

The second 'Network Configurations Wizard' has a url, and gives 'You are not authorised to view this page' so that seems ok. I guess one has to specifically enable an ip to have access or something.

The third 'Remote Web Workplace' has a url, but waits displays a blank page, waits a further 30 or so seconds, then delivers 'Cannot find server or DNS Error'.

The fourth 'Information and Answers' works absolutely fine, and so does all its subpages.

This is a log from my router for a problematic access:

Wed, 2005-12-14 13:12:52 - TCP Packet - Source:,16976 Destination:,80 - [HTTP match]

Which seems ok, and i am currently trying to get a log from the host header site but very strange things are happening with the servers cache. I've even stopped the site and changed its content directory completely, yet my dialup connection still quite happily displays the old content, and it is clearly obtaining it from the server. Infact it is now displaying part old and part new (mixing the content) where filenames etc happen to be the same i guess. Do you know how i can clear the servers cache?

Anyway here is a bit of the log from a recent slow access to the host header site (sorry for the mass of info, by all means delete it once read) the first line shows a refresh that simply timed out with a blank screen, the second and further lines show a following refresh which did display most of the content (albeit over a few minutes and out of date etc).

#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status time-taken
2005-12-14 15:33:26 GET /index.htm - 80 - Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+2.0.50727) 200 0 0 109
2005-12-14 15:38:05 GET /index.htm - 80 - Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+2.0.50727) 200 0 0 93
2005-12-14 15:39:34 GET /leftpage.htm main=info/welcome.htm 80 - Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+2.0.50727) 200 0 0 203
2005-12-14 15:40:13 GET /images/home.bmp - 80 - Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+2.0.50727) 200 0 0 109
2005-12-14 15:40:13 GET /images/website.bmp - 80 - Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+2.0.50727) 200 0 0 93
2005-12-14 15:40:18 GET /images/dev2.bmp - 80 - Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+2.0.50727) 200 0 0 93
2005-12-14 15:40:24 GET /images/bin2.bmp - 80 - Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+2.0.50727) 200 0 0 93
2005-12-14 15:40:24 GET /images/key4.bmp - 80 - Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+2.0.50727) 200 0 0 93
2005-12-14 15:40:28 GET /images/target.bmp - 80 - Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+2.0.50727) 200 0 0 93
2005-12-14 15:40:34 GET /images/cog.bmp - 80 - Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+2.0.50727) 200 0 0 109
2005-12-14 15:40:37 GET /images/chart2.bmp - 80 - Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+2.0.50727) 200 0 0 93
2005-12-14 15:40:41 GET /images/vb10.bmp - 80 - Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+2.0.50727) 200 0 0 1187
2005-12-14 15:41:04 GET /images/moving2.jpg - 80 - Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+2.0.50727) 404 0 2 78
2005-12-14 15:41:08 GET /images/50orange.jpg - 80 - Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+2.0.50727) 404 0 2 78

Any ideas?

Anonymous said...

Hey what do you know, i've just added another site and that one works just fine? Really can't see what the difference is between them though (same content directory etc).

BTW one of my domains is hosted with an isp who are pretty expensive when it comes to things like pointing subdomains etc, so instead i tried website forwarding to my ip address, hoping that maybe the host header remains intact or that i could perhaps use my ip as the host header. Anyway it does not work so is there a way to get host headers to work with such web forwarding, or must i be able to point the domain properly?

Anonymous said...

ok think i may have found the problem, i suspect server is fine, just my laptop has a dns issue or at least some sort of confusion caused by my entries in the hosts file (to stop that DG834GT admin page from appearing all the time when accessing host header sites via local network). Anyway if i remove the host file entry on the laptop which is browsing the site via dialup it suddenly speeds back up. Looks like the laptop was trying to access each component of the site locally first (as per host file entry) but upon failure (network connection disabled to force use of dialup) resorted to the dialup and original ip. May explain why i sometimes got 'Cannot find server or DNS Error' and sometimes not. I am thinking it was probabaly fine for a while before i added the hosts file entry, and even then perhaps still ok so long as i happend to have never connected to the network before using the dialup. Anyway sounds plausable to me ;) and so long as the public does not have the same issue then all is well. Think i'll get some friends to give it a bit of a hammering over the next few days.

Anonymous said...

Well I am at a complete loss!

