Accessing WHS remotely

After getting WHS up and running, I wanted to see what it would take to access WHS remotely. Because my router already forwards such ports as 443, 3389 and 4125 to my SBS Premium server, I was stepping into fairly unknown waters for me. As I tell people, I barely can spell “ISA”.

Assumptions / Prerequisites:
1. I was hoping to take an approach that would NOT mess with how I currently access my SBS server via RWW, OWA, RDP. And I almost succeeded. Unfortuantely port 4125 (RWW) can be changed on the SBS server, but it is hard coded for WHS. I will address the 4125 issue in a followup post.

2. For this first attempt, I knew that I would NOT be using the WHS generated domain name (*, since I would have conflicts with the SSL on my SBS box and SSL on my WHS box. So, my plan was to use my public URL and the SBS self-signed cert that I use to access my SBS server.

I use TZO since my SBS server is on a dynamic IP. So I have a TZO URL ( pointing to the public IP address of my SBS server. Since is routed to my SBS box, my goal is to configure ISA so that takes me directly to my WHS box.

3. Because I would not be using the WHS SSL cert, I would be using https to get to my SBS box, but then http to forward requests to my WHS box. 

I have a fairly standard 2-nic SBS Premium network setup. The Verizon FIOS modem is attached to a Linksys DSL/cable router box, which is connect to NIC-1 on my SBS server. NIC-2 is attached to a switch where all my other workstations and WHS server are connected.

SBS Server Changes:

ISA Rules:
For this first attempt, I used the SBS Web Listener already in place rather than creating an additional new web listener in ISA. So all I had to do was to create a new Web Publishing rule in ISA (right click on Firewall Policy, New > Web Server Publishing Rule), with the following details:

Name of rule: WHS
Action: Allow
From: Anywhere
To: KWHOME (this is the computer name of my WHS server)
Do not enable forward original host headers
Select ‘Requests appear to come from the ISA server’
Listener: SBS Web Listener
Public Name: all requests
External: /whsremote/*   Internal: /home/*
External: <same as internel name> Internal: /remote/*
Bridging: Enable ‘Redirect requests to HTTP port 80’, Disable ‘Redirect requests to SSL port’
Users: ALL

Edit Hosts file:
On my SBS server I edited the HOSTS file (located at c:\windows\system32\drivers\etc) using Notepad, and included the following line:

WHS Server Changes: 

Disable WHS requirement for SSL:
Go to IIS on the WHS box and disable the SSL requirement for the WHS default web site.

Access the WHS Windows desktop, and click on Start > All Programs > IIS
Drill down Web Sites > Default Web Site > Remote
Right click on Remote and click Properties
Click on the Directory Security tab
Click Edit
Uncheck ‘Require secure channel (SSL)’

I applied the following regedits to the WHS server to address RSS/TCPChimney issues. It may not be necessary for all cases:


With these changes, from any remote computer I can go to and login to my WHS server. I can also browse shared folders, and upload/download files. But I cannot remotely access the WHS console or workstations via RWW on the WHS server, as I need to tweak 4125. That’s for a later blog.


2 thoughts on “Accessing WHS remotely

  1. Excellent post, this is exactly what i am trying to do, however i only have SBS 2003 R2 Standard edition, and so i dont have ISA server, this means i can not create the ISA rule? is there some way this can be achieve just with IIS?

Leave a Reply

Your email address will not be published. Required fields are marked *