locked
Phantom Firewall Alerts RRS feed

  • Question

  • My Windows Home Server 2011 is running absolutely flawlessly. I love this product!

    But I do have one annoying and somewhat scary issue! I get constant daily alerts that the firewall is turned off! I look in the firewall settings and its not turned off.  I have Googled the issue and no one has an answer. I am very paranoid because the server has a public IP address and needless to say LOTS of sensitive data. 

    So my question is this; Are these phantom alerts? Bug in the software? Or is the server really shutting down the firewall?

    Saturday, April 7, 2012 10:07 AM

All replies

  • The best way to ensure security of your Server is to make sure that only the essential Port is open on your NAT Router. For WHS2011 you only need Port 443 (for https:// access) - you may get complaints from WHS that your router is not working (because Port 80 is closed) but you can safely ignore that. Go to www.grc.com and run ShieldsUp and ensure that all your Ports (other than 443 show as "Stealth") - you are then as safe as you can be (assuming you have all WHS updates and a long complex password).

    As for your Phantom Alerts, I have never seen that problem.


    Phil P.S. If you find my comment helpful or if it answers your question, please mark it as such.

    • Proposed as answer by khaledakermi Saturday, April 7, 2012 5:23 PM
    • Unproposed as answer by ScottiDigital Saturday, April 7, 2012 5:36 PM
    Saturday, April 7, 2012 3:39 PM
  • I agree that checking the ports is a great idea but it does not negate the issue the OS / Firewall is "possibly" having. 

    As far as you not hearing of this that is kinda strange because when I Googled the problem it brought me right to the Microsoft forums with a few other people reporting the exact same issue in the WHS2011 subforum.

    Take a look here and see more reports of this: http://social.microsoft.com/Forums/sv-SE/whs2011/thread/80f06e43-434f-474f-b998-18ece1cf15ff

    Also, out side of the Microsoft forums, I found via Google, tons of other WHS dedicated forums where people are reporting this issue.

    Next time it happens will do the port scan to see if its truly a phantom alert or if the firewall is really turning off and back on. Great suggestion. 

    If anyone can actually help solve the issue please let me know. The prior thread has no solution. I am worried this is a major security flaw or could be one. 

    Thanks,

    -Scott


    Saturday, April 7, 2012 5:34 PM
  • Shields up reports the following ports open: 80, 443, 554, 593

    I am familiar with 40 and 443 but not so much 554 and 593. They seem to deal with streaming media. Is that correct?

    Saturday, April 7, 2012 5:51 PM
  • Question: why does your server have "a public IP address"? Is it in your router's DMZ? If so, please move it inside your router's firewall and configure port forwarding. While your server does have several ports open to what it sees as it's "local" network, the only ports needed for remote access are, as Phil has already said, 80 (for convenience) and 443 (mandatory).

    I'm not on the WHS team, I just post a lot. :)

    Saturday, April 7, 2012 7:42 PM
  • Question: why does your server have "a public IP address"? Is it in your router's DMZ? If so, please move it inside your router's firewall and configure port forwarding. While your server does have several ports open to what it sees as it's "local" network, the only ports needed for remote access are, as Phil has already said, 80 (for convenience) and 443 (mandatory).

    I'm not on the WHS team, I just post a lot. :)

    Yes, that's a great suggestion also. But... It still doesn't address the core issue. Im getting alerts telling me my firewall is turned off. Review the link that I posted above. I am not unique to this quandary. Also google the phantom alert issue and you will see that many people are experiencing this. This is the solution I seek, not a reworking of my network. But once again, thanks for your input.


    Here is some of the background info you requested;

    I don't run my cable modem in NATP mode, I have publicly assigned IP's for each computer that connects to it (all servers of some sort whether it be Linux or Windows). As of current, the WHS is also hosting a couple VirtualBox machines that do routing / firewall / DHCP / DNS / squid proxy, etc for the rest of my home. I dont see why a Microsoft Server 2008 R2 based product should be behind any firewall or any other router, etc. Its a server. It should be able to face the internet on a public IP. But I digress... The configuration is not what I am seeking help on...


    I just want to know if these alerts are real and true. If so how can I stop them. Catching them while they happen would be impossible due to the randomity of the situation. If its just a glitch in the dashboard I can live with that.If its truly the firewall turning off; well thats something I will have to find a solution for.

    Thanks for the input and let me know if you ever find a solution to this bug.

    -Scott


    Sunday, April 8, 2012 12:21 AM
  • While you can do anything you like with your home network, and your server, Windows Home Server is not designed to operate in the environment you're using it in. Just because it's based on Windows Server 2008 R2 doesn't mean that it's designed to be used the way you would use that OS.

