Jump to content
Pepi1677

2 Remote access Severs?

Recommended Posts

ikon    420
ikon

I think this is getting over-thought.

 

Try this as an example: server 1 has IP 192.168.1.10; server 2 has IP 192.168.1 20. You would put the following forwards in the router.

  1. port 8080 to port 80 at address 192.168.1.10
  2. port 4443 to port 443 at address 192.168.1.10
  3. port 44125 to port 4125 at address 192.168.1.10
  4. port 8180 to port 80 at address 192.168.1.20
  5. port 5443 to port 443 at address 192.168.1.20
  6. port 54125 to port 4125 at address 192.168.1.20

Now, to connect to the Remote Web Access page on server 1, from the Internet you would browse to http://<yourdomain>.homeserver.com:8080 or to https://<yourdomain>.homeserver.com:4443.

 

To connect to server 2's RWA page, simply replace the port numbers: http://<yourdomain>.homeserver.com:8180 or to https://<yourdomain>.homeserver.com:5443.

 

That should be all you need. I do this all the time and it works great for me.

Share this post


Link to post
Share on other sites
TomatoBoy    1
TomatoBoy

Perfect, than you so much Ikon. That is really well laid out and clear.

 

Do we need to bind separate homeserver/other domains to each server or will one shared domain suffice, i.e. can they both share our current yourdomain.homeserver.com or should the second server utilise yourdomain2.homeserver.com?

 

I read somewhere that port 4125 also needs to be changed in the IIS of one server in order for both to be able to utilise remote access of other computers on the network via the portal? Any experience of that please?

 

One thing we are still unclear about is when to choose the https and when to choose the http addresses to connect? It is not obvious which method the current solitary WHS uses by default when we browse to yourdomain.homeserver.com.

Edited by TomatoBoy

Share this post


Link to post
Share on other sites
jmwills    283
jmwills

I would leave 4125, 80 and 443 in their natural state for server 1.  One less URL to manipulate.

Share this post


Link to post
Share on other sites
ikon    420
ikon

Perfect, than you so much Ikon. That is really well laid out and clear.

 

Do we need to bind separate homeserver/other domains to each server or will one shared domain suffice, i.e. can they both share our current yourdomain.homeserver.com or should the second server utilise yourdomain2.homeserver.com?

 

I read somewhere that port 4125 also needs to be changed in the IIS of one server in order for both to be able to utilise remote access of other computers on the network via the portal? Any experience of that please?

 

One thing we are still unclear about is when to choose the https and when to choose the http addresses to connect? It is not obvious which method the current solitary WHS uses by default when we browse to yourdomain.homeserver.com.

 

If you re-read my previous post, you will see that I'm using the same homeserver.com URL. As I said, all I do is change the port number -- that is enough for the router to know which server to send the packets to. IOW, no, you do not need to bind separate homeserver.com domains.

 

Using the technique I outlined, you do not need to change anything on the servers. That's one of the main reasons I like it. Now, I have never had 2 WHS servers on the same LAN, so I haven't tried the port 4125 thing. However, I doubt that it would matter. Once you're connected to a server, it should be able to let you remote to any of the computers it knows about.

    Here's where there may be a wrinkle. You may only be able to remote into other computers that are actually clients to the server you're RWA'd into. IOW, if you RWA into server 1, you might only be able to RWA further into computers that have been linked to server 1 using the Connector.

 

As far as HTTP vs HTTPS goes, I would always use HTTPS wherever possible. It's just more secure.

 

I would leave 4125, 80 and 443 in their natural state for server 1.  One less URL to manipulate.

 

I can understand the sentiment, and I originally thought the same, but I haven't found it a problem at all to just tack on the appropriate port number when doing remote access. I find them easy to remember. It's also slightly more secure since I'm not using default ports at all.

Share this post


Link to post
Share on other sites
TomatoBoy    1
TomatoBoy

Thank you both so much.

 

Ikon, that makes absolute sense and is really clear, thank you. Good point about the client thing on 4125, I hadn't thought about that. Changing the 4125 port confused me and I couldn't work out why. There are a couple of links stating it us necessary but not giving a reason. It probably is not as you suggested. The only thing I could think of was it may be related to listening for its clients on a network with other server clients present, but I have nothing to support it. I'll look for one of the links and post it just for interest.

Share this post


Link to post
Share on other sites
TomatoBoy    1
TomatoBoy

If you re-read my previous post, you will see that I'm using the same homeserver.com URL. As I said, all I do is change the port number -- that is enough for the router to know which server to send the packets to. IOW, no, you do not need to bind separate homeserver.com domains.

 

Using the technique I outlined, you do not need to change anything on the servers. That's one of the main reasons I like it. Now, I have never had 2 WHS servers on the same LAN, so I haven't tried the port 4125 thing. However, I doubt that it would matter. Once you're connected to a server, it should be able to let you remote to any of the computers it knows about.

