locked
Remote Access Setup with AT&T U-Verse ISP (Port 443 blocked) WHS 2011 RRS feed

  • Question

  • I have seen a ton of stuff on how to set up WHS v1 and I've interpolated enough to set up my new WHS2011 and router till I get to the Windows firewall. I can't figure out how I should change the HTTPS firewall rule from the standard 443 to 4433. I also understand from various reports that 80 and 443 are the only ports I have to worry about with WHS2011 not a third as is the case with WHSv1.  https://www.att.com/esupport/article.jsp?sid=KB413180  

    Background:  as of today I have verified via AT&T support web pages that AT&T U-Verse is blocking port 443 although not blocking port 80.  I see a good procedure http://forum.wegotserved.com/index.php/tutorials/article/29-set-up-alternate-ports-for-windows-home-server/ but it does not describe the firewall I am facing. 

    "Again open up the control panel but this time select Windows Firewall. Click on the Exceptions tab. Find the entries labeled HTTP, there will be two of them. Select one and click Edit. You want the one for port 80 so if you that was not your first selection try the next one. Change port 80 to what you chose for the TCP port in the previous section. Now do the same for HTTPS and change port 443 to your new SSL port number. Reboot your server for all of this to take effect."

    I don't see anything like the exceptions tab but I am able to find an "Inbound Rule" for HTTPS WWWS using port 443.  The 443 is greyed out and a note indicates this is a predefined rule so some things cannot be changed.  I tried adding a new rule using the same "Group" Secure World Wide Web Services HTTPS but it forced me to "change" the preexisting rule which apparently happened but with no option to change the port.  And now I worry that the default option I was able to change maybe should have only permitted IPs access?  I am over my head here.


    Eric Robert Lewis, Ph.D.

    Thursday, March 27, 2014 9:47 PM

Answers

  • OK, I do not know this for sure but... My router allows me to forward ports to my server and translate the ports at the same time, i.e., I can forward port 4433 from outside through the router to port 443 at the server. I wonder whether you could not suffice with setting up port forwarding (and translation/re-addressing) on the router.
    • Marked as answer by erlewis Friday, March 28, 2014 3:41 PM
    Thursday, March 27, 2014 10:55 PM
  • And access it at: https://xxx.homeserver.com:4443

    Phil P.S. If you find my comment helpful or if it answers your question, please mark it as such.

    • Marked as answer by erlewis Friday, March 28, 2014 3:41 PM
    Friday, March 28, 2014 1:15 AM
  • I *think* you are trying to forward a range of ports running from 4433 to 443 (and it may object to the order, 443 to 4433 might work).

    I think you need to put 4433 in the From field and 443 in the Map to Host Port field.


    • Marked as answer by erlewis Friday, March 28, 2014 3:42 PM
    Friday, March 28, 2014 6:28 AM
  • You are trying to set a range from a lower value of 4433 to an upper value of 443 which is clearly incorrect! 443 should be in the "Map to host port" box.

    Phil P.S. If you find my comment helpful or if it answers your question, please mark it as such.

    • Marked as answer by erlewis Friday, March 28, 2014 3:42 PM
    Friday, March 28, 2014 11:36 AM
  • OK, I know nothing of Firewalls and rules and such, on my to study list. However, WHS 2011 standard rules for 443 will certainly not be IP-limited.

    With me, I have it on Allow the connection as well and I am running default values. Maybe the one Secure is not the other Secure, one over VPN for instance? No clue but I think you're fine as it is.

    • Marked as answer by erlewis Friday, March 28, 2014 3:59 PM
    Friday, March 28, 2014 3:51 PM

All replies

  • OK, I do not know this for sure but... My router allows me to forward ports to my server and translate the ports at the same time, i.e., I can forward port 4433 from outside through the router to port 443 at the server. I wonder whether you could not suffice with setting up port forwarding (and translation/re-addressing) on the router.
    • Marked as answer by erlewis Friday, March 28, 2014 3:41 PM
    Thursday, March 27, 2014 10:55 PM
  • And access it at: https://xxx.homeserver.com:4443

    Phil P.S. If you find my comment helpful or if it answers your question, please mark it as such.

    • Marked as answer by erlewis Friday, March 28, 2014 3:41 PM
    Friday, March 28, 2014 1:15 AM
  • Good question and one I have asked myself.  All of the various forums stuff I've seen refer to changing the port all the way from the IIS through the router.  My 2Wire 3600HGV Gateway (modem/router) does have  [input port}  {output port] boxes and I just plugged the same value 4433 into both.   One thing I notice is that most of the references I find, if not all of them, refer to WHS v1 and I don't know why this is. 

