Remote Web Access From Within My Network Isn't Working


33 posts in this topic

Posted · Report post

Hello,

I seem to be having an issue that either no one else ever had or no one knows how to fix. I've researched several different forums and can't find a definite answer. I've accepted the fact that i'm not an expert and could be doing something wrong that is painfully obvious to others. Here's what is happening.

I got Windows Home Server 2011 installed on a fairly new Dell desktop. It far exceeds the hardware requirements. I added user accounts to correspond to the accounts on the computers that i was going to install the connector software on. I installed the connector software on my desktop and my laptop. The WHS Dashboard works on both machines no problem. Most of the functions on the Launchpad work too, except for one. On neither my laptop or my desktop I can't get the Remote Web Access function to work. When I click it, it starts my default browser, attempts to connect to https://SERVERNAME.homeserver.com, but returns an "Internet Explorer cannot display the webpage" message.

post-67836-0-50138500-1317145996_thumb.j

The only way to get the page to load is to use the IP of the server in the address bar. When I do this I get a certificate error.

post-67836-0-47446000-1317146011_thumb.j

Researching this issue I was told that because the certificate is self signed I'll always get a certificate error. Anyways, I click "Continue to this website (not recommended)" and I am greeted with the login page. I log in using an admin user on the box and I am able to see content and browse shared folders. Now this all works as intended except for two functions. When I select browse pictures, I sometimes get a red X instead of a picture thumbnail. This issue is insignificant though. My second issue is I am unable to remote to the server (Dashboard) or my other PCs (If I'm on the desktop i can't remote to the laptop. If I'm on the laptop I can't remote to my desktop). The error I get is "Your computer can't connect to the remote computer because the Remote Desktop Gateway server address requested and the certificate subject name do not match. Contact your network administrator for assistance".

post-67836-0-54866800-1317145976_thumb.j

Its important to note that the Remote Web Access works outside my network. I'm able to use my laptop at work, school, coffee shop, etc to connect and browse, remote, upload/download all day long with no issues. I can also access it from other peoples computer with no issue. Every function works just as advertised. Now if I could only figure out what is going wrong when I'm on my home network...

I did some general troubleshooting ; disabled firewall, checked router settings, released the domain name and recreated it. A forum mentioned routers not supporting loopback. I don't know what that is. I use a Netgear WNR1000 v2. I'm not sure if that's the case here but I'm hoping someone much smarter than I has seen an issue similar to this. Please help.

post-67836-0-54866800-1317145976_thumb.j

post-67836-0-50138500-1317145996_thumb.j

post-67836-0-47446000-1317146011_thumb.j

Share this post


Link to post
Share on other sites

Upgrade to a WGS Supporter Account to remove this ad.

Posted · Report post

Here is the issue the best I can describe it:

your homeserver.com web address is associated to your external ip address (provided by your ISP), but your router (that doesn't support loopbak I'm almost 100% sure), doesn't know what to do with requests that point it back to itself (that's loopback since your router is the device that holds your external IP address and is basically sending requests to itself), causing you to get browser errors. I would bet that is nearly 100% of the issues you are finding. Try to browse to your homeserver.com address from a computer outside your network and let us know if that works as normal.

1 person likes this

Share this post


Link to post
Share on other sites

Posted · Report post

I think adding your WHS to your host file on your internal PCs may solve the problem.

An entry such as; 192.168.1.80 WHSNAME

where the IP is the IP of you WHS server and WHSNAME is the name of your server.

The host file is located in Windows\system32\drivers\etc

You will need to have hidden files and folders unhidden to find it.

host does not have an extension to its name but can be edited with notepad.

Share this post


Link to post
Share on other sites

Posted · Report post

Thank you Cainmp and Ian for your replies.

Try to browse to your homeserver.com address from a computer outside your network and let us know if that works as normal.

I put in the original post that Remote Web Access works perfectly as intended outside my network. I'm able to log into it from work using a PC here and use all functions without issue. Only on my home network do I have this issue. I'm going to try a newer router when I get home as I think you are correct about the loopback.

