Jump to content
RESET Forums (homeservershow.com)

Router won't UPnP for WHS 2011 Remote Web Access


Recommended Posts

Drashna Jaelre

Yes, WPA2 Personal + AES -> that's the ticket.

 

And, yes, use https://. It's more secure. Gradually, web sites are migrating to https anyway. Http is just too vulnerable.

Depends on what it's being used for. For authentication, it's horrible. For most regular content....

 

I was told to open 4125 at the beginning of this thread.  So I can close that one too?  If not, I should close it.

Becuse some people have reported needing to do so, to get the setting to not error out.

Also, because WHSv1 used port 4125 for the "TS Web" (RDP Web proxy), but WHS2011 uses port 443 (HTTPS) for remote desktop gateway instead. 

Link to post
Share on other sites
  • Replies 143
  • Created
  • Last Reply

Top Posters In This Topic

  • g725s

    46

  • ikon

    45

  • jmwills

    28

  • oj88

    13

Top Posters In This Topic

Popular Posts

4125 isn't needed .... despite what people may say.   As for port 80, I have Cox as well. They DEFINITELY block port 80 by default. You can get around this by buying the business package...... And

Yes, WPA2 Personal + AES -> that's the ticket.   And, yes, use https://. It's more secure. Gradually, web sites are migrating to https anyway. Http is just too vulnerable.

My feeling is that, today, everyone should use https everywhere they can.

Depends on what it's being used for. For authentication, it's horrible. For most regular content....

 

Becuse some people have reported needing to do so, to get the setting to not error out.

Also, because WHSv1 used port 4125 for the "TS Web" (RDP Web proxy), but WHS2011 uses port 443 (HTTPS) for remote desktop gateway instead. 

 

Ok, port 4125 is closed also.  Thanks you for your experienced input.

 

For my particular router Asus RT-AC68U:

Disable UPnP, Disable AiCloud (as it also uses 443), and  manually open only port 443 and try the secure website from outside your LAN...Presto

Link to post
Share on other sites

Also, because WHSv1 used port 4125 for the "TS Web" (RDP Web proxy), but WHS2011 uses port 443 (HTTPS) for remote desktop gateway instead. 

Becuse some people have reported needing to do so, to get the setting to not error out.

Well I'll be... Really shows what I know. I too, followed that advice so that Remote Web Access would report the service to be "Available". I thought that the port had something to do with updating the domain name since I have a dynamic IP.

 

Closed up 4125 and remote web access still works. Of course, WHS2011 didn't like it, as you said would happen, and errors out with "The router is not working".

 

This begs the question, why would WHS2011 error out if there's no essential use for port 4125? They could've easily coded it to test port 443 instead.

Link to post
Share on other sites

Well I'll be... Really shows what I know. I too, followed that advice so that Remote Web Access would report the service to be "Available". I thought that the port had something to do with updating the domain name since I have a dynamic IP.

 

Closed up 4125 and remote web access still works. Of course, WHS2011 didn't like it, as you said would happen, and errors out with "The router is not working".

 

This begs the question, why would WHS2011 error out if there's no essential use for port 4125? They could've easily coded it to test port 443 instead.

 

So are you saying that when you close port 4125 you get error messages (not exactly sure what you mean by "error out") ?  I'm only able to try and access the secure webpage from my android phone at this point but I get the page and no error message, but then again I'm not doing it outside my LAN from a Windows client PC.

Link to post
Share on other sites

So are you saying that when you close port 4125 you get error messages (not exactly sure what you mean by "error out") ?  I'm only able to try and access the secure webpage from my android phone at this point but I get the page and no error message, but then again I'm not doing it outside my LAN from a Windows client PC.

With trial and error and a bit of head-scratching, I take back what I said. It wasn't port 4125 that was causing the error (see below), rather, it was when I block port 80. It just so happened that I closed down 4125 and 80 at the same time, I immediately assumed that 4125 caused it.

 

Apparently, WHS2011 is using port 80 to do its checks. And as Drashna mentioned, port 4125 doesn't seem to do anything as far as WHS2011 is concerned so I apologize for the confusion.

 

TCP 80 Open

TCP80-Open_zps8787a507.png

 

TCP 80 Blocked

TCP80-Blocked_zps10684b08.png

 

In both tests, 443 is open and forwarded while 4125 is blocked. All things considered, the elders here have been correct to point out that you only need 443 to be open and forwarded on your router. If you care too much for the error above, you could also allow and forward port 80, but it'll be at your own risk.

Link to post
Share on other sites

With trial and error and a bit of head-scratching, I take back what I said. It wasn't port 4125 that was causing the error (see below), rather, it was when I block port 80. It just so happened that I closed down 4125 and 80 at the same time, I immediately assumed that 4125 caused it.

 

Apparently, WHS2011 is using port 80 to do its checks. And as Drashna mentioned, port 4125 doesn't seem to do anything as far as WHS2011 is concerned so I apologize for the confusion.

 

TCP 80 Open

TCP80-Open_zps8787a507.png

 

TCP 80 Blocked

TCP80-Blocked_zps10684b08.png

 

In both tests, 443 is open and forwarded while 4125 is blocked. All things considered, the elders here have been correct to point out that you only need 443 to be open and forwarded on your router. If you care too much for the error above, you could also allow and forward port 80, but it'll be at your own risk.

 

For me I get the same message ("The router is not working") if 80 is open or closed.  Which others here have said to ignore.  Are you able to access the webpage from within your LAN also?

Edited by g725s
Link to post
Share on other sites

For me I get the same message if 80 is open or closed.  Are you able to access the webpage from within your LAN also?

That's probably because your ISP is blocking port 80.

 

I am able to access my server from the internet as well as from within the LAN. I might add that when I type "http://<my_whs2011_ip>", it automatically switches over to https.

 

From the internet, I can only access via https... (since I've blocked port 80), http just results in a generic webpage not found error.

Link to post
Share on other sites

There should be a redirect from Port 80 to 443 so it really doesn't matter if Cox blocks Port 80 or not.

Link to post
Share on other sites

I don't think that the automatic redirect (http->https) will work if port 80 is blocked.

 

If I'm not mistaken, you would have to hit the server on port 80 first for it to do a http redirect.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...