Redirecting Windows Home Server 2011 Remote Web Access for Internal Clients

Windows Home Server 2011 features an impressive remote access site allowing you access to your digital media as well as remote access to your home computers. One of the components which allows all of this functionality to work is the Client Connector. This software element, installed on the client computers (which can be PCs or Macs for the record) enables the Home Server to backup your systems, along with enabling the features required on your system for the RemoteApp Remote Desktop Services connections to remote onto your PC from anywhere online.

In the Home Server Launchpad, the main user facing element of the Client Connector, there is a link for Remote Web Access which directly launches a browser session to the Windows Home Server 2011 Remote Web Access site, after you have configured your free homeserver.com domain with Microsoft and GoDaddy (this is configured using the Windows Home Server 2011 Dashboard).

In a normal home scenario with a router from your ISP or that you purchased elsewhere, clicking the Remote Web Access link will launch the Home Server Remote Web Access site using the homeserver.com domain you registered as the URL. In my not-so-normal home network, I use a Cisco PIX firewall as my edge device means I have a problem.

Unlike a router, the PIX cannot route packets back through the same interface where the packet was initially received.

This sentence from the Cisco PIX Frequently Asked Questions explains the problem in one. Clicking the Remote Web Access link launches the browser session to the correct URL, however because that URL resolves to the Internet IP associated with the outside interface on the PIX means the traffic flow is not permitted back through the firewall.

Being a Windows Systems Administrator, I like things on Windows, which means I prefer to run my infrastructure services like DNS and DHCP on the Home Server instead of allowing the router to do it. The DNS role in Windows Server 2008 R2 (the foundation for Windows Home Server 2011), and the DNS role in any Windows Server operating system for that matter allows you to create multiple zones for multiple domains to which the server will respond with DNS resolutions, and this is where the fix derives from.

The fix, or trick as the case may be, is to use DNS to reroute the client computer by resolving the homeserver.com domain name to the internal IP address of the Home Server, and away from the Internet side of the network, which ultimately will improve the performance of the Remote Web Access interface too.

On the Home Server, launch the DNS Manager console from Administrative Tools.

image

In the console, right-click on Forward Lookup Zones, and select New Zone.

In the New Zone Wizard on the Zone Type panel, select the Primary Zone option,

On the Zone Name panel, enter the full domain name that you specified in the Domain Name Setup Wizard from the Home Server Dashboard (in this example, I’m using server.homeserver.com).

On the Zone File panel, you can leave the default option to Create a New DNS Zone File.

On the Dynamic Updates panel, leave the option set to Do Not allow Dynamic Updates. This will help to prevent any rogue clients on the network from poisoning the DNS zone and directing your clients to the wrong IP address.

imageimageimageimageimage

On the Completing the New Zone Wizard panel, verify that you can specified the homeserver.com domain correctly. and then select Finish to complete the wizard.

Back in the DNS Console, your new zone will be visible. In the new zone, right-click and select New Host (A or AAAA).

image

In the New Host dialog, leave the Name field blank and in the IP Address field, specify the IP Address of your Home Server. This IP Address should either be statically assigned to the Home Server, or it should be configured as a DHCP Reservation on whatever device is running your DHCP Server on the network (although if the Home Server is your DHCP Server, then this should obviously be static).

Congratulations. Your internal clients will now be able to access the Home Server Remote the Web Access site, using the Client Connector user interface as Microsoft had intended, without a single packet touching the outside interface of your server.

If in your home network, you are using the router to perform DNS queries on your behalf, but your router prevents connections through the same interface that the connection was initiated as the PIX does, you could also implement this trick using the DNS HOSTS file, however this would need to be performed on a per client basis editing the HOSTS file. Using this example, the HOSTS file line item would be configured as follows:

192.168.1.100   server.homeserver.com   # Windows Home Server

Remember to flush your DNS cache on the clients using ipconfig /flushdns before testing your work regardless of whether you used the DNS or the HOSTS file methods to implement it.

