Problems accessing WHS Web Interface. Ports 80 and 443 Blocked?
More and more Internet Service Provider’s (ISP’s) are blocking the default ports which allow access via the web interface to your Windows Home Server. With this workaround we will have you remotely connecting to your server using your favorite browser.
The two ports in question here are 80 and 443. If your ISP is only blocking port 80 you only need to forward port 443 to your WHS and then connect using https:// and NOT http://
But what if your Internet provider is blocking both ports. What can you then do to allow web access to Windows Home Server?
Well, we have a workaround for you.
First remote desktop to the WHS as the Administrator and click Start, right click My Computer and select Manage.
In the left pane expand Services and Applications, expand Internet Information Services (IIS) Manager, expand Web Sites and right click on Default Web Site (making sure that it is highlighted first) and choose Properties.
From the Web Site tab you can manually type the port number you want. In this example we use 8008 for http (TCP Port) and 600 for https (SSL Port).
You can now click OK and close the Computer Management Console.
We now need to forward these two new port numbers in the WHS firewall on the server.
Click Start, Control Panel then Windows Firewall. On the Exemptions tab we need to click Add Port. We then insert 8008 for the name and 8008 for the port and make sure that TCP has a dot in it. We then OK this and do the same again, but this time inserting 600 instead for name and port and again making sure TCP is dotted.
We can now OK out of the dialogs and Log Off the Windows Home Server.
Finally we need to forward these two ports to our WHS in the router.
If you need help with this part try this site. Select your router then go through the instructions replacing the port numbers with the ones from above, making sure that you do both ports.
You can now access your WHS via its web interface using:
http://xxx.xxx.xxx.xxx:8008/home
https://xxx.xxx.xxx.xxx:600/home
Please note that without the /home part it will not work.
If your router does Port Redirection (NOT the same as Port Forwarding) you need not do any of the above, but instead you could forward external port 8008 to 80 and forward external port 600 to 443 on your router instead.
UPDATE 19 October 2007: My article describes using port 8008 for HTTP and port 600 for SSL. Carsten Hartmann bought to my attention that port 600 is still a fairly low port number and will more than likely be blocked too since ISP’s normally block ports below 1200. In his situation he used port 8008 for HTTP and 8009 for SSL, which is simple and easy to remember. He added, remember to stop and start your IIS services after you make the changes .
You can access your server by https://Servername.homeServer.com:8009/remote
UPDATE 25 June 2007: SME has posted a valid point that if their ISP blocks the ports, they don’t want you to run servers and you agreed to follow their rules by accepting the Acceptable Use Policy (AUP). Personally my ISP has the ports blocked BUT only disallows FTP servers. So the Windows Home Server is OK. But your provider may be different, CHECK with them first as your account may be deleted by your provider!
Share this WHS Article with Others:
I always redirect mine to 563 for HTTPS as I’m already using 80 and 443 for my blog and Exchange Server.
I find that I have to do an IISRESET for the change to take effect properly but I don’t have any problem with not including the /home part.
I can connect via IP address or livenode address without an issue.
Will this effect the connectors from within the home network (i.e. this won’t cause any ‘network health’ problems or effect backups)?
Not at all. It’s purely affecting remote connection via the web.
What about adding new computers via connector install?
When I follow the directions, it tells me I cannot login to the Admin account remotely from my laptop. It gives me some instructions but that remote install doesnt give me s start menu to open control panel and IIS…
What am I missing? What is the workaround?
I am not sure about why you are getting this error. You are trying via the web interface e.g. “https://example.livenode.com” ?
A discussion has also been opened on on Microsoft WHS forums regarding this article, which may also help you.
http://forums.microsoft.com/WindowsHomeServer/ShowPost.aspx?PostID=1770542&SiteID=50
Why don’t you warn them that they can lose their accounts for evading the AUP? If their ISP blocks the posts, they don’t want you to run servers and you agreed to follow their rules. More ISPs block ports because users can’t be trusted to follow the rules that they agreed to.
Is there a way to get this to work without needing the “/home” at the end of the URL?
For example, to be able to use “http://xxx.xxx.xxx.xxx:8008/”
Instead of “http://xxx.xxx.xxx.xxx:8008/home”
Colin Walker has stated over on his blog http://randomelements.me.uk/Lists/Posts/Post.aspx?ID=366 that he has not needed to add “/home” to the end of the URL in order for the site to work. And his works fine via IP, livenode.com address or normal domain address.