I think adding your WHS to your host file on your internal PCs may solve the problem.

I tried this with my desktop but I may have entered the server name incorrectly. Instead of listing the actual name of the server in the host file I put the url (SERVERNAME.homeserver.com) which i know now wasn't correct.

Thanks again both of you. I'll try the host file first then the new router and let you know how it goes.

Share this post


Link to post
Share on other sites

Posted · Report post

Hi James,

no answer I'm afraid, just a confirmation that I get the same certificate error and editing the hosts file didn't make any difference. I know the pc is reading the hosts file as I entered the ip address incorrectly the first time and I then could not log on to the server at all.

nick

Share this post


Link to post
Share on other sites

Posted · Report post

The reason for the certificate error is because you changed the IP address after you got the certificate, which you got from MS when you subscribe for the domain name when you ran the Remote Access Wizard. You can tell your web browser to ignore the certificate error, as you know the server is trusted.

You would not include the url as you described above in your hosts file. You can put domain names with the correct IP address into your HOSTS file, but not in this situation. Let's say you have two computers on your network plus your server. They may be named PC1, PC2 & SERVER. If they all have static IP addresses you may wish to place all of them into the HOSTS file:

ie

192.168.1.100 SERVER

192.168.1.101 PC1

192.168.1.102 PC2

This is how networking was done along time ago. If you had 1500 systems on your network you had to have all 1500 systems included in your HOSTS file and the HOSTS file had to be installed on all network systems. This was a very difficult way to manage a large network. But on a home network, where you have a small number of systems it is possible to maintain your own HOSTS file. Most people will allow there router to act as the DHCP server and assign IP addresses for workstations, and then only assign static IP addresses to servers. This way you are sure the server is where it should be. the static IP also guarantees that when you try to access your server from the outside world, the data is forwarded to the correct node on your network.

Add your WHS to your HOSTS file. Here is some instructions to edit your HOSTS file....

You will need to add the IP address of your server and then the name of your server

Your server's name may be different then your domain name. To see what your server name is open windows explorer and locate your server under the network section. Or, RDP into your server and check your computer name there. You can find the computer name by right clicking on the computer icon and selecting properties.

It is not necessary to have the same domain name as the name of your server. Once you edit your HOSTS file, you should be able to type SERVERNAME in the address bar of your web browser and it will direct you straight to your remote web access page as you see when you are at work.

I hope this is of some help to you.

Good Luck....

Share this post


Link to post
Share on other sites

Posted · Report post

Perhaps you misread my post- but you have just said the same;

You will need to add the IP address of your server and then the name of your server

Hey ho.

Share this post


Link to post
Share on other sites

Posted · Report post

Update: I realized my screenshots disappeared from the original post. I've put them back.

Editing the host file didn't do any good. I confirmed that the host file change was saved and I am still getting the same error above (Error3). I removed the host file entry as a test and I was still able to get to the server by hostname. Modifying the host file was not neccessary.

The two major issuers persist. I want to use the Launchpad as microsoft intended. When I click on Remote Web Access, it wants to send me to https://SERVERNAME.homeserver.com but for some reason IE cannot display that page (Error1 above). Microsoft intended for this to work this way, putting the FQDN in and not just the host name of the box, so my setup must be wrong or it maybe my router. I was unable to aquire a different one so I'll have to wait to see if that is the issue to all of this.

The other issue is I'm still getting the error 3 from above when I attempt to remote to one of my computers from the web interface. The error mentions a "certificate". Is this the same certificate as error 2? How can i make that go away permanently? Can I fix the cert? Release it and get it renewed?

Thanks everyone for the help. I'm sure we'll help others from figuring this out together!

Share this post


Link to post
Share on other sites

Posted · Report post

James,

The reason you can not access your server via Remote Web Access is because you have the wrong name associated with your servers IP address in your HOSTS file. Until you either correct the entry for your server or comment out the line for your server you will get this error.

Share this post


Link to post
Share on other sites

Posted · Report post

Do you want me to help you?

