locked
Windows Live Domain & Router DDNS RRS feed

  • General discussion

  • I've installed WHS 2011 OEM on a custom built machine last week and have been testing the Remote Access capablities.

    I am using a Netgear FVS336V2 SSL VPN Firewall as my perimeter router device.  I found I was unable to utilize a Windows Live Domain in the Dynamic DNS configuration of the Netgear.  I was restricted to DynDNS, TZO, 3322.org, and Oray.  No custom DDNS was available.  Also WHS 2011 could not configure the firewall through UPnP.

    I "downgraded" my external deviice to an old DLink DIR-655 A3 rev wireless router.  I was previously using it as a wireless access point inside my internal LAN.  WHS 2011 was able to successfully be configured for Remote Access on the Dlink in regards to port forwarding, UPnP, and putting the x.homeserver.com domain in the DDNS Service Provider section.  However, the status on the DDNS page says "disconnect" even though I am able to access the server remotely.  The DIR-655 works in this regards and I was able to successfully access my server from outside my LAN (at work) and internally.

    I would like to continue using my Netgear firewall as the perimeter NAT device instead of the DLink for security purposes.  Is there anyway to have the Netgear as the perimeter connecting into the DLink and then doing configuring the DDNS Live Domain on the Dlink and having it pass on up to the Netgear.  So the flow would be Netgear - Dlink - switch - WHS 2011.  Another thought I haven't experimented with is SSL VPN into my Netgear firewall and then log in via RADIUS or Active Directory (if its configurable in the normal sense in WHS 2011)...something for another thread.

    Additionally, if I wanted to use my own dyndns.org DDNS how would I append/or point it to one of the 2 only options available in WHS 2011 Remote Access?  I saw only GoDaddy and the IM something available.

    I would prefer to use the Windows Live x.homeserver.com domain but it seems like the choice of routers that support a custom DDNS are limited.  Most universally accept either DynDSN.org or TZO.com.  To the best of my current knowledge only DLink has the ability to put the Windows Live domain service provider into the service provider field (https://x.homeserver.com then the hostname, password, ect)

    Are there any suggesstions or recommendations for other routers/firewalls that will support x.homeserver.com Live domains and for the DDNS service provider?

    Thanks!


    MCTS | MCP | GCWN | GSEC | IAT II | A + | Network + | Server + | Security +
    Thursday, June 30, 2011 2:18 PM

All replies

  • The only supported dynamic DNS solution for Windows Home Server 2011 is setting everything up through the server dashboard. This will register your vanity URL or allow you to buy or transfer a domain through one of the supported providers, and will properly register a certificate for your server. Using the dynamic DNS built into your router, or using another dynamic DNS provider, isn't supported and will not give you full functionality.


    I'm not on the WHS team, I just post a lot. :)
    Thursday, June 30, 2011 2:33 PM
  • Mr. Warren,

    I understand that DDNS must be configured through the server dashboard as you have clarified.

    So, that I understand correctly, users are limited to 3 Dynamic DNS solutions?

    Windows Live Domain

    GoDaddy

    eNom

    How would this tie into a router's DDNS if most of the routers do not support the above DDNS supported by WHS 2011 out of the box?  Most generally support DynDNS, TZO, ect and have them predefined in the router drop down selections and not configurable for to customize the DDNS to the above DDNS WHS 2011 solutions.

    My problem is trying to tie the dashboard's supported providers with a router's provider's and DDNS.

    D


    MCTS | MCP | GCWN | GSEC | IAT II | A + | Network + | Server + | Security +
    Thursday, June 30, 2011 2:57 PM
  • Your router's built-in functionality (or the lack of it) is irrelevant for Windows Home Server 2011. You don't need to configure DDNS on your router.


    I'm not on the WHS team, I just post a lot. :)
    Thursday, June 30, 2011 3:10 PM
  • So you are saying I can completely ignore DDNS set up and configuration within the router altogether?  WHS 2011 and Windows Live Domains takes care of the pointing of the domain host and pointing it back towards itself (if behind a NAT)?

    If so, that is awesome.  So just set up port forwarding on the router, reserve the server's IP in DHCP, and do the typical remote access set up in the dashboard and I'm good to go?

    Sorry to keep you busy on this thread...just want to fully understand so that I can continue my testing the functionality.

    Thanks


    MCTS | MCP | GCWN | GSEC | IAT II | A + | Network + | Server + | Security +
    Thursday, June 30, 2011 3:48 PM
  • Yes, that's correct.