    So I tried to forward port 4433 to 443 and the message I get is Errors Invalid Port or range.  It had no problem taking 4433 to 4433.  See for yourself:


    Eric Robert Lewis, Ph.D.

    Friday, March 28, 2014 1:21 AM
  • I *think* you are trying to forward a range of ports running from 4433 to 443 (and it may object to the order, 443 to 4433 might work).

    I think you need to put 4433 in the From field and 443 in the Map to Host Port field.


    • Marked as answer by erlewis Friday, March 28, 2014 3:42 PM
    Friday, March 28, 2014 6:28 AM
  • You are trying to set a range from a lower value of 4433 to an upper value of 443 which is clearly incorrect! 443 should be in the "Map to host port" box.

    Phil P.S. If you find my comment helpful or if it answers your question, please mark it as such.

    • Marked as answer by erlewis Friday, March 28, 2014 3:42 PM
    Friday, March 28, 2014 11:36 AM
  • Yes Phil and Umfriend are correct, I clearly did not examine the page carefully and when I do with your guidance the router indeed accepts the port 4433 to 443 mapping request when properly expressed.   This seems so simple I wonder why there was so much written about Remote Access with WHS v1?  Is it just that routers with the "from" "to" feature were uncommon then?

    While I have your attention, I am still troubled by the change I may or may not have made to the WHS2011 firewall rule for port 443 mentioned in the original post.

    Now I discover there are two (at least) ways to access the WHS2001 firewall and each appear on screen quite differently. I was in Windows Firewall With Advanced Security and am again now: Three Action options are given for a rule: 

    1. Allow the connection,
    2. allow the connection if is secure,
    3. and block the connection.

    The default is 1. and this is how my rule now reads as explained above (and shown below).  If the words mean what they say, then perhaps the HTTPS port should be (2)?  If "secure" refers to the "S" in "HTTPS"?  If some properties of this predefined rule cannot be changed ... then can I change the secure access to the HTTPS server to insecure?  Somehow that does not compute.

    Thanks again to Phil and Umfriend.


    Eric Robert Lewis, Ph.D.

    Friday, March 28, 2014 3:41 PM
  • OK, I know nothing of Firewalls and rules and such, on my to study list. However, WHS 2011 standard rules for 443 will certainly not be IP-limited.

    With me, I have it on Allow the connection as well and I am running default values. Maybe the one Secure is not the other Secure, one over VPN for instance? No clue but I think you're fine as it is.

    • Marked as answer by erlewis Friday, March 28, 2014 3:59 PM
    Friday, March 28, 2014 3:51 PM
  • Your candor is refreshing.  Any reader will know I too know nothing of Firewalls!  I will leave the setting as it is.

    Eric Robert Lewis, Ph.D.

    Friday, March 28, 2014 3:59 PM
  • Were you ever able to get this working? I have a similar set-up.
    Thursday, August 28, 2014 8:45 PM
  • I gave up on WHS2011 and am now running a trial version of Windows Server 2012r2 Essentials.  I could never get WHS2011 to connect to my clients (Windows XP and Windows 8.1) and no one responded to the problem records I posted about this problem.  I am not clear on whether WHS2011 now supports backup of Win8.1.  Microsoft is ambiguous, it says Windows 8 is supported but does that include the .1 version ... or not?  I interpret support of Windows 8 to include Windows 8 and all of its updated versions.  If Microsoft had said Windows 8.0 is supported ... then I would at least have a clue that perhaps 8.1 is not supported by its absence from the list but Microsoft has chosen to leave this in a state of uncertainty.  Microsoft does say that Windows 7 is supported and by this they mean ALL versions of Windows 7.  Yes, I know, consistency is the hobgoblin of small minds but in the computer field we have come to expect a certain degree of consistency of terminology because definitions and binary truth is so important in the digital world.  And if an earlier statement somewhere said it was not supported, was that later updated to support 8.1 as was the case for hard drives larger than 2 TB (by Windows Server 2008r2 that is, not WHS2011 for server backup though)?    If Microsoft does not support its newer clients with WHS then that is very bad news but I don't have a definitive answer.

    Win Server 2012r2 Essentials will cost me $399 when the trial runs out but at least I have been able to backup my Win8.1 machines.  I have not gotten to the point of fooling around with remote access yet.  I now have the newest AT&T U-verse/DSL Pace 5031NV modem and it does NOT support upnp so I still have to deal with this issue once again. 


    Eric Robert Lewis, Ph.D.

    Thursday, August 28, 2014 10:59 PM