Reply
Posted Nov 26, 2012
8:03:04 PM
Forwarding port 443 for WHS - conflict with connectToCiscoAP

I previously had my WHS set up and working fine for remote web acces for use with my AT&T Uverse internet. However, I think the RG has recently had a software update or something, as it has lost all my settings. Now, when I try and set it up to open ports 433, 4125 and 80 for WHS, it comes up with the following error:

 

WHS Ports conflicts with connectToCiscoAP which is currently in use on Cisco_AP_ATT.

WHS Ports and connectToCiscoAP use the same resources and cannot both be hosted at the same time. To use WHS Ports, you must first remove connectToCiscoAP from the application list of Cisco_AP_ATT. Alternatively, you can install the applications on one computer and add both application profiles to the application list for that computer.

 

Any idea whether its safe to remove the "connectToCiscoAP" rule and allow my rule so that I can connet to my WHS from the web? Will it mess up my TV or wireless TV receiver or something? I don't recall having this issue last time I set it up, but may have forgotten!! Many thanks.

0
(0)
  • Rate this reply
Solved
Dec 2, 2012 5:47:36 PM
0
(0)
Expert
No, the switch should not interfere with anything. The switch doesn't know about IP addresses or ports, it operates at a lower layer.

If on the LAN, port 4433 didn't work, then the WHS wasn't configured correctly to switch the connection from 443 to 4433.

Now you say you've switch the WHS port to 433. (You typed 433, when the original port was 443. I don't know if you made a typo, or if you actually changed it to 433 instead of 443). Please verify what port you switched the WHS to.

OK, now remember that all of these ports are used for different things. I was looking up some WHS tech documents, and I can only find that WHS needs 3 ports open for remote access. 80, 443, and 4125.

80 is used for the main web page interface to the server.
443 is used for the secure version of that main web page interface to the server.
4125 is used for RDP (Remote Desktop Protocol).

So here's what I recommend:

1. Using the web link I posted previously:

http://forum.wegotserved.com/index.php/tutorials/article/29-set-up-alternate-ports-for-windows-home-server/

Follow their steps to make sure that your WHS ports are set to 80, 4433, and 4125 for those 3 functions.

2. Verify that they all work from another computer on your LAN:

http://<LAN IP Address of WHS>
https://<LAN IP Address of WHS>:4433
RDP to <LAN IP Address of WHS>:4125

3. Configure the 2Wire gateway like we discussed earlier (remove all your previous entries first). Open only ports 80, 4433, and 4125.

4. Find out your outside IP address by looking at the 2Wire page:

http://192.168.161.254/xslt?PAGE=C_1_0

It will have your external IP address listed under "IP Address".

5. From some other computer on the Internet (friend's house, work computer, etc.) try to access your WHS:

http://<External IP Address>
https://<External IP Address>:4433
RDP to <External IP Address>:4125


There is another article that may be of interest. I found this on Microsoft Technet. This has step-by-step instructions for configuring routers to support external access to WHS. (Although the 2Wire is not listed). Also, this is for an older version of WHS that used port 3389 for RDP vice 4125. However, the article has a lot of information that can be used to verify your setup:

https://social.technet.microsoft.com/wiki/contents/articles/922.windows-home-server-router-setup.aspx

6,372 views
36 replies
(0) Me too
(0) Me too
Post reply
Replies
(36)
0
(0)
  • Rate this reply
Dec 6, 2012 7:36:26 AM
0
(0)
ACE - Master

Computer-Joe wrote:

... If you get a router that has port translation, pretty much any brandname router, you can have your requests from the internet come in on the alternate port (4433) and the router will "translate" that external port request to the proper port (443) before forwarding the request to the WHS. This should be much simpler than mucking about with what is probably hard coded in the server kernal.

 

 


Won't the 2WIRE do port translation in the Port Forwarding rules?

 

 

*The views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.

Re: Forwarding port 443 for WHS - conflict with connectToCiscoAP

31 of 37 (666 Views)
0
(0)
  • Rate this reply
Dec 6, 2012 4:39:05 PM
0
(0)
ACE - Master

JefferMC wrote:

 

Won't the 2WIRE do port translation in the Port Forwarding rules?

 

 


 

 

 

They didn't have port triggering or port forwarding back when I had one, but that was 4 years ago. It would be easy enough to find out if they've added it since then. Just go to the port forwarding page and see if they have an entry for both external and internal port numbers.

 

Somejoe would have the definative answer I bet.

 

 

 




__________________________________________________________
How can you be in two places at once, when your not anywhere at all?
------------------------------------------------------------------------------------------------------
I really want to become a procrastinator, but I keep putting it off.
------------------------------------------------------------------------------------------------------
There are three kinds of people, those that can count, and those that can't.
------------------------------------------------------------------------------------
“Our great democracies still tend to think that a stupid man is more likely to be honest than a clever man, and our politicians take advantage of this prejudice by pretending to be even more stupid than nature has made them." :Bertrand Russell

                               neon_sign.jpg

*The views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.

Re: Forwarding port 443 for WHS - conflict with connectToCiscoAP

32 of 37 (655 Views)
0
(0)
  • Rate this reply
Dec 6, 2012 7:12:16 PM
0
(0)
Teacher
Thanks for the info computer-Joe, I'll take a look into that. I do have a spare cable router lying around that might work, but is only 100MBPs, rather than Gbit, so not ideal.