    As for the UPnP issue you mentioned in your original post:

    • Assign your server a static IP address in your home network's subnet, but outside the range of any DHCP providers, or (better) assign a DHCP reservation via your router's built-in functionality.
    • Forward ports 80 and 443 to your server from your router.
    • Reconfigure your server's Remote Access, telling it that you will manually configure your router. This should shut off UPnP configuration and eliminate an annoying error message.

    I'm not on the WHS team, I just post a lot. :)
    Thursday, June 30, 2011 4:01 PM
  • Good info, I had my router set up with my old whs and it is working fine, and getting ready to turn off the remote access on the old server and turn on the remote access on the new 2011.  When I did this over a year ago I do have ports 80 (HTTP) and 443 (HTTPS) forwarded to the old server.  I also have port 4125 (RWW) forwarded. You think I need that, 4125?  

    Also, you say "Assign your server a static IP address".  Everything is up and running and the server has it's own xxx.xxx.xxx.xxx address.  I don't understand "Assign" it one.  Should I just leave it alone if it already has one that I see?

    One more question, sorry,

    - the PC that is connected to the whs2011, show's the IP address in properties as xxx.xxx.xxx.xxx.

    - the PC that is NOT connected to the whs2011 (yet) and is also inside my network is showing the new IP address of yyyy::yyyy:yyyy:yyyy:yyyy&yy.  

    What's your comments on that?

    And correct, I do not have any settings set up in DDNS.

    Thank you,

    Friday, July 1, 2011 12:49 AM
  • After being enlightened on not needing to configure DDNS at all on my router, I merely forwarded the ports and it's working perfectly.  That's awesome that WHS 2011 just goes directly to Windows Live Domain services and does all of the DDNS and mapping to my external/NAT ips.

    For anyone with a Netgear FSV336GV2 SSL VPN firewall (so that you avoid the hours of trying to figure out DDNS and port forwarding for this device as its more complex than your typical router)  There is no UPnP on the appliance so just skip the set up router in Remote Access and manually do as Ken stated above.

    1. Make a static IP client reservation OUTSIDE your DHCP scope range if you are using DHCP.  Example if you have x.x.x.100 - 200 than give it a client ip of x.x.x.99 which is outside the scope range.

    http://screenshots.portforward.com/Netgear/FVS336Gv2/LAN_Setup.htm

    http://screenshots.portforward.com/Netgear/FVS336Gv2/LAN_Groups.htm

    2. Port forward the 3 ports but disregard the Configure Host Names for Port Forwarding or else when you access the server website it will bring you to the Netgear's SSL login page.

    http://screenshots.portforward.com/Netgear/FVS336Gv2/Port_Forwarding.htm

    a.  You may need to set up a custom service for port 4125.  I'm not sure if the RDP port listed on port forwarding is like the old 3xxx port for WHS v1.  Needs to be 4125.  to do this:

    http://screenshots.portforward.com/Netgear/FVS336Gv2/Services.htm

    3. Now  you need to ALLOW these ports/services Inbound and Outbound into your Firewall Rules.  Ensure you put the WHS 2011 reserved static ip in the single ip and allow always your ports.

    http://screenshots.portforward.com/Netgear/FVS336Gv2/LAN_WAN_Rules.htm

    4. Disregard completely the DDNS on the netgear as Ken stated above.  This is what I couldn't wrap my head around before. 

    This guide is for anyone that is having trouble with getting their Netgear router/security appliance to work with WHS 2011 Remote Access. 

    D

     


    MCTS | MCP | GCWN | GSEC | IAT II | A + | Network + | Server + | Security +

    Friday, July 1, 2011 6:54 PM
  • The second IP address of yyyy::yyyy:yyyy:yyyy:yyyy&yy is IPV6.

    http://en.wikipedia.org/wiki/IPv6

    This all depends on your DHCP server/router.  Most new routers support IPV6 nowadays and you should have both IPV4/V6 address when you do a ipconfig /all 

    When you connect your server to your LAN, and if it has a DHCP provider/device on your LAN, it should automatically be assigned a client ip with lease. 

    Assigning means to reserve the ip address for the server.  Here is what will happen

    1. If you just leave it as is, whenever your server's client ip lease expires, usually 24 hours by default, and you turn off your server;

    2. Another device that gets connected to the network could pick up that ip that was previously assigned to your server;

    3. Then your boot up your server and it gets assigned a new, different ip address lease;

    4. Your port forwarding that you have assigned in your router will still be mapped to your old ip address (which a different client now has) but your WHS 2011 server will have the new ip.  This results in no Remote Access. 

    This is why it is important to Reserve or in other words create a static "Mapping" at your router for your server and for the ports that will be forwarded inbound/outbound.  So you should probably reserve your server's ip for optimal Remote Access functionality.

