Sign in
Microsoft.com
 
Microsoft
 
 
 

locked
I was playing with a firewall on the Home server RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    I was playing with a firewall on the Home server and now i only see the it on the network map but am unable to conect to it in any way ? Any ideas?
    Tomasz
    Wednesday, December 31, 2008 7:11 AM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote
    Hi Tomasz,
    playing with the/a firewall on your home server is a bad idea, and even more bad, if this is a headless device.
    Maybe your only option is to perform a server recovery/server reinstall.
    So what kind of home server is it? A self made machine, to which you can login locally with attached monitor and keyboard (which would allow you to login to the server and unconfigure, what ever you have done) or one of the headless OEM systems?
    Which firewall did you touch? The Windows Firewall or did you install a 3rd party firewall? If the later and the system is headless, a server reinstall may be your only option, or you find a way similar to the method I describe in the following lines for the Windows Firewall. (In this case find the service for that 3rd party tool and set its start type to 4.)

    If it is the Windows Firewall you can try the following unsupported and risky method, if you know, what you do:
    You will need a Windows PC for this and have to mount the WHS system disk as secondary disk in this machine. After this has been done:
    1. Start the OS.
    2. Click Start/Run and type regedit. Click OK.
    3. Navigate to HKEY_LOCAL_MACHINE.
    4. Click File/Load Hive int he menu.
    5. Navigate the to system partition of your WHS, which should have assigned a drive letter in your current OS (and has the volume name SYS usually).
    6. Drill down in the hierarchy to folder Windows\system32\config and select the file with the name system.
    7. As name for the temporary key enter whssystem.
    8. Within this key navigate to the sub key  ControlSet001\Services\SharedAccess.
    9. In \ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile you will find the value DoNotAllowExceptions.
    10. This should be set to 0.
    11. Also change EnableFirewall to 0.
    12. Click the key whsssystem and then in the menu File/Unload Hive.
    13. End registry editor and shutdown the system.
    14. Remount the disk into WHS and power up.
    15. Login via Remote Desktop and configure the Windows Firewall as it was before the change you made.

    Good luck
    Olaf
    Wednesday, December 31, 2008 8:49 AM
    Moderator

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    Hi Tomasz,
    playing with the/a firewall on your home server is a bad idea, and even more bad, if this is a headless device.
    Maybe your only option is to perform a server recovery/server reinstall.
    So what kind of home server is it? A self made machine, to which you can login locally with attached monitor and keyboard (which would allow you to login to the server and unconfigure, what ever you have done) or one of the headless OEM systems?
    Which firewall did you touch? The Windows Firewall or did you install a 3rd party firewall? If the later and the system is headless, a server reinstall may be your only option, or you find a way similar to the method I describe in the following lines for the Windows Firewall. (In this case find the service for that 3rd party tool and set its start type to 4.)

    If it is the Windows Firewall you can try the following unsupported and risky method, if you know, what you do:
    You will need a Windows PC for this and have to mount the WHS system disk as secondary disk in this machine. After this has been done:
    1. Start the OS.
    2. Click Start/Run and type regedit. Click OK.
    3. Navigate to HKEY_LOCAL_MACHINE.
    4. Click File/Load Hive int he menu.
    5. Navigate the to system partition of your WHS, which should have assigned a drive letter in your current OS (and has the volume name SYS usually).
    6. Drill down in the hierarchy to folder Windows\system32\config and select the file with the name system.
    7. As name for the temporary key enter whssystem.
    8. Within this key navigate to the sub key  ControlSet001\Services\SharedAccess.
    9. In \ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile you will find the value DoNotAllowExceptions.
    10. This should be set to 0.
    11. Also change EnableFirewall to 0.
    12. Click the key whsssystem and then in the menu File/Unload Hive.
    13. End registry editor and shutdown the system.
    14. Remount the disk into WHS and power up.
    15. Login via Remote Desktop and configure the Windows Firewall as it was before the change you made.

    Good luck
    Olaf
    Wednesday, December 31, 2008 8:49 AM
    Moderator
  • Question
    Sign in to vote
    0
    Sign in to vote
    Olaf Engelke said:

    Hi Tomasz,
    playing with the/a firewall on your home server is a bad idea, (I now understand this) and even more bad, if this is a headless device.
    Maybe your only option is to perform a server recovery/server reinstall.
    So what kind of home server is it? (HP EX470) A self made machine, to which you can login locally with attached monitor and keyboard (which would allow you to login to the server and unconfigure, what ever you have done) or one of the headless OEM systems (Bingo)?
    Which firewall did you touch? The Windows Firewall or did you install a 3rd party firewall? (Bingo) If the later and the system is headless, a server reinstall may be your only option, (I was afraind of that) or you find a way similar to the method I describe in the following lines for the Windows Firewall. (In this case find the service for that 3rd party tool and set its start type to 4.)

    If it is the Windows Firewall you can try the following unsupported and risky method, if you know, what you do:
    You will need a Windows PC for this and have to mount the WHS system disk as secondary disk in this machine. After this has been done:

    1. Start the OS.
    2. Click Start/Run and type regedit. Click OK.
    3. Navigate to HKEY_LOCAL_MACHINE.
    4. Click File/Load Hive int he menu.
    5. Navigate the to system partition of your WHS, which should have assigned a drive letter in your current OS (and has the volume name SYS usually).
    6. Drill down in the hierarchy to folder Windows\system32\config and select the file with the name system.
    7. As name for the temporary key enter whssystem.
    8. Within this key navigate to the sub key  ControlSet001\Services\SharedAccess.
    9. In \ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile you will find the value DoNotAllowExceptions.
    10. This should be set to 0.
    11. Also change EnableFirewall to 0.
    12. Click the key whsssystem and then in the menu File/Unload Hive.
    13. End registry editor and shutdown the system.
    14. Remount the disk into WHS and power up.
    15. Login via Remote Desktop and configure the Windows Firewall as it was before the change you made.

    Good luck
    Olaf

    Thanks. 
    Tomasz
    Thursday, January 1, 2009 2:46 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Just one more question. Why do you say it is bad to play with a firewall on a home server when it is non stop connected to the internt? We should protect it ? 
    Tomasz
    Saturday, January 3, 2009 8:19 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Tomasz Bielecki said:

    Just one more question. Why do you say it is bad to play with a firewall on a home server when it is non stop connected to the internt? We should protect it ? 

    Tomasz



    Because it is already configured with the correct security settings OOTB.  If you start adding/changing/deleting ports and/or apps in it, you may very well end up weakening the security of the server or make it impossible to connect to it any more.
    Saturday, January 3, 2009 9:41 PM
    Moderator
  • Question
    Sign in to vote
    0
    Sign in to vote
    Tomasz Bielecki said:

    Just one more question. Why do you say it is bad to play with a firewall on a home server when it is non stop connected to the internt? We should protect it ? 

    Tomasz



    Also, it's not (typically) connected directly to the internet - it's also afforded the protection of being behind your router, which is a hardware firewall.
    As such, the only ports that should (on a typical, stock install) be exposed to the internet are 80 (HTTP), 443 (HTTPS), and 4125 (Remote Desktop Proxy.)
    Mine also has added to that 8080 (SharePoint), and a random high port (Remote Desktop - there for emergency purposes only.)  Hasn't been haxored yet; and, it's been running since WHS was released (fall '07.)
    [If this post helps to resolve your issue, please click the "Mark as Answer" or "Helpful" button at the top of this message. By marking a post as Answered, or Helpful you help others find the answer faster.]
    Saturday, January 3, 2009 10:05 PM