Share this post


Link to post
Share on other sites

Posted · Report post

James,

The reason you can not access your server via Remote Web Access is because you have the wrong name associated with your servers IP address in your HOSTS file. Until you either correct the entry for your server or comment out the line for your server you will get this error.

Bobby,

Thank you for the replies but I don't' think you are fully reading the original post or the additional replies that users are leaving. Just to clear some things up, I COULD ALWAYS access the server by typing the name of the machine into IE. I didn't mention this in my original post but I did say that I was able to connect via IP address. I didn't have to edit the host file to do this. I get a certificate warning when I do this but I can click continue and it will bring me to the same logon screen I see when I'm out of my house. If I do log in, all the functions I've tested work except for one. I get an error when i try and click on one of the connected computers. Error3.jpg attached to the original post shows this.

Two things. I've got the connector software installed on my wife's laptop. I want her to be able to click on the Remote Web Access button on the Launcher and it bring her to the server logon page. I don't want her to have to use the IP address, server name, etc to access it. The less buttons pressed, the better for her. Right now this function is failing outright but no one has mentioned it. Error.jpg attached shows this.

Now I thought I mentioned this in the original post but I seemed to have left it out. If I click on Diagnose Connection Problems at this screen (Error.jpg) I get a diagnosis of "The remote Device or Resource won't accept the connection". Is this information helpful? I know not many people have homeservers or they haven't upgraded to 2011 yet but I can't be the only one with this problem. I'm going to modify my original post, including the suggestions/troubleshooting I've done that everyone has suggested and repost in the technet forums.

Share this post


Link to post
Share on other sites

Posted · Report post

Let me appologize for not fully comprehending your situation. When you said you could Remote in with the IP Address I knew your router was working ok on you LAN. This lead me to beleive you had a DNS issue. So, I hope I can help you better at this point.

I also got certificate errors, I beleive this happened to me because I changed the servers IP address after I setup my domain. So, for now let's disregard this issue by clicking on the continue option you see in the web browser. And, let's focus on getting your router to pass your request.

From what I can tell you modified you HOSTS file. If you put the server's IP address in the host file as:

192.168.1.100 MyServer.homeserver.com, please comment this out for now by putting a pound sign '#' at the beginning of the line. This will cause your computer to ignore the line until we remove the # sign later. If you did not modify the HOSTS file as I discribed here, you can disregard this paragraph.

Can you check your router to see if port 3389 is open and forwarded to your server? If it is not, let's try and forward port 3389 TCP and name it as RDP.

Try this and let me know what happens.

Share this post


Link to post
Share on other sites

Posted · Report post

Bobby, thank you again for your reply. No apology necessary. We're all trying to help each other here. Hopefully this post will help someone in the future with a similar issue.

Currently the host file for the system I've been testing with is unmodified. I removed the entry that I created so its back to its original state. I read your suggestion carefully and had a comment. I am currently able to RDP from any of my computers to the server or any other PC on my network. I've had no issue doing so. At this point I'm willing to try anything as long as I see that it isn't going to cause lasting damage and is easily reversible so I went along with your suggestion. I created a custom service on my router (RDP, TCP, 3389, 192.168.1.2). Clicked the Remote Web Access button on the launch pad and IE opened to "Internet Explorer cannot display the webpage" (error.jpg in OP). Entered the IP address of the server in the address bar, hit enter, and this brought me to the Certificate Error page (error2.jpg in OP). Clicked "continue to this website" and logged into the server. Since I was on my desktop I attempted to launch the remote Dashboard for the server. It failed and gave me the same error as before. (error3.jpg in OP) The issue still persists.

Thank you again everyone for your previous and future suggestions.

Share this post


Link to post
Share on other sites

Posted · Report post

OK,

Let's try something else. Don't change what we did in the last step. We are going to open a couple of additional ports. My WHS2011 book says that if you have a uPNP router, the Remote Access Wizard opens the following ports:

Port 443 (SSL) use TCP protocol

Port 4125 (RDP) use TCP protocol

Of course you want to forward this to your server's IP address.