Circumventing Intel’s Discontinued Driver Support for Intel PRO 1000/MT Network Adapters in Server 2008 R2

In a previous life, my Dell PowerEdge SC1425 home server has an on-board Intel PRO 1000/MT Dual Port adapter, which introduced me to the world of adapter teaming. At the time I used the adapters in Adapter Fault Tolerance mode because it was the simplest to configure and gave be redundancy in the event that a cable, server port or a switch port failed.

In my current home server, I have been running since its conception with the on-board adapter, a Realtek Gigabit adapter which worked, however it kept dropping packets and causing the orange light of death on my Catalyst 2950 switch.

Not being happy with it’s performance, I decided to invest £20 in a used PCI-X version of the Intel PRO 1000/MT Dual Port adapter for the server. Although it’s a PCI-X card, it is compatible with all PCI interfaces too, which means it plays nice with my ASUS AMD E-350 motherboard, however I didn’t realise that Intel doesn’t play nice with Server 2008 R2 and Windows 7.

When trying to download the drivers for it from the Intel site, after selecting either Server 2008 R2 or Windows 7 64-bit, you get a message that they don’t support this operating system for this version of network card, which I can kind of understand due to the age of this family of cards, however it posed me an issue. Windows Server 2008 R2 running on the Home Server automatically installed Microsoft drivers and detected the NICs, however that left me without the Advanced Network features to enable the team.

I set off my downloading the Vista 64-bit driver for the adapter and extracting the contents of the package using WinRAR. After extraction, I tried to install the driver and sure enough the MSI reported that no adapters were detected, presumably because of the differences in the driver models between the two OS’s. After this defeat, I launched Device Manager and attempted to manually install the drivers by using the Update Device Driver method. After specifying the Intel directory as the source directory, sure enough, Windows installed the Intel versions of the drivers, digitally signed without any complaints.

With the proper Intel driver installed, I was now left with one problem and that was still the teaming. Inside the package, was a folder called APPS with a sub-directory called PROSETDX. Anyone who has previously used Intel NIC drivers will realise that PROSET is the name used for the Intel management software, so I decided to look inside, and sure enough, there is an MSI file called PROSETDX.msi. I launched the installer, and to my immediate horror, it launches the installer which the autorun starts.

Not wanting to give up hope, I ran through the installer and completed the wizard, expecting it to again say that no adapters were found, however it proceeded with the installation, and soon enough completed.

This part may change for some of you – Intel made a bold move somewhere between version 8.0 of the Intel PROSet driver and version 15.0 of the PROSet driver and moved the configuration features from a standalone executable, to an extension in the Device Manager tabs for the network card. I poured open the device properties, and to my surprise, all of the Intel Advanced Features were installed and available.

image

I promptly began to configure my team and it setup without any problems and it created the virtual adapter without any issues too including installing the new driver for it and the new protocols on the existing network adapters.

With this new server, I decided to do things properly, and I’ve configured the team using Static Link Aggregation. I initially tried IEEE 802.3ad Dynamic Link Aggregation, however the server was bouncing up and down like a yoyo, so I set it back to Static. Reading the information for the Static Link Aggregation mode is a note about Cisco:

This team type is supported on Cisco switches with channelling mode set to "ON", Intel switches capable of Link Aggregation, and other switches capable of static 802.3ad.

Following this advice, I switched back to my SSH prompt (which was already open after trying to get LACP working for the IEEE 802.3ad team). Two commands completes the config: one to enable the Etherchannel and one to set the mode to LACP instead of PAgP.

interface GigabitEthernet0/1
description Windows Home Server Team Primary
switchport mode access
speed 1000
duplex full
channel-group 1 mode on
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/2
description Windows Home Server Team Secondary
switchport mode access
speed 1000
duplex full
channel-group 1 mode on
spanning-tree portfast
spanning-tree bpduguard enable
!

The finishing touch is to check the Link Status and Speed in the Network Connection Properties. 2.0Gbps displayed speed for the two bonded 1.0Gbps interfaces. Thank you Intel.

image

I’m Not as Green as My Name Suggests

With my name being Richard Green, one could go some way to try and associate me with environmental tree-friendliness. Contrary to that, I am actually extremely energy inefficient. My biggest energy crux in my current Windows Home Server machine.

