This blog post was written by MVP, Alexander Kent. Alexander is the founder and principal of Kentdome LLC, a Los Angeles, California based company specializing in enterprise security, custom software engineering, network infrastructure and co-location services. In recent years Alexander has taken a particular interest in the Windows Home Server platform. As a result, Kentdome LLC has produced a number of WHS solutions under his architectural guidance. In addition Alexander has been a very active technology evangelist, sharing his excitement for the WHS platform. Today he will share some information about Remote Access challenges. Enjoy!
Windows Home Server is generally considered a great file server and backup solution for home users. A lesser known fact is that it also provides superb Remote Access capabilities. The “Remote Access” feature allows you to control your computers and access files on your Windows Home Server over any internet connection, from anywhere in the world.
Have you ever traveled somewhere and realized that important files were left at home? Now, with the help of the Windows Home Server Remote Access technology, you can securely reach your home network and interact with it from any machine on the Internet.
Enabling the Remote Access feature prompts the Windows Home Server to try and automatically configure the network to allow inbound connections. Seven times out of ten times this works perfectly, but given the sheer number of different devices, and the ever increasing complexity of home networks, the process of configuring your network for Remote Access may have to be more hands on.
This article explains the most frequent Remote Access challenges and then walks you through the steps of making your Windows Home Server accessible across the Internet.
#1) UPnP is not enabled or supported by your router The Windows Home Server Remote Access Configuration Wizard attempts to auto configure your router over universal plug and play (UPnP) standards. UPnP represents a set of networking protocols that allow devices to connect, interoperate, and be configured. In order for this to work, your router must have the UPnP feature enabled, and must support the correct UPnP version.
If your router does not support the UPnP protocol, or if your router has UPnP disabled, then the Windows Home Server Remote Access Wizard will report a failure when attempting to configure the router through the Remote Access settings interface.
Figure 1.0: Router configuration failed
In many cases, downloading and installing a firmware update on the router adds UPnP support or fixes UPnP issues. If you have not done any firmware updates, visit your router manufacturer's website to see if any updates are available. We recommend installing the firmware update, enabling UPnP on your router (if applicable), and try running the Windows Home Server Remote Access Configuration Wizard again.
In some cases, Windows Home Server will report an error with the automatic router configuration, but the Remote Access functionality proceeds to work without a problem. This occurs in cases where the UPnP protocol may not be implemented properly on the router and Windows Home Server cannot confirm whether or not configuration was successful.
Figure 2.0: Router configuration failed but remote Web site is available from the Internet. (Okay to proceed!)
If the above information does not solve your problem or UPnP is not available on your router, then you must manually configure port forwarding from your router to your Windows Home Server. To learn more, please visit the Broadband Router Configuration wiki produced by the Home Server Land team in conjunction with the Windows Home Server Remote Access feature team at Microsoft.
WHS Remote Access UPnP Problems from HomeServerLand on Vimeo.
#2) Double NAT
Network Address Translation (NAT) refers to the translation of an Internet Protocol address (IP address) used within one network to a different IP address known within another network. For example, a translation from the Local Area Network (LAN: the private home network) to the Wide Area Network (WAN: the public Internet).
A good example of a NAT device is the network router which can be thought of as the agent between the public Internet and the private home network.
A typical home network is made up of a single network router (NAT), usually with a built-in 4-port switch, and a basic DSL or Cable modem that connects to the Internet.
Figure 3.0: Typical Home Network Diagram
For the Windows Home Server Remote Access website to be available from the Internet, the router needs to be configured to forward inbound web traffic from the Internet to the Windows Home Server on the local network. Therefore, if another NAT device is introduced into the network, it too must be configured accordingly!
A home network containing two devices routing traffic and performing Network Address Translation is known as a Double NAT. Such devices can include a combination of routers, modems, firewalls, wireless access points, and other network devices.
What people often fail to realize is that DSL Modems that employ Point-to-Point Protocol over Ethernet (PPPoE) are frequently performing NAT and other roles such as Internet authentication and DHCP functions.
Figure 4.0: Double NAT network diagram
In a Double NAT environment, the UPnP protocol can only be used to automatically configure the nearest NAT device. Under these conditions, the Remote Access functionality will not work properly, and the Windows Home Server will report a failure when attempting to configure the router through the Remote Access Settings interface. How do I know if I am behind a double NAT? To determine whether or not a Double NAT exists, check the WAN (outside) IP address on the router nearest to the Windows Home Server. It should match the public IP address assigned by your Internet Service Provider (ISP). One way to check your public IP address is by visiting a site like http://whatismyipaddress.com/ from your home network.
If the WAN IP address on the router nearest to the Windows Home Server is a private IP address, meaning a non-routable IP address reserved for private use, you are dealing with a Double NAT scenario.