I browse my sites again this morning using an outside dialup from a laptop that has it's cookies/cache/history completely cleared etc. The server has not even been logged onto since eveything was working fine, but it promptly delivers firstly just the basic sbs welcome page (completely ignores host headers) then worst still after several refreshes eventually the host header one! But then that is actually some old version from 2 days ago! I then clear my cache and refresh again where upon i do eventually get the site i should do.

Plus i actually found that and gave competely different and independant results; the first whilst not initially delivering the host header site eventually did after several refreshes, then the second (without http:// in url) delivered the sbs welcome page initially (some components such as the link images would not download) then after several refreshes I got a very old version of the host header site long since gone. And i did browse in that order so the server had already delivered the correct site.

But note I now only have one site with several host headers so they are all feeding from the same bowl so to speak.

Just don't know what to do next, can get no reliability at all.

Any idea on how to clear the servers cache?

Anonymous said...

Just to add a bit to that i did notice when the sbs site was being mistakenly delivered that my ip often momentarily showed as the url within the browsers status bar, is that normal when pointing subdomains?

Anonymous said...

Unbelieveable! having browsed and refreshed to the point that all subdomains eventually displayed the correct content, i clear my cache, close the dialup, re-dial, browse again and yep everything is still just fine, performace good, content correct, and cache clear after refresh consistently results in the server delivering the correct content to all my subdomains (one site for all at the moment).

So imagine my dismay when 2 hours later i power the laptop up again do exactly the same thing, and find i am back at square one! Yep after a couple of components (fonts actually) are downloaded the browser just sits and waits for the server, several refreshes, still no luck, refresh again and i finally get something, but amazingly it's an old version of the site that keeps popping up when i least expect it! Once loaded i refresh again and the new one then comes into place?

Just can't fathom it, why is my server first trying to deliver an old version of the site? Those files do still exist on the drive and that domain was once mapped to a site which used them, but it was deleted days ago, and since there has only been one site under iis (other than the sbs stuff) with all the host header entries mapped to that.

Actually I noticed the other day that i can stop and even delete a site yet the server will happily keep on delivering its content for a given host header, even after i enter that into another site. In fact that does seem to be the very nub of the problem.

For example i have just created a new site, and moved the host header entries over to see how instant the change is adopted (i.e. a different site delivered) and yes for and it is immediate, but for it loads some old content (frame set and some fonts etc) then stalls with 404 in the first frame, i click refresh about 5 times and still get 404, then wait a few minutes click refresh again and get the new site (just hello world with no frames etc). Now whats the bet that in a few hours time i'll get the old content back again?...

Anonymous said...

Well i did not get the old content back so that's something, but i do always get a 404 after leaving it for a few hours and attempting to browse again (having cleared browser cache etc). It then generally takes 3 refreshes to overcome teh 404 and get the content. Seems quite consistent in this behaviour and i can see from the log that this is precicely what is happening.

I have and all specified as host headers for this particular site, but they always behave slightly differently to each other: always loads the style sheet fonts and frameset then then gives 404 for the content of the left frame (the url for the left frame specifies content for the main frame so things naturally stop there). After 3 refreshes (almost always 3) the content does get delivered. will almost always initially deliver the sbs welcome page, then after 1 refresh will deliver the proper site. often just gives 404 from the start i.e delivers nothing at all, then after several refreshes does one of the above.

Note that overcomming 404 for one subdomain does not help the other subdomains for that site. They are completely independantly of each other. So if i refresh until the content appears, then try or i will still get 404. I have to refresh each subdomain independantly until the content is properly delivered.

From that point on everything behaves perfectly. Then i come back a few hours later and the sequence repeats.

SBS is a new install with all updates etc running on a fairly good box (MSI K7N2 Delta-ILSR mother board, AthlonXP 2800, 2Gb of DDR).

Any ideas?

Sean Daniel said...
This comment has been removed by a blog administrator.
Anonymous said...

Thanks for the offer Sean, very much appreciated, but it finally seems to be working consitently so i wont waste any of your time. I have certainly not done anthing different, just waited, and eventually after a few days, it seems to have settled and delivers the right content first time to the right subdomain. Have plenty more testing ahead so may well be back, but hopefully i will not need to call upon your kind offer.

If you do however know of a simple way to clear any webserver cache then that would certainly be useful.

Sean Daniel said...

Glad to hear that you've figured it out. Sorry I wasn't able to help you. Please let me know if I can be of more assistance..

PS. I have removed the post with my email address in it only to reduce the amount of spam I receive from computers scraping this website.

Anonymous said...

Thanks, that was helpful. Setup additional domain no worries.... :)

Anonymous said...


