Jump to content
RESET Forums (homeservershow.com)
Sign in to follow this  
g725s

Router won't UPnP for WHS 2011 Remote Web Access

Recommended Posts

Drashna Jaelre

Yes, WPA2 Personal + AES -> that's the ticket.

 

And, yes, use https://. It's more secure. Gradually, web sites are migrating to https anyway. Http is just too vulnerable.

Depends on what it's being used for. For authentication, it's horrible. For most regular content....

 

I was told to open 4125 at the beginning of this thread.  So I can close that one too?  If not, I should close it.

Becuse some people have reported needing to do so, to get the setting to not error out.

Also, because WHSv1 used port 4125 for the "TS Web" (RDP Web proxy), but WHS2011 uses port 443 (HTTPS) for remote desktop gateway instead. 

Share this post


Link to post
Share on other sites
g725s

Depends on what it's being used for. For authentication, it's horrible. For most regular content....

 

Becuse some people have reported needing to do so, to get the setting to not error out.

Also, because WHSv1 used port 4125 for the "TS Web" (RDP Web proxy), but WHS2011 uses port 443 (HTTPS) for remote desktop gateway instead. 

 

Ok, port 4125 is closed also.  Thanks you for your experienced input.

 

For my particular router Asus RT-AC68U:

Disable UPnP, Disable AiCloud (as it also uses 443), and  manually open only port 443 and try the secure website from outside your LAN...Presto

Share this post


Link to post
Share on other sites
oj88

Also, because WHSv1 used port 4125 for the "TS Web" (RDP Web proxy), but WHS2011 uses port 443 (HTTPS) for remote desktop gateway instead. 

Becuse some people have reported needing to do so, to get the setting to not error out.

Well I'll be... Really shows what I know. I too, followed that advice so that Remote Web Access would report the service to be "Available". I thought that the port had something to do with updating the domain name since I have a dynamic IP.

 

Closed up 4125 and remote web access still works. Of course, WHS2011 didn't like it, as you said would happen, and errors out with "The router is not working".

 

This begs the question, why would WHS2011 error out if there's no essential use for port 4125? They could've easily coded it to test port 443 instead.

Share this post


Link to post
Share on other sites
g725s

Well I'll be... Really shows what I know. I too, followed that advice so that Remote Web Access would report the service to be "Available". I thought that the port had something to do with updating the domain name since I have a dynamic IP.

 

Closed up 4125 and remote web access still works. Of course, WHS2011 didn't like it, as you said would happen, and errors out with "The router is not working".

 

This begs the question, why would WHS2011 error out if there's no essential use for port 4125? They could've easily coded it to test port 443 instead.

 

So are you saying that when you close port 4125 you get error messages (not exactly sure what you mean by "error out") ?  I'm only able to try and access the secure webpage from my android phone at this point but I get the page and no error message, but then again I'm not doing it outside my LAN from a Windows client PC.

Share this post


Link to post
Share on other sites
oj88

So are you saying that when you close port 4125 you get error messages (not exactly sure what you mean by "error out") ?  I'm only able to try and access the secure webpage from my android phone at this point but I get the page and no error message, but then again I'm not doing it outside my LAN from a Windows client PC.

With trial and error and a bit of head-scratching, I take back what I said. It wasn't port 4125 that was causing the error (see below), rather, it was when I block port 80. It just so happened that I closed down 4125 and 80 at the same time, I immediately assumed that 4125 caused it.

 

Apparently, WHS2011 is using port 80 to do its checks. And as Drashna mentioned, port 4125 doesn't seem to do anything as far as WHS2011 is concerned so I apologize for the confusion.

 

TCP 80 Open

TCP80-Open_zps8787a507.png

 

TCP 80 Blocked

TCP80-Blocked_zps10684b08.png

 

In both tests, 443 is open and forwarded while 4125 is blocked. All things considered, the elders here have been correct to point out that you only need 443 to be open and forwarded on your router. If you care too much for the error above, you could also allow and forward port 80, but it'll be at your own risk.

Share this post


Link to post
Share on other sites
g725s

With trial and error and a bit of head-scratching, I take back what I said. It wasn't port 4125 that was causing the error (see below), rather, it was when I block port 80. It just so happened that I closed down 4125 and 80 at the same time, I immediately assumed that 4125 caused it.

 

Apparently, WHS2011 is using port 80 to do its checks. And as Drashna mentioned, port 4125 doesn't seem to do anything as far as WHS2011 is concerned so I apologize for the confusion.

 

TCP 80 Open

TCP80-Open_zps8787a507.png

 

TCP 80 Blocked

TCP80-Blocked_zps10684b08.png

 

In both tests, 443 is open and forwarded while 4125 is blocked. All things considered, the elders here have been correct to point out that you only need 443 to be open and forwarded on your router. If you care too much for the error above, you could also allow and forward port 80, but it'll be at your own risk.

 

For me I get the same message ("The router is not working") if 80 is open or closed.  Which others here have said to ignore.  Are you able to access the webpage from within your LAN also?

Edited by g725s

Share this post


Link to post
Share on other sites
oj88

For me I get the same message if 80 is open or closed.  Are you able to access the webpage from within your LAN also?

That's probably because your ISP is blocking port 80.

 

I am able to access my server from the internet as well as from within the LAN. I might add that when I type "http://<my_whs2011_ip>", it automatically switches over to https.

 

From the internet, I can only access via https... (since I've blocked port 80), http just results in a generic webpage not found error.

Share this post


Link to post
Share on other sites
jmwills

There should be a redirect from Port 80 to 443 so it really doesn't matter if Cox blocks Port 80 or not.

Share this post


Link to post
Share on other sites
oj88

I don't think that the automatic redirect (http->https) will work if port 80 is blocked.

 

If I'm not mistaken, you would have to hit the server on port 80 first for it to do a http redirect.

Share this post


Link to post
Share on other sites
jmwills

Mine works without forwarding Port 80.  Asus RT66NU

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  



×
×
  • Create New...