Figure 5.0: IP Address ranges reserved for private use
The solution would be to reconfigure your home network so that only one device is routing data in a NAT configuration. Many network devices, including Cable and DSL modems, support a “bridged” or "transparent" mode of operation, which disables all of the routing and NAT in the device. This effectively puts your other router into the position of managing the Internet authentication and network address translation. Consult your modem manufacturer documentation or contact your ISP for support.
Another common network setup mistake is made by people who wish to add wireless functionality without replacing their existing modem or router. As a result, if you attach another router behind or in-front of your existing router, you are effectively creating a Double NAT.
Figure 6.0: Double NAT by means of two routers
In this case, the solution would be to consolidate both devices into a single unit that can route traffic to the wired and wireless networks, or to configure port forwarding from the first NAT device to the second NAT device. Alternatively, circumvent the double NAT by attaching the Windows Home Server directly to the first NAT device on the network.
WHS Remote Access: Double NAT from HomeServerLand on Vimeo.
#3) Internet Service Provider is blocking Remote Access Ports
The Remote Access website requires inbound port 80 (HTTP), port 443 (HTTPS) and port 4125 (Remote Web Workplace or RWW for short) to be available from the Internet. However, many internet service providers block email related internet ports to curb spam or unsolicited commercial usage. In some cases ISPs block additional ports such as the ones required by Windows Home Server Remote Access: inbound port 80 and port 443. If you have configured your network for Remote Access but the remote access website is still not available over the Internet, then contact your ISP to confirm whether or not inbound connectivity on TCP ports 80, 443 or 4125 are being blocked.
Alternatively you can determine whether or not ports are blocked with the Internet Connectivity Evaluation Tool.
WHS Remote Access: ISP Blocking Ports from HomeServerLand on Vimeo.
The Windows Home Server Remote Access functionality is a powerful and convenient feature that is well worth the effort to set up correctly and securely.
Hopefully the above breakdown of some of the most common Windows Home Server Remote Access challenges has been helpful. The Windows Home Server Remote Access feature team at Microsoft and the WHS communities are continuously engaged in improving and compiling data around compatibility and other home network issues. Feedback is always welcome and should you need additional help, please give us a shout in the forums where we can help you further.
What I meant to say was I have an office in the building and do not have access to the router. Is there a way to configure my Home Server for remote access what that in mind? All I have is the 192.168.X.X address they gave me. Sorry for the confusion.
Please take a look at the broadband router configuration wiki which guides you through the process of configuring many of the most popular network devices for WHS Remote Access:
If you are still having problems please shout in the forums under Networking & Remote Access:
I have an office building that has network connectivity. It is has already DHCP for all the offices. How do I set up remote access for a Home Server for my office. I tried but without UPNP, I cannot set up my server. Help!!!
Thanks for the excellent article. Media was very useful... learned some good tips. Looking forward to more.
Additionally can I say if the local ip address is different from your external ip address as shown here in tejji.com/.../my-ip-address.aspx I am behind double NAT.
Additionally can I say if the local ip address is different from your external ip address as shown here in <a href="tejji.com/.../my-ip-address.aspx">my ip address</a> I am behind double NAT.
I see this articel for newcomers and for users they have some experience. The NAT part is very interesting and everyone can learn here.
Here in europe the things goes sometimes a different way what means for the DSL modems. The most modems are branded and not all the time the UPnP part is working, because the branding. But is the user a little bit more experienced in IT and hardware, he can solve this problem. Otherwise he must setup the DSL Modem by hand. And here comes HomeServerLand in the game. In the wiki of HSL you can find a very good description for that issue.
Another very important part is:
all the updates for the Windows Home Server i use.
More then 20 of the little and very helpfull tools. But to be up to date cost's me a lot of time. And that is smoething what i don't have because uur childs. A son from 3 1/2 ans twin girls from 1 1/3 years old. That cost's time, really ;-). But also here comes HomeServerLand with a very good solution. A new tool named Add-In Central. This add-in does the job for me and is searching all the possible updates, great. At this place i will give a very big thank you to the guys and girls there. Ahh, dont forget it to take a look. here is the link where i have found this really handy tool: www.kentdome.com/addincentral
So long - mike
First of all, thanks for you amazing add-ins and great work! I have come to expect nothing less.
My story is that I gave up on making remote access work, reading this article I learned a lot so now I will give it another try...
I suspect my DSL modem needs to be configured.
love the NAT video :)
What a stellar article that spells out exactly how to set up double nat. In fact, I was actually having trouble with this recently and just threw up my hands and gave up. This article explains clearly how to get it done. I really appreciate the diagrams and attention to detail. This is a helpful and well-written article.