Windows Home Server 2011 Cross Subnet Client Computer Backup

Windows Home Server 2011 is a great product for home use, but it’s design is centred around homes with very basic single subnet flat networks.

A lot of home networking devices shipping these days give you the ability to separate your wired network and wireless network into separate VLANs, such as Linksys products which by use for the wired network and for the wireless network by default when the feature is enabled, or there are geeks like me who run their homes like a miniature enterprise with router-on-a-stick topologies or even vast OSI Layer 3 switched networks.

This causes problems for Windows Home Server 2011 Connectors installed on your client computers running Windows XP, 7, 8 or Macs as out of the box, they can’t communicate with the Home Server and complete their daily scheduled backup jobs leaving you unprotected.

Fortunately, this is fixed very easily with a quick Remote Desktop onto the server. It’s wise to point out now that Microsoft don’t support this modification, however it’s such a small change that I would argue Microsoft would be crazy to deny support for an end-user based on the change and it would be very easy to change back to default if they did complain.

  1. Start a Remote Desktop Services session to the server and logon as the Home Server Administrator account.
    (If you are unsure of how to do this, then you can find this elsewhere online. Anyone unsure of using Remote Desktop probably isn’t a great candidate for making firewall configuration changes either).
  2. From the remote session, open Windows Firewall with Advanced Security from Control Panel Administrative Tools.
  3. Scroll through the list of rules until you find the block listing the following services:
    Windows Server Certificate Service
    Windows Server Client Computer Backup
    Windows Server Connect Computer Web Site
    Windows Server Discovery
    Windows Server Mac Web Service
    Windows Server Provider Framework
  4. For each of these services, open the properties, and select the Scope tab.
  5. If you are unsure of the address boundaries of your subnets, then the easiest thing is to change this from Remote IP Address Local Subnet to Remote IP Address Any IP Address, although I don’t recommend this configuration.
  6. If you know the address boundaries of your subnets, then click the Add button and add either the slash notation for the subnet address in the top box, or select This IP Address Range and enter your starting and ending addresses.
    In my case, I added the slash notation of the subnet for my wireless network (eg.
  7. Once you have updated the scope, select theOKbutton to commit the change. No server restart, client computer restart or anything else is required to make it work. The server will simply now start accepting connections from the addresses you specified.

It’s worth noting that this change will also now allow you to join clients to the Home Server from your wireless subnet as again, by default, I found you had to resort to a physical connection to get the connector client installed as it wasn’t able to detect the Home Server otherwise.


Richard works as a Cloud Consultant for Fordway Solution where his primary focus is to help customers understand, adopt and develop with Microsoft Azure, Office 365 and System Center. Richard Green is an IT Pro with over 15 years' of experience in all things Microsoft including System Center and Office 365. He has previously worked as a System Center consultant and as an internal solutions architect across many verticals. Outside of work, he loves motorbikes and is part of the orange army, marshaling for NGRRC, British Superbikes and MotoGP. He is also an Assistant Cub Scout Leader.