Running on a Dell PowerEdge SC1425 with two Intel 2.8GHz Dual Core Xeon processors and 6GB of DDR2, this thing is total overkill for Windows Home Server and isn’t actually very good at it’s job either. Granted, it’s got dual Gigabit Ethernet for teamed and reliable network connectivity and it’s got SATA-II drives for high speed data movement, but at the same time, its in a 1U chassis which means it only supports a maximum of two drives, and it’s got a 450W power supply which when faced with the two Intel Xeon processors, both of which are designed at 90W power consumption makes for an eye-watering electricity consumption report.

I did try to enhance the usage profile of the machine by using an add-in for Windows Home Server called LightsOut, however the great feature of this software, which is to sleep and wake the server at pre-defined times during the day remained useless on the PowerEdge. Being a server machine its power supply doesn’t support the S3 power state which means it doesn’t support sleep – Only Shutdown and Restart, as a result, meaning the server stays on 24×7.

Granted, I could manually shutdown the server each night and power it back up again during the day when needed, but that’s not the design of a server. It’s designed to be accessible when you need it. My view on energy efficiently and environmental impact kind of fits this mantra also. I’m quite happy to spend a little money on energy efficient products if it will benefit me, and if my way of life isn’t impacted as a result. This example of powering down the sever manually has an impact because it’s an additional action upon me to complete, it means the server is potentially unavailable during start-up periods when I want it and generally makes the appliance less useful.

I’ve been looking around at what other people have done with Windows Home Server machines and seen a growing trend in Atom powered machines with low power consumption, designed for always on availability. My issue herein is that I have a 19” server rack in which all of my kit is mounted so the device needs to comply to the form factor to make it suitable, which basically rules out all of the pre-built systems from people like HP and Asus, so I’m being hurtled back into the world I escaped a few years ago – Self build.

The criteria for the project are quite tight:

  1. 19” Rack Mount Chassis – 1U, 2U, 3U or 4U is not really important.
  2. Support for at Least 4 SATA-II drives.
  3. Ideally support for a regular ATX PSU to reduce cost and improve efficiency over a server PSU.
  4. As near to silent operation as possible.
  5. Low power consumption.

After trawling the internet for quite some time on the subject now, I believe I have produced the ultimate solution using the following:

  • X-Case RM400/10 4U Rack Mountable Case
  • ASUS AT3IONT-I Intel Atom 330 and nVidia ION Montherboard
  • StarTech 4-Port PCI Express SATA-II Controller
  • Corsair Value Select Memory
  • Corsair CX400W Power Supply
  • Western Digital 1TB SATA-II Green Hard Disks

image

The case from X-Case at http://www.xcase.co.uk/product-p/case-x-case-400-fslash-10.htm?CartID=1 is the building block for this system. It allows me the flexibility to use my existing rack at home, while in a 4U chassis is gives enough room for 10x 3.5” hard disks and 1x 5.25” optical drive, although my machine will not have one installed as Windows Home Server can be installed via USB.

image

The ASUS, Intel Atom, nVidia ION Motherboard trick box from Novatech http://www.novatech.co.uk/novatech/prods/components/motherboards/miniitxmotherboards/90-MIBCT0-G0EAY0GZ.html gives me a Dual Core 1.6GHz processor which under full load only draws 8W of power and yet does not require active cooling, and only uses a passive heat sink, all the while, the miniITX form factor of the motherboard keeps the remaining power draw to a minimum.

image

The motherboard hosts 4 SATA-II ports, so needing to increase that to come close to the 10 drive support of the case, I will add a StarTech 4-Port PCI Express SATA-II Controller. The StarTech card was chosen because it appears to be the only card to combine SATA-II and PCI Express interface, as many of the other cards such as those powered by the Silicon Image 3114 controller are PCI based. The StarTech card can be seen here http://www.leaf-computer.de/raid-controller-4-port-sata-ii-pcie-x1.html and can be purposed from Leaf Computers via Amazon Marketplace.

image

The Corsair CX400W power supply from Overclockers UK at http://www.novatech.co.uk/novatech/prods/components/powersupplies/corsair/cmpsu-400cxuk.html is of good efficiency and also being near silent with a slow rotating 120mm fan to keep the air moving. This supply also has six SATA connectors for the hard drive power needs and four Molex connectors which can easily be converted to SATA once the need arises.

image

The Western Digital hard disks are of the Green variety. The demands of a Windows Home Server are not high speed disk access, unlike a RAID10 SQL Server. The needs are for high volumes of always available storage. The Green drives give SATA-II high speed access while providing a low thermal output because of the adaptive rotation speed controls and also the low power consumption.

