Virtualizing WHS in WS08 Hyper-V

This isn't really cert related, but may be interesting to some.

So I bought and built my home server and didn't have time to really put anything fun to work with on it, so I put Windows Home Server on it and began using it for the backups/file storage, etc. I also started using VMWare on top of it for OS study/experimentation.

I decided it was time to get WHS off the hardware, since it wasn't really making use of the beefy stuff I have in it. I originally had 1 500GB hard drive. I bought a 1.5TB hard drive from Seagate and popped that bad boy in there, made 3 500GB partitions, then backed up my WHS backup database to one partition and backed up my shared folders in WHS to one of the other partitions.

This left me with the original OS's 500GB drive, partitioned into a 20GB OS partition, and a ~480GB partition for data, plus the second hard drive, with 2 partitions used, and one unused. I decided to install Windows Server 2008 64-bit Standard Edition on the 20GB OS partition and use the ~480GB partition as data for the WS2008 apps, virtual servers, etc. Then the plan was to have the end result be the OS with the 20GB OS partition, the ~480GB partition for data, with the 1.5TB drive for WHS storage.

Loaded up and installed WHS in hyper-v with an expanding .vhd, transferred over the backup database and shared folders, then deleted all data from the 1.5TB drive and created three expanding max 495GB .vhd disks on the 1.5TB drive. I created all my users on the WHS server, then transferred the backup database into WHS and it saw my backups from before, so that was a success. I loaded the backup shared folders and those were reachable fine by each user, so that was a success as well.

Happy day...I've successfully changed my Windows Home Server to a Windows Server 2008 64-bit Standard Edition with a virtualized Windows Home Server for all my backups/shares/media.

Now I've gotta work on getting a VPN set up so I can VPN to my home network from abroad rather than RDP'ing.

Find more posts tagged with

Comments

darkerosxx

Looks like I'm gonna use a Secure Sockets Tunneling Protocol (SSTP) VPN on the server, which sucks because it takes up port 443. That means I won't be able to connect to my WHS over the internet.

Have to use SSTP VPN because it's behind a NAT router and I don't want to mess with the registry. Argh!

dynamik

What do you mean you won't be to connect to your WHS over the internet?

How are you connecting to it? IIS? If so, why don't you just change that port number?

You can use PPTP with NAT as well.

darkerosxx

Ok, so I have www.site.com and vpn.site.com both pointing to the same public IP address. When the router receives requests to port 443, I can only forward it to one IP address. On my internal network, the WS08 and WHS are different IP's. If I tell the router to point 443 to WS08, how could I get the SSL web traffic requests to reach the WHS?

And yeah I decided to stay away from PPTP since it sends authentication information unencrypted.

skeet2331

I also have WHS running in my house. You can change the port WHS listens on for the https connection from the internet.

dynamik

skeet2331 wrote:

I also have WHS running in my house. You can change the port WHS listens on for the https connection from the internet.

Bingo.

And current implementations of PPTP are as strong as the key you use. I'm not sure what your concerns are: http://www.schneier.com/paper-pptpv2.html

darkerosxx

skeet2331 wrote:

I also have WHS running in my house. You can change the port WHS listens on for the https connection from the internet.

Right, but my router can't discriminate between WHS 443 traffic and VPN 443 traffic to point them to two separate internal IP's.

No matter what I do, the SSL/HTTPS traffic is going to reach my router externally using port 443, right?

dynamik

Right, which is why you should change your WHS port to 444 or whatever.

I haven't used WHS myself, but it looks like these might help you out:
http://www.zimbio.com/Windows+Home+Server/articles/6/WHS+how+change+port+certificate+applies

http://wiki.wegotserved.co.uk/Setup_Alternate_Ports_for_your_WHS_Web_Sites

http://mswhs.com/2007/06/21/problems-accessing-whs-web-interface-ports-80-and-443-blocked/

darkerosxx

dynamik wrote:

skeet2331 wrote:

I also have WHS running in my house. You can change the port WHS listens on for the https connection from the internet.

Bingo.

And current implementations of PPTP are as strong as the key you use. I'm not sure what your concerns are: http://www.schneier.com/paper-pptpv2.html

My problem with PPTP lies in the authentication information/hash still being available. I'd rather no one see it, which is why I chose SSTP.

darkerosxx

dynamik wrote:

Right, which is why you should change your WHS port to 444 or whatever.

I haven't used WHS myself, but it looks like these might help you out:
http://www.zimbio.com/Windows+Home+Server/articles/6/WHS+how+change+port+certificate+applies

http://wiki.wegotserved.co.uk/Setup_Alternate_Ports_for_your_WHS_Web_Sites

http://mswhs.com/2007/06/21/problems-accessing-whs-web-interface-ports-80-and-443-blocked/

Dang, I'm retarded. I didn't even think about putting the port numbers at the end of the address in the browser address bar, so HTTPS will reach my router using 4433 if I use https://www.site.com:4433. Forgot all about that cause I haven't used it in so long.

Is it possible to make it point there in DNS? Like, have www.site.com point to [url]www.site.com:4433?[/url]

dynamik

darkerosxx wrote:

My problem with PPTP lies in the authentication information/hash still being available. I'd rather no one see it, which is why I chose SSTP.

I'm the same way, and I use SSTP myself. All I was saying is that PPTP with MS-CHAPv2 and a good key is a very secure solution. There seems to be a lot of fear lingering from old PPTP vulnerabilities that have long since been addressed.

darkerosxx wrote:

Is it possible to make it point there in DNS? Like, have www.site.com point to [url]www.site.com:4433?[/url]

You'd need to do something like this: http://www.dyndns.com/support/kb/webhops_redirections.html#ports

You can't specify ports in DNS.

Changing the SSTP port isn't that big of deal either, if that would be more convenient: http://support.microsoft.com/kb/947032

Are you making the WHS site available to other people? If not, you may not even need to have it publicly available since once you VPN in, you'll be able to access it via its private address.

darkerosxx

Well, I wanted to leave it open so I could access files there on other computers. It'll be pretty easy to remember to add a port extension to the address, so I think I'll go that route. I'll probably work on it tonight and come back with a report on how it went!

Appreciate the help, I never would have remembered the port extension without y'all!

darkerosxx

Well, installing Hyper-V updates today ruined my virtual server configuration, somehow. The error codes were defaults, there's nothing in the event logs, so nothing really to track that I know of. I couldn't start the virtual server for anything.

I created a new virtual server with the same settings and installed the same .vhd disks and everything came up perfectly, so I'm hoping it was just a one-time thing.

I did go through the process of setting up the SSTP VPN, but it ended up not working for some unknown reason. I ended up uninstalling all of the roles because I'm not experienced enough with AD and CA to troubleshoot it.