Although he does find that he needs to run IISRESET after changing the port. (More information on the IISRESET command is available in the Microsoft Knowledge Base http://support.microsoft.com/kb/202013/en-us)
Why I have had to add /home to the end of the URL for mine to work I have no idea. Anyone?
SME – that’s actually a very good point. I’ve always been lucky that my ISP doesn’t block anything. I know that a number of them block port 25 to prevent you having your own mail server but I’ve not come across many that do block 80 and 443.
Definitely best to check though. While they may not allow a normal web server they may take a different approach to a home server but best not to take the risk without asking them.
On the AUP issue, I agree you should check with your ISP. I use Earthlink Broadband and they didn’t have me blocked from port 80 or 442. I checked with them any way and was told WHS doesn’t violate my AUP.
OOPs, of course I ment 443 not 442. Im on RC1 and I tryed this even though I didn’t need to and found unlike others above it worked untill I did an IISReset which set the ports back to 80 and 443. Did I miss something?
I had a issue where I was unable to get the Windows Home Server to work correctly from the internet, I was either getting a error 404 from the http://hostname.livenode.com from any internet connected PC and a logon prompt which was my routers home page, after troubleshooting the issue for 1-2 nights, I found out that the broadband router that I have was using ports 80 and 443 for remote management of the router, which was a factory default setting.
I have found out that using a Macintosh OS 9 you cannot get to the web page at all.
Thanks for the info Keith Thomas, luckerly most routers remote management ports can be changed within the routers web interface.
“Using a Macintosh OS 9 you cannot get to the web page at all.” – Any Mac users?
Hi,
just a question, how do you change the remote desktop port (TCP 4125) ?
At work 80 and 443 are open, but 4125 is blocked i can’t find any solution about that issue
Hi EmRoD,
In RC1 of WHS port 4125 was hard coded and could not be changed. For the RTM version things might have changed. Check the following two Microsoft KB Articles that may help you.
KB886209 and KB306759.
My computer management doesn’t have an IIS section any ideas as to how i can get to the default web site properties another way…head’s wrecked with this blocked port business!
Hi Clodagh,
You need to do this on the server itself. If you have WHS installed then there will be a IIS section within the windows that opens.
ISP only concern themselves over profits. That’s why they want to limit WHS, because of bandwidth/throughput. Funny how ISP customers sign up for unlimited use, and then get slapped in the face by limits of use.
Blocking ports, filtering, monitoring and censoring by your ISP’s and governments will grow. Think of Iran, North Korea and China where active measures are taken to limit the flow of information.
WHS doesn’t sell you any rights, it only grants you rights to have in possession a license of use from Microsoft under the EULA terms.
You still need to connect to the Internet, via your ISP, which has and enforces it’s own set of policies. Already Peer 2 Peer is filtered, blocked and regulated. That’s in addition to Media Sentry, MPAA, RIAA, SafeNet, actively spying and snooping on Internet traffic, just as the NSA, FBI, CIA, government agencies and others (corporations) are doing. That’s in addition to ISP’s shaping Internet traffic.
Why isn’t there the ability in WHS to host it’s own SSL encrypted website by end users in a simple method over the Internet? Why no SFTP? No TLS Email Server? Why NO AES 256 bit, or a method to allow communication like Mesh Networking?
Reason One: subscription service insures dependency upon the provider for online services (IP domains) and software applications (online only)!
Reason Two: Provider controls distribution of content.
Reason Three: Insuring the above keeps you a monopoly!
Conclusion: $M wants to become a content distribution channel, just like an ISP for the Internet. When this happens we all suffer, with more DRM technologies, removing our fair use rights, in exchange for limited innovation to insure Microsoft remains a monopoly.
If you really want to open port 443 and port 80, change the rule of laws that grant you these rights so corporations like SBC, Comcast, Earthlink, AT&T cannot take them away from you.
If you don’t care those controlling your access will charge more ahead to allow the use of a WHS later, and still monitor and filter and censor what you transmit for their benefit (gov regulated) for ever more profits to be made at your development.
Support open source code, for public review and most of all to allow the benefit to all in society rather than a few only.
Hi Matt TLC,
Thanks for your comment. It certainly is a sad state of affairs. We should demand that unlimited means unlimited!
Hello,
First, thanks for the great resource! Second, I am using an HP Media Server with WHS installed and do not know how to get to IIS. I can do this on my other regular Vista and XP clients using Remote Desktop but not the WHS control panel. Thanks for the help!