Although only speculation based on figures collected from sources around the Internet, I believe that the Windows Home Server of this specification would consume a mere 32 Watts at idle and 38 Watts and full load when using 2 1TB Green drives. The drives consume about 6 Watts each, so simply add this amount for each drive added. The other advantage, is by using a standard ATX power supply with 12V 4-Pin connector to power the motherboard, I will have support for S3 power state, allowing the server to be put into Sleep overnight. This will allow me to reduce the operational hours from 24×7 to 17×7 in my example.

Using an online power calculator, we can see that the server of this specification will consume only 16 kWh (Kilo Watt Hours) per month. I have an in-line power meter currently connected to my personal computer which I will be attaching to the Home Server in the next day or so, and then I will be able to see the real-world draw of the current PowerEdge SC1425 to compare the two and see the potential savings.

I will create a new post to show the comparison once the data is available.

Windows Home Server Vail Streaming Done How it Should Be

I was just looking at this video on Channel 9 about Windows Home Server Vail, and I noticed something I didn’t discover in my play with the Public Beta. Scroll through to 6:35 onwards.

Get Microsoft Silverlight

What you’ll see, is that at 7:07 the guy hovers over one of the images in the flowing album cover background and selects an option for play.

Zune 4.1 and 4.2 along with Windows Media Center have the same style interface with the flowing covers, however neither of them can do this click to play thing, and I have to wonder why.

The first time I used by Zune player I kept trying to click and wondering why it didn’t work – It’s a natural reaction I think, so congratulations Windows Home Server team for getting it right. I look forward to the Zune team and Windows Media Center team looking at your work here and adopting it for themselves.

On the downside however, I would have liked to have seem some Zune integration in Home Server Vail, especially as Windows Phone 7 and Xbox are making good inroads.

Windows Home Server Vail Public Beta Review

Earlier in the year, I got my hands on a leaked build of Home Server Vail. I didn’t bother to upload or post any of my findings because it was a very early build and a lot of the features didn’t work, and in addition because a lot of other people posted the stuff too.

This week Microsoft released the Public Beta of Windows Home Server Codename Vail which is to be the second release of Windows Home Server, this time based on Windows Server 2008 R2 Standard Edition. I went through the installation process and then tried to get a few things configured in Vail so here is what I found.

I’m adding the break early on this post to stop the screenshots spoiling the view, but jump to the full post for all the screenshots and information so far on Vail.

Read the Full Post

Windows Home Server Vail Expands Storage Possibilities

With Windows Home Server v1 being based on Windows Server 2003 Small Business Server you were limited to the features of Server 2003. This means no support for iSCSI in the case of my point today.

With Windows Home Server v2 (Vail) being based on Windows Server 2008 R2 Standard Edition, this opens the plethora of supported storage types to those supported in Server 2008 R2.

Server 2008 and Server 2008 R2 both have native support for iSCSI using the Microsoft iSCSI Initiator application from Control Panel. This is great news because it means that users will no longer be limited to USB or eSATA devices but can look to expand their storage out onto the IP space and look into opportunities for backup solutions for WHS using iSCSI.

Mark Vayman from the Windows Home and Small Business Server team posted on the Microsoft Forums confirming support for iSCSI along with a whole host of other features. My personal favourite besides iSCSI is the ability to now name the drives 🙂

http://social.microsoft.com/Forums/en-US/whsvailbeta/thread/32844aae-9f41-41cb-8a4a-f6c26ddfdd6f

SIP VoIP for Home and the Day of Sadness

Today is a sad day, because yesterday I came up with an evil super plan, however today I realise that it just cannot be.

