locked
WHS 2011 remote access issues. RRS feed

  • Question

  • I'm struggling to get remote access to WHS 2011 working. My networks is configured this way:  Comcast->Grandstream ATA->Netgear WNDR3700->WHS 2011.

    I use VoIPO.com as my phone service who provides the ATA.  They require that the  ATA to be connected directly to Comcast/my Motorola DOCSIC 3.0 modem via it's WAN port.  The ATA connects to the Netgear router via its LAN port.  The default settings set up the ATA as a NAT router.   The remaining network is behind the Netgear as is the WHS 2011 box with a static address.  In essence,  I have two routers in series.  

    The Netgear gets it Internet address from the DHCP server in the ATA.  In the ATA this address is placed into the DMZ to redirect all internet traffic to the router, which redirects appropriately to the network devices.  

    Port forwarding is set up on the ATA to redirect ports 80, 443 and 4125 to the Netgear Router's internet port address.   Port forwarding in the Netgear is also port forwarding these addresses to the Static IP of the WHS 2011 Server.

    I can connect to WHS behind the Netgear with http://192.168.1.2, its static  IP address.   However,  I can't connect externally via the https://xxxx.homeserver.com domain name supplied from MS Live! 

    I've setup incoming rules in the  WHS firewall and even tried turning off the WHS firewall, but neither strategy solved the remote access connection issue.

    So in summary it's set up like this:  

    Motorola Cable Modem

                 WAN Port

                        |

                       \/

             Grandstream HT502 ATA

    DMZ:  192.168.2.101

    Ports forwarded to 192.168.2.101 included 80,443,4124

              LAN Port

                  |

                 \/

    NetGear WNDR3700

    Internet address:  192.168.2.101

    Ports Forwarded to 192.168.1.2  (WHS static IP):  80, 443, 4125

                 LAN port

                     |

                    \/

    WHS 2011 (and 3-4 other computers, an iPad and iPhone)

    Tried adding incoming  rules for ports 80,443,4125

    Tried turning off WHS firewall

    Ran UPnP successfully from WHS console and created domain name from Windows Live! domain name service

    Still can't see the WHS box from the web.

    Any ideas on what I'm missing? 

    Friday, January 27, 2012 6:12 PM

All replies

  • Have you tried accessing it by both http:// and https://? It may be that Comcast is blocking Port 80 - try ShieldsUp at www.grc.com to see which Ports are actually open. You do not need 4125 for WHS2011 and Port 80 is only optional.

     


    Phil P.S. If you find my comment helpful or if it answers your question, please mark it as such.
    Friday, January 27, 2012 6:25 PM
  • You have a couple of options. The one I like is to change your network topology. Instead of your current topology:

    Internet -> cable modem -> ATA -> Netgear -> everything else

    make it:

    Internet -> cable modem -> Netgear -> everything else (including ATA)

    The reason your VOIP provider "requires" their device to be first in line is so it can control QOS and prioritize VOIP above all other uses of your internet connection. However, your Netgear router can do a fine job of this on it's own. This will require you to find out what ports need to be forwarded to the ATA device and (probably) handle that manually.

    Another option is to just get rid of the Netgear router, or configure it to act as a switch rather than a router. In that case, every device on your home network should use the NAT functionality that's (presumably) built into the ATA router. 

    Another option is to configure the ATA to act in "bridge" mode, where it passes traffic without NAT.


    I'm not on the WHS team, I just post a lot. :)
    Friday, January 27, 2012 6:36 PM
  • I just went through something similar with my Grandstream adapter. Ken's proposed solution is close to what I did. VOIPO (and other VOIP companies) like the GS adapter in front of the router so they can debug problems if needed. I didn't have a problem with that except it was the reason that my download speed was slower than what I was paying for from RoadRunner.

    Essentially, I plugged the GS adapter into the router and got the MAC Address and the IP address for the device.  Make sure you plug the cable from the router into the WAN port of the GS Adapter and I then set up a DMZ for that device inside the router. After that, I rebooted my cable modem, the router and the GS Adapter and everything now works fine. I got back the download speed I was paying for too!

     

    Phil Rack

     

    Saturday, February 4, 2012 3:58 PM