The interesting thing about these ports are, my router does not have them open. But, I can use RWA from inside and outside my network.

THE FOLLOWING INSTRUCTIONS ARE FROM THE WNR1000 USER'S MANUAL, Let's try to open your NAT filter.

Configuring NAT Filtering

Network Address Translation (NAT) determines how the router processes inbound traffic. Secured

NAT provides a secured firewall to protect the computers on the LAN from attacks from the

Internet, but might prevent some Internet games, point-to-point applications, or multimedia

applications from functioning. Open NAT provides a much less secured firewall, but allows almost

all Internet applications to function. For more information about NAT, see “How Your Computer

Accesses a Remote Computer through Your Router” on page 5-2.

To change the NAT option:

1. In the NAT Filtering area, select either the Secured or the Open radio button.

2. Click Apply to save the new configuration.

Try one thing at a time so we can figure out what made this work....

Good Luck....

Share this post


Link to post
Share on other sites

Posted · Report post

Bobby,

Port 443 was already being forwarded by uPnP. I created another custom service for 4125. No luck. Same errors as before. Same issues.

I thank you again for plugging away.

Share this post


Link to post
Share on other sites

Posted · Report post

Did you open the NAT Filtering?

Share this post


Link to post
Share on other sites

Posted · Report post

Did you open the NAT Filtering?

Yes sorry. I didn't mention this because NAT was already set to open. I had some issues using a headset on xbox 360 so I changed the NAT settings some time ago.

Share this post


Link to post
Share on other sites

Posted · Report post

James,

I've been scratching my head on this one. So, I went back and read your posts again. In fact I read all the posts, and I noticed that cainmp mentioned that your router does not have the ability to perform loopback. And he suggests that this is the problem.

Do you have access to a different router that you could use for testing purposes? If you can barrow someone router, use the administration tools to backup their configuration. I use a Linksys WRT54GL with the latest version of Tomato firmware installed. The bad thing about this is it is only 54Mbps. Not sure what to tell you to consider as a choice for a router that will work. Maybe, you can ask for input in the hardware section.

Update your post so I know what the results are....

Share this post


Link to post
Share on other sites

Posted · Report post

Shame on me. I thought since I had a fairly new router that it couldn't be the issue. I was incorrect. Cainmp suggested it and the quote below shows that I considered it but never got around to testing it.

I'm going to try a newer router when I get home as I think you are correct about the loopback. .

I have a borrowed Linksys WRT150N running DD-WRT v24. I had to setup the port forwarding manually as WHS 2011 router setup wizard couldn't do it for me but after that it was like magic. I started the Launchpad on my computer, clicked on Remote Web Access, and it almost brought a tear to my eye. IE started, It showed https://SERVERNAME.homeserver.com in the address bar, and 5 seconds later it displayed the login page. I logged in no problem. Tested all the functionality of the server and all seemed to work. Tried to remote to the desktop from the laptop and volia, everything worked exactly like it should have. I can't thank everyone enough for your efforts on this. Now, I only have to find some custom firmware for my WNR1000 v2 or purchase a new router. Either way, issue solved and many thanks.

RESOLVED: Router was the issue (WNR1000 v2). Loopback not supported.

1 person likes this

Share this post


Link to post
Share on other sites

Posted · Report post

WOW....I bet you feel better....

If you buy a new router, consider one that is supported by one of the various Open Source Firmware upgrades available.

I looked for the "Tomato" firmware for your router and it is not supported at this time. According to documentation, they need a donor router to develope the firmware.

I run a DD-WRT Linksys and a Tomato Linksys. Personnally, I prefer the tomato firmware, but was unable to configure it as a bridge for my entertainment center. Hence the DD-WRT bridge. Occasionally, the DD-WRT router, in bridge mode, needs a reboot as it looses my network. But, the Tomato router is always rock solid and supports UPnP great.

Here is a link to Tomato compatable routers.

Share this post


Link to post
Share on other sites

Posted · Report post

I'm having the exact issue described here. I'm using a WRT-54GS with Tomato firmware that ties to another WRT-54GL running DD-WRT as the access point. So I wonder if Tomato has the same issue or if this is my router.

