locked
Using port 443 or 80 instead of 4125 for the Remote Access Gateway RRS feed

  • General discussion

  • Hi,

     

    I think it would be more helpful to use the port 443 or 80 to do the tunnel through the Remote access gateway, since in a lot of corporate network the port 4125 will be blocked.

     

     

    Friday, June 8, 2007 1:38 PM

All replies

  • Port 4125 is used by Remote Windows Workplace, a feature of SBS that allows the same functionality. Though you can't see it, I'm sure that the WHS team built on top of RWW to implement the remote desktop feature.
    Friday, June 8, 2007 4:17 PM
    Moderator
  •  Ken Warren wrote:
    Port 4125 is used by Remote Windows Workplace, a feature of SBS that allows the same functionality. Though you can't see it, I'm sure that the WHS team built on top of RWW to implement the remote desktop feature.

     

    While I'm sure this is true, it does not change anything about the suggestion that was posted.

     

    The suggestion is that it would be more useful to many people if the remote desktop functionality was tunnelled via a standard port and protocol.    I believe the best solution is to wrap all RDP functionality in HTTPS over 443.    With this solution, you would be more likely to be able to connect to your home machines from work or from internet cafe's around the world as you travel. 

    Wednesday, July 18, 2007 1:42 PM
  • In order for the WHS team to accomplish that, they would have to create a new tool that serves exactly the same purpose as Remote Web Workplace. Not that I disagree with you or the OP, actually, and maybe we will see changes like that for V2. For V1, well, it's too late. Smile And I understand Microsoft's decision; with limited resources, you use existing tools where you can. RWW is an existing tool that allows an important (to some people, not me) scenario to work.

    However, I'll also point out that 4125 is a standard port. It's the port that RWW uses to proxy an RDP connection to an enrolled PC. Microsoft has used that port for years.
    Wednesday, July 18, 2007 4:12 PM
    Moderator
  • You're right, it is too late ..   But I still think it's a good topic to keep going and appreciate your response.

    The message I hope gets across is that RWW was written for a different purpose.  It was written for businesses to provide remote access to their business PC's.  So, if a business wants to set it up, they obviously are in full control of opening access to the outside world.  Then, the typical user is someone who uses their home PC or a PC in a hotel, etc.  In these cases, the end-user is usually in full control of his/her client-machine and internet connection.  They can likely use any port or protocol they need.

    The WHS user is similar on one side:  they can decide they want to host this type of activity and can usually ensure that the outside world has access to their port.  The place where it differs, I think, is the client-side.  The WHS end-user will want to connect to their machine from locations such as the office or on the road travelling.  This is why I brought up the internet cafe as well.

    Many offices and internet cafe's use a proxy that blocks all ports other than 80 and 443 and many also even block protocols other than HTTP and HTTPS.  The beauty of HTTPS is that you can securely wrap anything you want in it and have a decent expectation of privacy.  This would include the tight proxies like I just mentioned.  This is why I believe it would be the best solution to allow a home user to have access to his/her desktop(s) wherever they happen to be.  No worries about what type of network they are on, etc.  They shouldn't have to worry about that. 

    As it stands now, I believe WHS users will attempt to connect to their PC's and will simply assume that WHS doesn't work well.  They will always see this as a WHS problem.  In fact, it is something that WHS could resolve -- in a future release of course.

    I fully agree that this was the best way to get the bang for the buck.  The WHS team cleverly reused many components of other products and have put together a decent package that users will find compelling.

    I disagree however, that they would have to rewrite or reinvent RWW.  Instead, they could write a HTTPS tunnel that could provide access to any port they want.  There are many other programs that do this kind of thing.


    Thursday, July 19, 2007 12:43 PM
  • It may be possible to use a different port. I know that the RDP proxy port is stored in the registry for RWW. What I don't know is exactly how that information is used by the WHS Remote Access web site. If it's hard-coded inside a .Net assembly, you're out of luck. If it's in a configuration file somewhere, or pulled out of the registry, you can probably switch to a different port.

    But if you do, it won't be "supported", so you'll be on your own with any issues.
    Thursday, July 19, 2007 3:35 PM
    Moderator
  •  

    Anyone heard if there has been an update to this issue?
    Thursday, April 3, 2008 12:21 PM
  • Windows Home Server is wired down to port 4125 for the remote desktop proxy, I'm afraid.
    Thursday, April 3, 2008 2:24 PM
    Moderator

  • While you can't change the WHS listener port of 4125, one possibility is to force the WebRDPClient to use a different port and then have your Firewall/router redirect the external port the client is using back to the 4125 internally to the WHS.  See this thread here for a couple of suggestions.

    http://forums.microsoft.com/WindowsHomeServer/ShowPost.aspx?PostID=2960842&SiteID=50


    Thursday, April 3, 2008 8:28 PM