I have SBS 2003 Premium, I am trying to set up an internal web site as per your instructions.

I keep getting 'page not displayed' yet the host header is called frontsheet and i have a default.htm as the first page - i read about a hosts file but having no expererience I CANNOT FIND IT!!

If you could help that would be great.


Sean Daniel said...

Hi, it's hard to figure out what's going on from your description.

So I'll take a guess, and you can let me know if I'm on track or not. :)

You should be putting your files in c:\inetpub\wwwroot directory, default.htm is probably in the list of default files to load, if it's not you can right click on the default website and find the default documents and add it in.

Last but not least, on SBS 2003, the root of the website is IP restricted to inside the network only, so you'll have to run the Configure Email and Internet Connection wizard to expose the wwwroot site.

Does this help at all?

Anonymous said...

You really are a god!

That was it, wrong directory.

For the benefit of ppl making my mistake, I added the folder which included my files to the c:\inetpub\wwwroot directory and then browsed to //myserver/foldername/default.htm

Thank you so much

My name is Fliss btw, but I forgot my password and so cannot log in..

and thank you for having an anonymous log in, it is easy to subscribe to many forums when you are desperate for help, which is a pain to subscribe and even more difficult to post your solution if you forget your password.


Anonymous said...

Hi Sean! Great site!

Question for ya: I'm trying to get the SBS 2003 default web site to work concurrently with my company's home page, and i'm having some trouble.

I currently have two domains setup.

I setup a new web site for my companys home page port 80 and entered as the host header. Then I have domain 2,, which I used for the host header for 2003 default site. all seems to work except: when I get to the welcome page, I can't do anything else. When I try to access "REMOTE WEB WORKPLACE" I get the login page. I log in and I just get the login page back.

When I click on "Network Configuration Wizard" i get to the Network Configuration page, click on "Connect to the network now" and i get an error, Line 21 -Permission denied.

Not sure what the problem is - any help would be GREAT!!

BTW- I can access OWA just fine by using

Mitch Farber

Sean Daniel said...

I believe you should remove the host header from the default website, it should work with your domain without that, and remote web workplace should resolve.

Let me know how it goes.

Anonymous said...

Thanks! That was part of my problem. I can now access my home page as well as sbs default "Welcome" page, but i'm still having some difficulties, with connectcomputer and remote. Connectcomputer is coming back with another error instructing me to reinstall "Client Deployment" - So i'm gonna go and give that a try.

The other problem is still with "remote" - It keeps prompting me for login, over and over, not going anywhere.

Anyway i'm gonna try the reinstall - will let you know how it goes.


Anonymous said...

Me again... I reinstalled client deployment only to find that xp home cannot connect to sbs 2003. Bummer!

Also the weirdest thing - I can now access the remote page, but only once or twice - then it goes back to login page. I noticed that when I restart IIS, it can be accessed again once before it gets screwed up.

Thanks for your help.

Sean Daniel said...

What else did you change?

Anonymous said...

I hope that someone still moderates this area...
I am attempting to set up multiple domains on my SBS 2003. When I direct a browser to, everything works great, but if they type in, I get my default company page. What am I doing wrong?
Thanks so much.

Sean Daniel said...

Seems like your DNS with your domain name provider needs revisiting. www and can point to the same location, and you will see the same webpages.

Anonymous said...

After adding your host header you will need to select permissions and add the Internet Guest Account for the sites you want to open up to the internet.

Anonymous said...

Hi Sean,
Thanks for hosting this forum. It has some information that i found very helpful.
The problem that I am experiencing is with hosting a sharepoint site and trying to implement a SBS issued certificate. The site works fine with http but when attempting to connect with https I can not view the site. The certificate seems to authenticate correctly and I get prompted to log into the sharepoint site but i get error messages that read:

Mozilla Firefox:
HTTP/1.1 404
Connection: close
Date: Fri, 29 Feb 2008 14:14:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET

Internet Explorer:
HTTP/1.1 404 Connection: close Date: Fri, 29 Feb 2008 14:00:32 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET MicrosoftSharePointTeamServices:

Do you have any suggestions on what I can try? I am running SBS 2003 and sharepoint v3.

I would appreciate your help!

Sean Daniel said...

Hi Brian,

Are you sure the SSL handshake passes through? It seems like the connection is closing, and not because of authentication issues. What port do you have the different sharepoints running on, are you running ISA?, are the ports configured correctly?