I haven't been able to do much digging on the WHS 2011 changing the ports, but I'll take a look over the weekend. Thanks again.

Re: Forwarding port 443 for WHS - conflict with connectToCiscoAP

33 of 37 (646 Views)
0
(0)
  • Rate this reply
Dec 6, 2012 9:34:12 PM
0
(0)
Expert
Yes, the 2Wire can do port translation, but I didn't suggest that as a solution because in this case, the WHS has links and functionality on the non-encrypted HTTP site (port 80) that refer to the secure site without specifying a port. This means that clicking on those links will fail, since the external web client will be trying to go to port 443, when it should go to 4433.

Only if the WHS is aware that the secure site is supposed to be running on 4433 (or another alternate port) will the links work correctly.

Furthermore, if you use port translation like this (not just for WHS, but for any service) then that means that the URL to get to the service is different depending on whether you're inside the network or outside the network. This screws up things like bookmarks, because they'll only work from the side of the network they were created from.

Re: Forwarding port 443 for WHS - conflict with connectToCiscoAP

34 of 37 (640 Views)
0
(0)
  • Rate this reply
Dec 7, 2012 5:01:16 AM
0
(0)
ACE - Master

SomeJoe7777 wrote:
Yes, the 2Wire can do port translation, but I didn't suggest that as a solution because in this case, the WHS has links and functionality on the non-encrypted HTTP site (port 80) that refer to the secure site without specifying a port. This means that clicking on those links will fail, since the external web client will be trying to go to port 443, when it should go to 4433.

Only if the WHS is aware that the secure site is supposed to be running on 4433 (or another alternate port) will the links work correctly.

Furthermore, if you use port translation like this (not just for WHS, but for any service) then that means that the URL to get to the service is different depending on whether you're inside the network or outside the network. This screws up things like bookmarks, because they'll only work from the side of the network they were created from.



So, if the OP is just looking for personal remote access to their server/shares (as opposed to putting up a public server/site) they can create an external book mark that points directly to the the secure port and just bypass the unsecure port? Besides, one extra bookmark (one for internal access and one for external access) aint gonna break the bank.

 

If there's no public website, the most you should get by going to the unsecure port should be a link to the secure login page, and maybe not even that if the OP has the certificates set up to deny any other external access other than the OP's computer(s).

 

 

 




__________________________________________________________
How can you be in two places at once, when your not anywhere at all?
------------------------------------------------------------------------------------------------------
I really want to become a procrastinator, but I keep putting it off.
------------------------------------------------------------------------------------------------------
There are three kinds of people, those that can count, and those that can't.
------------------------------------------------------------------------------------
“Our great democracies still tend to think that a stupid man is more likely to be honest than a clever man, and our politicians take advantage of this prejudice by pretending to be even more stupid than nature has made them." :Bertrand Russell

                               neon_sign.jpg

*The views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.

Re: Forwarding port 443 for WHS - conflict with connectToCiscoAP

35 of 37 (629 Views)
0
(0)
  • Rate this reply
Dec 7, 2012 5:06:30 AM
0
(0)
ACE - Master
Edited by Computer-Joe on Dec 7, 2012 at 5:15:24 AM

cocksy wrote:
Thanks for the info computer-Joe, I'll take a look into that. I do have a spare cable router lying around that might work, but is only 100MBPs, rather than Gbit, so not ideal.

I haven't been able to do much digging on the WHS 2011 changing the ports, but I'll take a look over the weekend. Thanks again.

 

 

The 2WIRE is only 100Mbps as well. If you're already using a Gigabit switch downstream from the 2WIRE just move it so it's downstream from your own router instead.

 

Although I've given you some alternative solutions (not necessarily perfect solutions), my opinion is that the cheapest and cleanest solution is to go buy some CAT5/6 and hard wire your wireless STB and ditch the WAP, or a little more expensive, go with power-line ethernet adapters if you absolutely can not run CAT5/6 to the wireless STB.

 

 


__________________________________________________________
How can you be in two places at once, when your not anywhere at all?
------------------------------------------------------------------------------------------------------
I really want to become a procrastinator, but I keep putting it off.
------------------------------------------------------------------------------------------------------
There are three kinds of people, those that can count, and those that can't.
------------------------------------------------------------------------------------
“Our great democracies still tend to think that a stupid man is more likely to be honest than a clever man, and our politicians take advantage of this prejudice by pretending to be even more stupid than nature has made them." :Bertrand Russell

                               neon_sign.jpg

*The views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.

Re: Forwarding port 443 for WHS - conflict with connectToCiscoAP

[ Edited ]
36 of 37 (628 Views)
0
(0)
  • Rate this reply
Dec 7, 2012 7:33:28 AM
0
(0)
Expert
CJ is correct, you can run port translation if you're OK with logging into the secure site directly (assuming WHS allows that without issue, which I'm not sure of). And if you're OK with possible bookmarking oddities.

And yes, the alternate solutions are also viable, including hard-wiring the STB using Ethernet or powerline adapters and getting rid of the STB wireless access point.

Re: Forwarding port 443 for WHS - conflict with connectToCiscoAP

37 of 37 (613 Views)
Share this post
Share this post