Bobby what are you running Tomato on? Does yours work?

Share this post


Link to post
Share on other sites

Posted · Report post

I'm running Tomato ver 1.28 on a WRT-54GL. It should not matter that you are using the wrt-54GS as your gateway. Once you installed the Tomato firmware, it's essentially the same as the 54GL. I think the only difference is the amount of NVRAM.

Check these settings:

Set Advanced>Firewall>NAT Loopback to 'all'.

Set Advanced>Routing>Mics>Mode to 'gateway'.

What is the WAN IP address on your Router? Is it a public or private IP address? If it's private then you will need to do something to forward the internet traffic to your router.

Share this post


Link to post
Share on other sites

Posted · Report post

You'll still get certificate errors when connecting from inside your LAN using your server's hostname or NAT'ed IP address because the server has two certificate stores: one is from GoDaddy that faces the Public Internet (created when one registers for the *.homeserver.com domain) and is what is used when accessing the server from the WAN, and the other is the self-signed certificate store based on the server's hostname (created during the install of the server). Unless you use the FQDN at every RDP, you'll continue to get certificate errors, router loopback or no.

It's just easier to use the FQDN name except in issues where Remote Access has been disabled, of course.

Share this post


Link to post
Share on other sites

Posted · Report post

Hey bobby, thanx.

Setting the Tomato Router Nat Loopack to All fixed the problem!

The default was Forward Only!

Share this post


Link to post
Share on other sites

Posted · Report post

Always good to hear success story....The two settings I mentioned seemed to be the only thing that would effect RWA. And The Gateway setting was not very likely, but it would not hurt anything.

Don't be a stranger, continue to check in here at WGS for the latest news on home server technology.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now



Upgrade to a WGS Supporter Account to remove this ad.



  • Latest Posts

    • WHoSeBox - Use your WHS like dropbox
      By stigzler · Posted
      Hi folks. Just thought I'd share a little app I made. It lets you use your WHS like dropbox - with public shares + link grabbing from explorer. I'm a hobby coder - so don't expect watertight - but think it's working OK - any probs just let me know. Check it here: https://whosebox.codeplex.com/
    • Questions on Planning and Preparing for a N54L
      By darkarn · Posted
      Thanks for your reply! Ah, that issue. I was thinking of using a modded BIOS though, which HP wont support lol, but the network card not working is news to me. Besides, I am strongly considering to pay a bit more and go for a Gen8 instead.
    • Shares - A Nightmare!
      By Hyde · Posted
      Have shut down the RDP session and re-connected.  Using the host machine's name I still get the message back that the Server isn't switched on, not my network, etc. etc.  Tried again with the IP address and once again I get the warning that the certificate isn't from a trusted source, but at least I can still get an RDP session and the Sharing dialog box is still churning some 20 minutes since I kicked it off (for the 3rd time at least today).  So, would be nice to know why I have this certificate error too???  and how to fix it ;-)
    • Questions on Planning and Preparing for a N54L
      By Guest · Posted
      Don't.. HP has poor support, and there's lots of compatibility issues with N54l.

      Flashing the bios requires permission from HP before you can even download it, luckily i found another download link, but even after updating the bios, the network card still does not work with Windows.
    • Shares - A Nightmare!
      By Hyde · Posted
      Also having issues with RDP.  But having changed the client connection from using the PC's name to it's static IP I got an error message about the certificate not being from a trusted source.  Ignoring the warning and continuing to connect allowed me to gain a connection from my laptop and then typing "certificate" into the Settings search box got me a tool that allowed me to drag n drop the RDP certificate into the Trusted Root folder.  I'm hoping that'll help with all my connections now but I don't know and don't currently want to shut this RDP session down until performing a few tasks whilst I still can. I have now managed to share out my Software folder on the Server.  Yippee!  But the Music folder sharing is still churning away.  I can only guess it's down to the fact that there are 544 folders & 5265 files???
  • Recently Browsing

    No registered users viewing this page.