    I hope this answers your inquiries.

    D


    MCTS | MCP | GCWN | GSEC | IAT II | A + | Network + | Server + | Security +
    Friday, July 1, 2011 7:05 PM
  • Good info, I had my router set up with my old whs and it is working fine, and getting ready to turn off the remote access on the old server and turn on the remote access on the new 2011.  When I did this over a year ago I do have ports 80 (HTTP) and 443 (HTTPS) forwarded to the old server.  I also have port 4125 (RWW) forwarded. You think I need that, 4125?  

    I just now reread your post and caught that you still using your old WHS V1.  Are you using Windows Live Domain x.homserver.com ?

    If so, you may have to apply for a new one, or release the the Live doman attached to your current Live account.  You could also use the same Live domain, just released, and add it to a different or new Live account ID.

    I'm not 100% sure on this but I recall reading that users were having problems when trying to use the WHS V1 Live domain and rolling it over to their WHS 2011.

    I will check around or someone can verify this.....

    Port 4125 is just for remote administration and connecting through Remote Desktop into your server and computers with connector clients.  I haven't tested trying to remote desktop in WITHOUT 4125 yet but I will try it out tomorrow.  I know for WHS V1 (which was a different port if I recall) was necessary to remote administer your server remotely which I did alot of.

    I just require port 443 on mine but I haven't tested it myself to see if everything will work ok without ports 80 and 4125.  It should be fine without those two if you don't plan on doing any remote admin stuff.  Currently, I have all 3 forwarded.

    D

     


    MCTS | MCP | GCWN | GSEC | IAT II | A + | Network + | Server + | Security +
    Friday, July 1, 2011 7:21 PM
  • The most common problem by far with retrieving the domain used on your V1 server for use on your V2 server is Live ID expiration. If you create a Live ID but then don't use it, eventually Microsoft will delete it. (Eventually = several months, but I don't know the exact period) At that point, your server can continue to update the domain provider because it does that using a token rather than the Live ID, but the token won't exist (and can't be hand-crafted) on a new server, or on a reinstalled old server. So no Live ID = orphan domain.

    This Live ID issue is actually more of a problem for XBox Live, BTW, because XBox Live also uses a Live ID for authentication and it gets attached to your XBox Live gamertag/identity. If you create a silver account and don't already have a Live ID, one is automatically created for you. If you don't use that Live ID for anything else, it eventually expires and gets deleted. At that point, if you haven't upgraded to gold, you can't upgrade any more.

    Regarding ports and remote access: port 80 is a "nice to have". It lets you type http://myserver.homeserver.com rather than https://myserver.homeserver.com. Port 443 is required for SSL, and the entire Remote Access site requires SSL. Port 4125 is needed for V1 but not V2. Port 3389 is a "nice to have" if you absolutely must have desktop access to your server. (Note: I have never forwarded port 3389 to any of my servers...)


    I'm not on the WHS team, I just post a lot. :)
    Friday, July 1, 2011 7:59 PM
  • Excellent folks, Thank you.

    1/ When I rolled over the <user_defined_name>.homeserver.com from my old whs v.1 to my new whs 2011, I had no problems.  I did not "release" the name when I turned off the service on my old server.  I just turned off the service on whs v.1, then re-initiated the service with whs 2011.  Works fine.  I did never let it previously expire, I always had the old one hooked up to it.

    2/ Thank you for confirming and letting me know on assigning the I.P. address to the Server while in the settings of the router.  I thought that the server assigned it's own address.  One thing to note on the NetGear WNDR3700, it will "not" let me assign a static I.P. address to the Server outside of the defined DHCP range, it had to be inside the designated DHCP range.  There was a box below that allowed me to reserve one of the I.P. addresses for the server though, which works fine.

    3/ Noted on Port Forwarding.  Works Perfect.

    Anyway, up and running.

    A couple things to note after you connect to the server and are at the Remote Web Access on the server , if you want to try to connect to one of the "Computers", you need to run I.Explorer (instead of me trying Chrome) as it needs to install an ActiveXClient.  I'm able to get a login to the PC, accept the certificate, but get an Access is denied screen.  So, I'm getting all the in through the server but the PC is stopping me, need to look at remote settings (on the PC client) but will post another message for this, thanks again.

    EDIT and add to the paragraph just above, the remote login works fine accessing the client PC- if you are using a different PC, I was trying to loop back in to myself on the same pc.   That doesn't work.  Using a different computer does work.  All this works great, now to play with waking a PC via bios LAN signal...





    Saturday, July 2, 2011 2:28 AM