My evil super plan was this. To purchase a SIP line from an ISP, configure my Cisco 2651XM with CME and have the SIP line trunked into the router. From here, I was going to replace our existing Windows Home Server with Windows Small Business Server 2008, which I would install Office Communications Server 2007 R2 onto.

The combination of SBS and OCS would give us the ability to use Unified Messaging (UM for Exchange) and would allow us to use the Office Communicator client on the desktop and Office Mobile Communicator on our Windows Phone devices. I would then have configure the 2651XM and OCS to trunk the SIP line between each other using guides available online for configuring OCS and CME to talk so that inbound calls on the SIP line would be routed to the OCS server.

This just gets better now, because the second part of the plan was to configure a hunt group in OCS which would group both me and Nicky together. If someone were to ring the home phone, it would ring both of us simultaneously and then the first one to answer receives the call (that’s the hunt group at work). If nobody answered then the caller could leave a voicemail on the OCS server which would be delivered to both me and Nicky to our SBS Exchange mailboxes using UM.

Just stop for one minute to think of the power and the feature set am talking about here?

  • Imagine being able to answer your home phone anywhere in the world from either your PC or mobile?
  • Imagine being able to receive voicemails left on your home phone from your inbox anywhere in the world via PC, mobile or Outlook Web Access from an Internet cafe?
  • Imagine making phone calls to numbers anywhere in the world just like using a normal telephone but at the fraction of the cost?

Read the Full Post

Configuring Eye-Fi Manager as a Service for Windows Home Server

After configuring my Eye-Fi Manager appliction on the Windows Home Server, I quickly noticed a problem. The application is executed by the currently logged on user and not as a service. Because I am connected to the Windows Home Server via Remote Desktop I logoff the server once I’m finished and the application shuts down.

Solving the problem requires it to be running as a service. I looked at the forums for Eye-Fi and their website and there is a thread on the forum for exactly the same thing – Configuring Eye-Fi Manager as a service, however it doesn’t actually go into any details so I had to figure it out for myself.

The Service Command (sc.exe) application makes this real easy for me to do. The following command should as done the trick.

sc create EyeFiManager DisplayName= “Eye-Fi Manager” start= auto binPath= “C:Program FilesEye-FiEye-Fi Manager.exe”

Unfortunately when I tried to start the service, Process Explorer showed me the Eye-Fi Manager.exe application as running however after a few seconds it terminated and the Services MMC console gave the error that the application didn’t respond in a timely fashion, so the application is obviously not designed to be a service, I therefore needed a middle man.

Microsoft produced a utility for NT4 called srvany.exe which still works in Windows versions today. The premise is very simple. srvany.exe is the service executable and you provide your executable as a parameter for srvany. The result is that srvany handles the service and responds to Windows as required.

I’ve put a copy of the executable srvany.exe on my Windows Live SkyDrive for you to download for your own uses. In my example, I placed the executable in the System32 directory so that I can call it without declaring the path to the application and without having to add custom strings to the Path environment variable.

To this end, the command becomes the following:

sc create EyeFiManager DisplayName= “Eye-Fi Manager”  start= auto binPath= “C:WINDOWSSystem32srvany.exe” 

Once this is done, you need to instruct srvany the name of the executable you want it to handle. This is done easily using the reg command line tool as follows:

reg add HKLMSYSTEMCurrentControlSetServicesEyeFiManagerParameters /v Application /t REG_SZ /d "C:Program FilesEye-FiEye-Fi Manager.exe"

Starting the EyeFiManager service I created that launches srvany.exe will now start the Eyei-Fi Manager.exe application and it will run as required, with the exception that none of the user interaction such as thumbnail previews of the uploading pictures can be seen as it’s a background service.

I proceeded to test it and unfortunately I noticed a problem. Although the application was running it wasn’t processing any uploads. I immeadiatly assumed the problem was the permissions relat

reg add HKLMSYSTEMCurrentControlSetServicesEyeFiManagerParameters /v Application /t REG_SZ /d "C:Program FilesEye-FiEye-Fi Manager.exe"

ing to the default account used by servcies which is the System account. I decided to change thhe service to use the NetworkService account as this would allow it access to the network.

