I created a new web app and a new site collection in WSS 3.0. keep getting a "Cannot Connect" error message in IE (version 8) I used port 21241, 10549, 8080....

Are you using the fully qualified machine name or an alias, and, if an alias, is that name entered in Alternate Access Mappings? If not, go to Central Admin | Operations |Alternate Access Mappings. Choose your new web applicaiton and selcte public URLs. Make sure that a zone mapped to windows authentication has the new URL. Also, on the cleint machine, make sure you can ping the machine, by alias as well. Try adding the site to Trusted Sites in IE Security. ChrisChris McNulty MCSE/MCTS/MSA/MVTS http://www.kma-llc.net | blog http://blogs.kma-llc.net/microknowledge http://blogs.kma-llc.net/microknowledge

did you check your firewall settings ?

I'm on the same machine and using the fully qualified machine name. Ideally im just going to use the public ip adddress and port number from the outside - (NAT mapped to machines internal IP) I can get it to work only using port 80 but that kind of blows my security initiative.

When accessing locally, you may be running afoul of the securitty loopback feature. This prevents malware on the local server from bypassing web security by coming back to the same machine using an alias. There are several ways to do this, as detailed in this KB article. http://support.microsoft.com/kb/896861/en-us The basic way to shutoff loopback checking (not ideal security, by the way). Click Start, click Run, type regedit, and then click OK. In Registry Editor, locate and then click the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa Right-click Lsa, point to New, and then click DWORD Value. Type DisableLoopbackCheck, and then press ENTER. Right-click DisableLoopbackCheck, and then click Modify. In the Value data box, type 1, and then click OK. Quit Registry Editor, and then restart your computer. Hope this helps!Chris McNulty MCSE/MCTS/MSA/MVTS http://www.kma-llc.net | blog http://blogs.kma-llc.net/microknowledge http://blogs.kma-llc.net/microknowledge

Thank you for your input - if shutting off the loopback check is going to create security holes then how would you suggest my using a ip:port# so for example - I want my sp site address to read behind the DMZ something like this 192.168.100.200:12345 then outside the DMZ the public address will be 206.164.208.150:12345 Using NAT the public translates to the private ip with that secret port number Anythoughts??

Ok - got it to work - next pickle that I find myself in - I am installing WSS on a w2K8 server that will be just a work group server. I have loaded a few users (for testing) on the machine but not in active directory as it is in a workgroup. I cannot authenticate anyone but the administrator....how do I get users to authenticate when i dont use Active Directory.

*MODS - can you move to a new thread * (usually a new question should be a new title, new thread, etc.) You can authenticate against local machine accounts, or you can configure an ADAM (a/k/a AD LDS in Windows 2008) to provide an LDAP compliant thin versino of AD to house user accounts for authentication. (http://msdn.microsoft.com/en-us/library/bb897400.aspx) Chris Chris McNulty MCSE/MCTS/MSA/MVTS http://www.kma-llc.net | blog http://blogs.kma-llc.net/microknowledge http://blogs.kma-llc.net/microknowledge