    Here's where there may be a wrinkle. You may only be able to remote into other computers that are actually clients to the server you're RWA'd into. IOW, if you RWA into server 1, you might only be able to RWA further into computers that have been linked to server 1 using the Connector.

 

As far as HTTP vs HTTPS goes, I would always use HTTPS wherever possible. It's just more secure.

 

 

I can understand the sentiment, and I originally thought the same, but I haven't found it a problem at all to just tack on the appropriate port number when doing remote access. I find them easy to remember. It's also slightly more secure since I'm not using default ports at all.

Okay, all done, however, something strange is happening. Remote access to port 4433 is terminating at the first server! Will try tinkering but any thoughts would be most welcome.

 

Only thought is because we left the WHS on the default ports that the MS remote connection software is causing this? Especially as we ran the Anywhere Remote wizard on the WSE 2012 box. Will try changing all ports to non-standard.

 

Config (think this is correct):

WHS 2011  ext 80 > 80 on 192.168.x.x

WHS 2011  ext 443 > 443 on 192.168.x.x

WHS 2011  ext 4125 > 4125 on 192.168.x.x

WSE 2012  ext 8080 > 80 on 192.168.x.y

WSE 2012  ext 4443 > 443 on 192.168.x.y

WSE 2012  ext 44125 > 4125 on 192.168.x.y

 

https://mydomain.homeserver.com:443 reaches WHS

https://mydomain.homeserver.com.4443 also reaches WHS

 

 

Update:

changed the three WHS ports over to 8180, 5443 and 54125 respectively to test. Can reach the unsecure certificate warning on the WHS from 5443, and add an exception but it then fails to complete connection. The WSE doesn't get as far as the security certificate. Could this e related to having run the Anywhere Connection wizard on the WSE perhaps?

 

Or could it be related to both listening out on the same external port for an Anytime Connection signal?

 

This is one of the links that I mentioned this morning:

http://social.microsoft.com/Forums/en-US/5b767a1f-aaee-43f3-b36a-a0d12ce27a93/any-workaround-to-get-remote-access-web-working-on-two-whs-machines-on-same-home-network?forum=whssoftware

 

Ikon, have you got port 4125 forwarded on both of your servers?

Edited by TomatoBoy

Share this post


Link to post
Share on other sites
TomatoBoy    1
TomatoBoy

Just read the link again. It appears 4125 is just for remote RDP access, so unless that is not quite correct, I am somewhat stumped.

 

Now getting as far as the security certificate on the WSE box but that too then fails to connect.

 

Further update:

 

Have tried changing the WSE box to 80, 443 and 4125 whilst leaving WHS as 8180, 5443 and 54125. Entering mydomain.homeserver.com does not as expected connect to the WSE 2012 splashscreen, however, once logged in I reappear in the WHS 2011 main screen looking at a list of computers containing on the WHS box (the WSE box has no clients)! Could this be a feature of the port 4125 issue and having run Anywhere Connection wizard on box boxes or is it that this laptop is a client of the WHS box, or something else? Will try changing the 4125 port on the WSE box IIS shortly and report back

Edited by TomatoBoy

Share this post


Link to post
Share on other sites
jmwills    283
jmwills

I'll bet the site for the WSE server loads slower than the WHS site.

 

Have you rebooted the servers yet?

Share this post


Link to post
Share on other sites
TomatoBoy    1
TomatoBoy

Much the same jm.

 

A quick note, we had already configured the servers as mydomain.homeserver.com (WHS) and mydomain.remotewebaccess.com (WSE). The WHS is on ports 8180, 5433 and 54125, whilst the WSE is on the default 80, 433 and 4125 during this test.

 

Okay, not changed the port 4125 IIS on the WSE yet but this is what is happening currently.

 

The hybrid login page mentioned below has 'Windows Home Server 2011' and its logo to the left centre of the page with to its right the usual login, however this describes itself as 'Windows Server Essentials 2012 Remote Web Access'!

 

mydomain.homeserver.com yields the hybrid login page and logs into WSE

mydomain.remotewebaccess.com yields the hybrid login page and logs into WSE

Our external IP xxx.xxx.xx.xx yields the hybrid login page but logs into WHS!

https://mydomain.homeserver.com:5433 yields the hybrid login and connects to WSE when it should reach WHS

https://mydomain.remoteinternetaccess.com:5443 fails to connect, as expected as it is the domain bound to the WSE box

Our external IP xxx.xxx.xx.xx:5443 yields the hybrid login page but logs into WHS

Our external IP xxx.xxx.xx.xx:443 yields the hybrid login page but logs into WHS

 

This seems to suggest something related to the Anywhere Connection wizard/MS software re-routing internally does it not?

Share this post


Link to post
Share on other sites
jmwills    283
jmwills

Why would you bind 4125 to IIS?    In your example 5443 would be bound to the site on WHS and 443 to WSE.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now




×