Hi Michael,
To remote decktop into the server:
1.Click on Start
2. Click on Run
3. Type mstsc and then press enter
4. Type the name of your server and then press enter
5. FOR VISTA ONLY: A dialog asking for credentials will appear, you need to type this exactly as shown (w/o quotes) “yourservername\Administrator” and type the password that you use when you login to the WHS console.
6. FOR XP: you will see the Windows Home Server Logon Screen, type Administrator for the username and then the password you use with the WHS console
7. Press enter and then you are logged in to your WHS admin desktop
The WHS console is NOT used in this operation.
Another way around this without having to change the settings on your server is if your router/firewall allows you to set public and private ports when making rules. When I forward the traffic to my server the public port is 8009, but that is mapped to the private (internal) port of 443. Hope that made sense.
Thanks Jason Brunner.
Here’s an odd one that hopefully might help some people who are still stuck trying to resolve this port issue (from a ‘non-techie’):
– my DSL ISP uses a Netopia modem that blocked me from opening up any ports on my LAN
– I had to get the admin username and password to log into the DSL modem itself and enable ‘bridging connections’ to allow my D-Link DIR-655 router to be configured properly for port forwarding
Once I enabled briding connections, all was good… extreamely painful to find this out by trial and error and calling back the DSL company after trying everything everywhere and not being successful, but now all is good.
Thanks for the tip Andrew.
For those of you that are changing ports and have a mediasmart server from HP, check out the tutorial over at http://myhomeserver.com on changing ports. There is a default.htm file you need to add or the main page will
“break” unless you specify /home or /remote.
Hey,
By doing this I cannot log in to the windows home server console from other computers on the network. Is there a way to fix this or did I do something wrong?
I’ve successfully installed SharePoint Services 3.0 on my WHS. I can access my SharePoint site from within my home network using http://myservername:PortNum but I cannot access it from that same address via internet.
More importantly, I own a domain name which I want to be my homepage address for the SharePoint site I am building. However, my domainname takes me to the canned HP Mediasmart Home Server landing page.
How can I fix this? I suspect it has something to do with IIS settings, but am ignorant of these.
Regards, NickM
I’ve been able to successfully set up the https port to 8009, however for the http port, i’ve tried multiple different ports (8008, 8010, and even 2301 – i have 2300 set up for a camera and that works). However for Home Server HTTP I get the initial login screen for Home Server, but when I click on the login button, I get IE cannot display webpage (running IE7). Any ideas why?
Verizon FIOS service seems to have a new router replacing the ActionTec they’d been using – a Westell 9100em. Although I’m no networking expert, I usually get by but finally could not get manual port forwarding to work. Neither could my colleague, who is quite adept at networking. Finally we stumbled on a solution – the router has some canned forwarding selections for gaming. Alien vs Predator contained what I needed to get out on port 8000. That’s right – manually configuring so wouldn’t work but doing so via the canned rule would.
My problem is :
I have a external equipement connected to my network and it have the 443 port used to connect with HTTPS.
What i need to do on WHS to change the port to access with https ?
my problem is :
i have change my port but now he say this
x verifying that your remote website is available locally
I’ve got a D-Link DIR-655 router, and my ISP blocks incoming 80, 443, 25, etc.
In my router: I go to Advanced > Virtutal server and create (or edit) the HTTP rule, where Public = 8008, and private=80. Also, make a new rule, RWW, Public=600 and Private = 443.
Now you don’t have to change the ports or anything in WHS, because the router will forward external port 8008 to internal 80 and 600 to internal 443.
You must type:
http://name.homeserver.com:8008 or https://name.homeserver.com:600
and you will be directed to the WHS page.
I’m sure this will apply to other routers that have a Public and Private port setting on the router.
Now, you don’t need an expensive Static IP line.
Also, use http://www.canyouseeme.org/ to check if the port fowarding is successful or not.
Just a tip, (It took me a while to find this) In you windows firewall settings, under remote desktop, there is an advanced button, click it and in there you will see a check box (unchecked) for remote desktop. THis fixed my issue.
I have used the option to REDIRECT ports, instead of the service settings.
@ SammyM – I have exactly the same router as you, the D-LINK DIR-655 – I used the VIRTUAL SERVER to redirect public and private ports as follows:
HTTP – public 8008, private 80, TCP to server static IP address
HTTPS – public 8009, private 443, TCP to server static IP address
The thing is that I’m behind a quite heavy corporate network with proxies and security.
I can logon to the web access via the Live Domain, can access all shared folders, etc, but when connecting for Remote Access I get “THE REMOTE CONNECTION TO THE COMPUTER TIMED OUT”…
Any ideas, or shall I just give up?