    What I can tell you is that I've been using some version of Windows Home Server 2011 for a couple of years now and I've never seen the alert you're seeing. That suggests to me that your issue is related to your network configuration, or to the additional software you've installed on your server, or a combination of the two. I don't believe it's the firewall shutting off, or at least I don't believe it's a flaw in Windows Home Server that's causing it to shut off if that is what's happening.

    One question: have you by any chance installed a security suite on your server?


    I'm not on the WHS team, I just post a lot. :)

    • Marked as answer by ScottiDigital Sunday, April 8, 2012 3:47 AM
    • Unmarked as answer by ScottiDigital Sunday, April 8, 2012 3:47 AM
    Sunday, April 8, 2012 2:58 AM
  • While you can do anything you like with your home network, and your server, Windows Home Server is not designed to operate in the environment you're using it in. Just because it's based on Windows Server 2008 R2 doesn't mean that it's designed to be used the way you would use that OS.

    What I can tell you is that I've been using some version of Windows Home Server 2011 for a couple of years now and I've never seen the alert you're seeing. That suggests to me that your issue is related to your network configuration, or to the additional software you've installed on your server, or a combination of the two. I don't believe it's the firewall shutting off, or at least I don't believe it's a flaw in Windows Home Server that's causing it to shut off if that is what's happening.

    One question: have you by any chance installed a security suite on your server?


    I'm not on the WHS team, I just post a lot. :)


    The only time I installed another security suite was when I started getting the message. There is nothing out of the ordinary in my netowork configuration that would trigger Windows to shut off the firewall. 

    As well, you may have been running the OS for 2+ years and have never seen it but once again; here is a link to the same issue: http://social.microsoft.com/Forums/sv-SE/whs2011/thread/80f06e43-434f-474f-b998-18ece1cf15ff Many other people also see this problem and were reffered back to here. If I were the only one seeing it I would say for fact its something I did or I installed. But I havent installed much more the VirtualBox, and some of the WebMatrix products like Wordpress and the specific SQL Server that goes with it, etc. I installed my SSL certificate and thats that. And this all started happening on baremetal install even before I went with some virtualization products and with a single onboard LAN. 

    At this point I plan to run a baremetal install and go step by step installing apps to see if anything triggers. Before I do that what logs could I look at to see if it is really shutting off?  Wouldnt the firewall really being turned off trigger something in a log somewhere?

    Also, you noted that WHS 2011 is not fit for the functions I am having it perform. What brings you to that conclusion? I am runnig apps that run on any Windows 7 desktop. Im not doing anything that fancy (IMHO) with it. I was doing the same thing on a Win7 machine and it performed very well. This is what convinced me to go with WHS2011 (not to mention an ultra cheap price at new egg). I really wanted the added Dashboard and Media stream functions and RDP via web interface. I find that indepsensible!

    I also have an acedemic license for Server 2008 R2 Data Center but I believe that is over kill (and somewhat intimidating). I also have SBS 2011 but it doesnt provide streaming mdeia functionality. So it seems like WHS 2011 is my only choice. Any thoughts on the three vs my usage of the box? Would be interested in hearing your thoughts. 

    Thanks,

    -Scott

    Sunday, April 8, 2012 4:14 AM
  • ... Also, you noted that WHS 2011 is not fit for the functions I am having it perform. What brings you to that conclusion? I am runnig apps that run on any Windows 7 desktop....>

    Thanks,

    -Scott

    See para 2g of below link.

    WHS 2011 EULA


    ____________

    BullDawg
    In God We Trust
    ____________


    BullDawg
    • Edited by BullDawg Sunday, April 8, 2012 6:54 AM
    Sunday, April 8, 2012 6:40 AM
  • ... Also, you noted that WHS 2011 is not fit for the functions I am having it perform. What brings you to that conclusion? I am runnig apps that run on any Windows 7 desktop....>

    Thanks,

    -Scott

    See para 2g of below link.

    WHS 2011 EULA


    ____________

    BullDawg
    In God We Trust
    ____________


    BullDawg

    Per the EULA noted:

    g. Functionality Limitations.
    ● Specific Use – You may not use the server software to run or support any line of business applications (e.g. time management software), end-user client applications (e.g. Microsoft Office), or add-ins for these types of applications. (Not doing this)
    ● Active Directory - You may not use the server software as a domain controller or otherwise make use of DCPromo.exe. You also may not join the server software to any Active Directory domain. (Not doing this either)
    ● Server Roles - You may not use server roles other than the roles that are already enabled during the server setup process. (Not doing this, only using the Microsoft WHS 2011 Roles as set up by installation)

    I cant see how I would be violating any of these rules. All of what I am doing is strictly personal use. 

