Port Forwarding in Windows

I always enjoy finding something new that meets a need. As you might guess from the title, I found myself recently needing to forward a port on a Windows server. The scenario is that I had a server I need to allow access to from an network that hadn’t been originally planned to do so. I could have just opened a firewall port, but I prefer to set up a more secured method.

For web connections this can be done using a reverse proxy pretty easily and Windows 2012 server even includes a wizard to make this easier to set up. In this case I needed to forward an arbitrary port to the same port on another server.

It turns out this functionality is built into Windows and has been since at least 2008 and the command to do so is pretty simple.

netsh interface portproxy add v4tov4 listenport=80 listenaddress 10.0.0.1 connectport=8088 connectaddress=192.168.1.75

This binds port 80 on address 10.0.0.1 on the local server and forwards any traffic received on this port to port 8088 at address 192.168.1.75. The response is also returned back through the proxy to the source server. It works quite nicely in early testing and fills a need I’ve always had trouble finding a good, reliable solution for on Windows. There are only a few limitations I’ve found so far. From my reading it seems to require IPv6 to be installed to work even if you’re not doing an IPv6 connection. It also cannot bind the localhost addresses which limits use in development scenarios. Documentation on the command is at http://technet.microsoft.com/en-us/library/cc731068%28v=ws.10%29.aspx.

As implied by the v4tov4 portion of the command, you can use this to set up proxies between IPv4 and IPv6 servers. That should come in handy when migration to the new IP version comes over the next few years.

Encoding CSR on Exchange 2010

Mostly writing this for my own benefit as I have to do this a couple times a year and always have to look it up. By default if you request a new or renewed certificate signing request on Exchange 2010, it comes out as a binary file that almost no certificate authority accepts. They want a base 64 encoded file instead.

It’s easy to convert the binary file to base 64 though using the certutil utility using the encode option.

certutil -encode C:\renewal.req C:\renewal.csr

This command encodes the binary file renewal.req into a base 64 encoded file renewal.csr that will work with any certificate authority.

Boulevard of Dreams

Yesterday I received an email reminding me that a domain name that I’d registered last February expires soon. Logging in to renew presents me with a list of all the domains I have.  It’s a bit like walking down memory lane, the online equivalent of visiting somewhere you used to live. The domains range from my first domain registered back in the late 1990’s, and still live though not updated in a couple years. Most are in use and supporting live web sites for myself or for clients that I’ve consulted with.

More interesting are those just sitting there at the moment. I’ve learned to register a domain name when I get an idea after finding one no longer available when I went back a few years ago. Some are registered for projects on that someday/maybe list.  These are the ones I’ll get to when time and priorities allow. Others remind me of projects that never came to pass. There’s a photography project that didn’t come about, but I later reused for something entirely different.  There’s a side business that didn’t work out.  Most are sitting there waiting for the day when they’ll be needed.

Some I wonder if I’ll ever use.  A project I investigated a few years has little chance of coming to anything, but I still keep the domain name just in case.  I’ve been surprised sometimes when an old name suddenly becomes useful.  As I mentioned, a photography project that didn’t work out left me with a domain name that sat idle for a couple years before working perfectly for a completely different project last spring.

I also don’t let domains go because of a lesson from a friend. She owned a domain that she let expire. It was immediately snapped up by someone else and she’s not had the chance to get it back. There are ways to get them back, but the time and cost are not trivial and she’s never felt the urgency to pursue it.  Still not having the domain limited her options and I don’t want to wind up in that same place.

In the end those unused domains are options.  Having them gives me options and I like that.

Moving Web Servers

A few notes from the recent move of about ten web sites from one server to another.

Plesk

Plesk is a nice tool for managing web sites, but I’ve found the migration tool to be so quirky as to be useless.  Last time I migrated servers I spent more time migrating than manually moving them would have taken.  This time, I spent about two hours fighting the migration tool before doing a simple backup/restore through Plesk.  Due to space limitations of old server I couldn’t migrate content through backup/restore, but a simple FTP took care of that.  Worked much more smoothly and I had everything done in about four hours total.

Migrating Databases

There needs to be an easier way to move a database from one site to another.  That took much of the time of the move and in the end I again found just moving the actual files to be the easiest method.

Logins also cause problems when you backup/restore or move the database file.  The login is server level, but the details reside in the database.  When you restore or attach, the two aren’t automatically connected.  You can either delete the user in the database and recreate (not always possible or desirable) or use the sp_change_users_login stored procedure to link the two.  I know that stored procedure is deprecated, but old habits die hard.  The replacement is the ALTER USER command, but the stored procedure still works in Microsoft SQL 2008.

Showing ASP Errors under Windows 2008

ASP still lives.  Two of the sites run, and work quite well, as ASP pages.  Out of the box Windows 2008 doesn’t provide much useful information for errors.  You can fix that using two steps of the web site:

  1. Set Site –> ASP –> Debugging –> Send Errors to Browser to True and click Apply
  2. Set Site –> Error Pages –> 500 –> Edit Feature Settings to Detailed Errors if you need to be able to troubleshoot from a remote connection.  The default only sends the detailed error to local connections.
  3. Change back if desired after the problems are resolved.

ASP Parent Paths under Windows 2008

A lot of ASP pages use parent paths and these are not turned on by default in Windows 2008.  This can be changed under the Virtual Application Settings –> Allow Parent Paths.

ASP.NET Migration

Always check the version of .NET the application is running under.  Most problems come back to this.  Next check any database connection string point to the correct server.  About 90% of errors after a move are one of those two items.

Update – SQL 2008 Issue

Found an issue I’d not encountered before when installing SQL 2008 Express R2.  It installed with dynamic ports by default.  Likely related to the fact I installed SQL using the web platform and not installing directly.  For info and changes to fix see http://serverfault.com/a/92288.