The following reg command performs this for me:

reg add HKLMSYSTEMCurrentControlSetServicesEyeFiManager /v ObjectName /t REG_SZ /d "NT AUTHORITYNetworkService"

After restarting the service, I still couldn’t upload the photos. I assumed it was NTFS permissions now, so I added the NetworkService account to the RW_7 group on the Home Server, which is the group created by Windows Home Server for permitting Read and Write access to the Public folder*.

* The reason I upload to the Public folder is that I like to rename, tag and adjust all my pictures before allowing them into the Photos shared folder.

Unfortunately this still didn’t solve the problem. Using Process Explorer and comparing the results (specifically the TCP/IP Stack) of the Eye-Fi Manager.exe process when it was running as a local user and the NetworkService account showed that the NetworkService service version didn’t open up the required TCP Listening ports.

At this point, I created a service account called svcEyeFi and used that account to launch the service, however this has the same results as the NetworkService account even after adding the account to the Local Administrators group.

I have now resorted to the the idea and am running the account using the Local Administrator account which is the account you use to login to the Windows Home Server Console for management purposes. It’s not ideal for security and principal of least privilege, however it works so that’s a plus I guess.

I decided that I wanted my service to look a bit less like a virus or trojan service and more genuine, so I deleted the service using the sc delete EyeFiManager command and then re-created the service using these commands as follows:

sc create EyeFiManager DisplayName= "Eye-Fi Manager" type= own start= auto depend= Netman binPath= "C:WINDOWSSystem32srvany.exe" obj= .Administrator cEyeFi password= [password]

reg add HKLMSYSTEMCurrentControlSetServicesEyeFiManagerParameters /v Application /t REG_SZ /d "C:Program FilesEye-FiEye-Fi Manager.exe"

reg add HKLMSYSTEMCurrentControlSetServicesEyeFiManager /v Description /t REG_SZ /d "Starts the Eye-Fi Manager application as at automatic system service allowing it to run without a user logged in."

So what does all of this do exactly?

Well the first line creates the service, marks it as Automatic start-up type, sets it to start using the local Administrator account and lastly adds the Network Connections service as a dependency. The addition of the dependency means that this service cannot start until the network connection is up and available.

The second command adds the parameter to the srvany application to start Eye-Fi Manager.

The last commands sets a description on the service so that anyone looking at the Services MMC will see what the service is doing.

For a bonus point, you can configure the recovery options so that if for any reason the service fails it will automatically restart the application.

If anyone trying to configure this runs into problems, email me and I’ll be sure to help you out.

Windows Home Server Backup: Wife Approval and the Potential

Last night I spent about two hours working on Nicky’s laptop which she had somehow managed to get infected with a virus or multiple viruses should I say.

I tried loads of things to correct the wake of problems caused by it, however I was having a hard time so I contemplated using my investment in Windows Home Server and flexing it’s Recovery CD for fighting crime (or virus).

I didn’t have to run the backup in the end as I managed to fix the problem, but the point needs to be addressed of just how wife friendly Windows Home Server actually is, and let’s face it: If your a geek / tech-head with any interest in things like Home Servers, Media Centres and the like you know that it has to be wife friendly or you will never get budgetary approval 🙂

Read the Full Post

Windows Home Server Review

Windows Home Server is not a new product by any means – It was first released to RTM in July 2007. Power Pack 2 is the current update release and Power Pack 3 has been in Beta via Microsoft Connect for some time with no clear release date in site still.

What is Windows Home Server?

Windows Home Server (WHS) targeted as SOHO markets for people with multiple computers, media sources and devices who want to centralize, share and backup their files and media.

Windows Home Server, commonly found pre-installed on devices like the HP MediaSmart Series of devices, which are small form factor computers which more closely resemble Network Attached Storage (NAS) due to their ability to house many disks.

Windows Home Server is no new operating system however. It is actually Windows Server 2003 Small Business Server (SBS) with a pretty shell GUI on top and a few modifications.

The design of WHS however is that you never actually access the server. The access is completed via the Home Server Console which is a GUI installed on client computers, which serves a double purpose. One, it provides administrative access to the server for someone in the house with the admin password. The second purpose is that it configures the client to work with the home server allowing it to access the shared media and files and to work with the backup features.

Read the Full Post