    Anyways... THis still does not answer my question about the phantom firewall alerts that I and other see. 

    So I guess at this point a moderator can just close the thread. This has been derailed three times already. Just looking for an answer, not a train wreck.

    Have a nice holiday Gents!

    Sunday, April 8, 2012 8:03 AM
  • <ScottiDigital> wrote in message news:b984e64e-bc18-4da2-80a8-f2ca09df4cf5@communitybridge.codeplex.com...



    ... Also, you noted that WHS 2011 is not fit for the functions I am having it perform. What brings you to that conclusion? I am runnig apps that run on any Windows 7 desktop....>

    Thanks,

    -Scott



    See para 2g of below link.

     <http://download.microsoft.com/Documents/UseTerms/Windows Home Server_2011_English_ea53c92f-7890-4c8c-b03a-d98770f17fd1.pdf>WHS 2011 EULA <http://download.microsoft.com/Documents/UseTerms/Windows Home Server_2011_English_ea53c92f-7890-4c8c-b03a-d98770f17fd1.pdf>


    ____________

    BullDawg
    In God We Trust
    ____________


    BullDawg

    Per the EULA noted:g. Functionality Limitations.
    ? Specific Use - You may not use the server software to run or support any line of business applications (e.g. time management software), end-user client applications (e.g. Microsoft Office), or add-ins for these types of applications.*(Not doing this)*



    Have a nice holiday Gents!

    Earlier in thread, you said you were running apps on WHS 2011 that run on any Win 7 desktop.  You stated that you had installed Word Press, Virtual Box, etc.  These are considered end-user applications.  Granted, I have never heard of Microsoft coming after anyone for doing this, but since WHS 2011 was not intended for this use by the EULA, the installed applications "may" be what is causing the "Phantom" Firewall messages.  Since you are running in a manner not permitted by the EULA, the applications are "unsupported" so to speak.

    End User Definition from: http://www.webopedia.com/TERM/A/application.html

    A program or group of programs designed for end users. Application software can be divided into two general classes: systems software and applications software. Systems software consists of low-level programs that interact with the computer at a very basic level. This includes operating systems, compilers, and utilities for managing computer resources.
    In contrast, applications software (also called end-user programs) includes database programs, word processors, and spreadsheets. Figuratively speaking, applications software sits on top of systems software because it is unable to run without the operating system and system utilities.

    Bottom line:  I agree that this thread has most likely run its course, and I don't foresee a solution here.  Good luck with finding a solution to your problem.  If you do find a solution, I would be interested in knowing it.

    Good luck.


    BullDawg
    Sunday, April 8, 2012 9:38 AM
  • Bulldawg makes a valid point, though Microsoft is highly unlikely to hunt you down for violating the EULA. In most cases, those sorts of terms are there for multiple reasons, including revenue protection (if you want a datacenter OS, Microsoft will sell you one, though it's more expensive than Windows Home Server), protecting Microsoft against negative repercussions arising out of people using the OS in ways it's not designed to be used (If you do so, and lose all your precious data, Microsoft can say "Hey, what you were doing is a violation of the EULA anyway; we aren't responsible for anything once you did that"), and even protecting end users from their own lack of knowledge of what they're really doing.

    ... There is nothing out of the ordinary in my netowork configuration ...

    You appear to be running multiple servers at home, all of those servers have public (i.e. directly exposed on the Internet) IP addresses, you're running multiple virtual machines on your server including routing and network firewall software, and you say "nothing out of the ordinary". None of that is ordinary by home standards. A typical home network has a broadband modem, connected to which is a consumer grade router with NAT and firewall capacity, and then all your computers and other IP devices are connected to the router.

    ... VirtualBox, and some of the WebMatrix products like Wordpress and the specific SQL Server that goes with it, etc. ... Im not doing anything that fancy (IMHO) with it.

    Again, you're trying to use Windows Home Server like a beefy rackmount server in a datacenter. Honestly, because Microsoft has added wizards and nailed down configurations so an average consumer could (in theory, there are no OEMs supplying servers so it's a moot point) buy a server at Best Buy and set it up at home with no help, it's not fit as an OS for the purpose you're using it for.

    My thought is that you have an unrealistic picture of how robust Windows Home Server, by datacenter standards, as well as what you can use it for. And the issue you're experiencing is likely to be a result of that. I can't prove that, of course, because I can't recreate the issue you're having...


    I'm not on the WHS team, I just post a lot. :)

    Monday, April 9, 2012 12:58 AM