Firewall woes, mostly. (1 Viewer)

Mr Whippy

Portal Member
June 18, 2019
21
0
44
Home Country
United Kingdom United Kingdom
I'm struggling to get MP2 working here on just a client/server on same machine config. I'm running Win7. The eventual goal is a dedicated server with capture cards, and a separate client.

I've had it working in ways by just faffing around with firewall rules etc, but the overall smoothness is just not there yet.


I run a 'hardened' Win7 install, so I strip back a lot of unnecessary stuff. Ie, SMB/file and printer sharing, SSDP, and just run IP4 on the network adaptor. I do run HDCP but the router always assigns the same IP. Plus it seems MP2 on a client/server machine doesn't care as the IPs are all loop back addresses.

I run a closed firewall (block in and out), and use a notifier tool (windows firewall notifier) to detect connections and then I can assign rules appropriately. It seems that the basic MP2 rules don't allow what is required on the outbound side of things. Even with everything allowed to pass (at least anything popping up as being blocked) repeated connections appear to be blocked occasionally (SSPD especially, is this needed for the single machine setup?)

I'm unsure if this is a Win7 firewall bug, but if I set a rule to allow the MP2 exes to do anything they want, the notifier still pops up with stuff like SSPD failures for given exes, despite the rule allowing them (in theory). If I set an explicit rule, sometimes it's still blocking that exact connection which is allowed by an exact rule. I'm unsure if this is just MP2 doing something weird with services rather than exes?!
Also, is mySQL traffic still a thing in MP2?



I did have MP2 at least playing TV from my capture card last night, but today it seems to not be playing ball. I did an uninstall of MP2, but it seems that uninstall doesn't uninstall everything, so all the broken config is left behind somewhere.
I've run repair, but that doesn't repair anything, it just adds a load of firewall rules that don't work.


This also means the TV won't load in the client (no TV provider available (yet)) error, and I can't add media sources (home server currently not connected).

Service Monitor says 'server status - connected to server'
Attached clients: MP2 client - my PC name


I've kinda exhausted the obvious stuff.

Is there any explicit firewall rules (I found them for MP1, but not MP2) for both in/out so I can be assured all is working as it should be on the firewall side?

I've tried disconnecting from the internet and then turning off the firewall, resetting server/client, but still no joy.

Is there any way to fully uninstall the software and config data? Or a way to reset the config data?

Does anyone run a somewhat hardened firewall with MP2? Care to share the firewall in/out rules you use to guarantee proper connectivity?

Is there a network debugging tool so you can basically look and see what's 'ok' and what isn't 'ok' so you can easily rectify the issue?

Cheers

Dave
 

ge2301

Lead Design MP2
  • Team MediaPortal
  • January 11, 2014
    8,705
    3,491
    Stuttgart
    Home Country
    Germany Germany
    Go to “/program data/team mediaportal” and delete the content. It includes all configuration files but also data bases! Means really everything is gone, so consider well you want that.
    Regarding firewall I can not help unfortunately. I’m running Windows 10. When starting MP2 first time the firewall automatically asks to add exception rules and it works directly. But also on Windows 7 I had no trouble. Have you once tried to deactivate the firewall? Then you know at least it’s really the only root cause.
     

    Mr Whippy

    Portal Member
    June 18, 2019
    21
    0
    44
    Home Country
    United Kingdom United Kingdom
    OK re-installed (after deleting a folder in program data)

    Oddly, I uninstalled via the uninstall link in the start menu this time, and then when I ran the installer again, it only had repair or un-install. So even the un-installer in the start menu item isn't working fully.

    The wiki showed (for MP1) an uninstaller that gave options for repair, program only, program and data etc... a shame that the MP2 installer lacks that functionality and you have to manually delete files.



    Anyhow, installed and it's working now. I've hammered the firewall notifier 'accept connection' button so I now have a whole load of explicit rules.

    I'll have to try refine what I have here and try understand what is going on with the explicit vs broad rule issue and MP2 not seeming to want to use the broad issue rules.

    Slowly but surely getting there.



    However, once again I find MP2 limited vs MP1 (based on what comes up in searches for help)

    I've noted MP1 allows you to not start the server at boot, but in MP2 there is no option (I can find) except literally loading the service manually at load.

    The reason why? Well if I disable the service windows boots and gets network connectivity after the logon screen within seconds.

    If the service is active, all the while the service is "starting" (about 20-30s) the network icon is unresponsive with the swirly icon over the top.

    I've no idea why the software seems to hang my network startup for so long. Or even why the service is sitting starting up for so long.


    If I start the service manually when I get into windows, with the network already running, SSPD connections are attempting to be made for a good while (I have SSPD disabled).

    My gut feeling is that the server is just trying to scan my network to detect everything, before finally giving up.




    Does anyone know if you can disable server service auto-start via the actual software, or do you have to do it via services? And then use the service monitor to start it? Seems a bit weird to not have a toggle in the service monitor menu.

    Do you need the client launcher for anything? It *looks* like it's just a button to add/remove it from auto-start?

    Also does anyone know if you can configure the package to not be using network discovery/uPNP/SSPD etc, and just communicate explicitly where needed? The server software is just constantly asking for an outbound connection.
    On a local install all it needs really is loop-back.
    Even on a server/client installation it could get away with an explicit server/client IP/hostname setup. There should be a toggle somewhere, but Google and wiki show nothing (at least not for MP2)


    Thanks

    Dave
     

    mrj

    Portal Pro
    January 27, 2012
    252
    100
    Does anyone know if you can disable server service auto-start via the actual software, or do you have to do it via services? And then use the service monitor to start it? Seems a bit weird to not have a toggle in the service monitor menu.


    use right mouse click on the icon
    upload_2019-6-24_13-49-33.png


    upload_2019-6-24_13-47-10.png


    You can also read the wiki
    MediaPortal 2 ServiceMonitor
     
    Last edited:

    ge2301

    Lead Design MP2
  • Team MediaPortal
  • January 11, 2014
    8,705
    3,491
    Stuttgart
    Home Country
    Germany Germany
    The wiki showed (for MP1) an uninstaller that gave options for repair, program only, program and data etc... a shame that the MP2 installer lacks that functionality and you have to manually delete files.
    The installer is currently completely reworked by @aspik and I think these options are on the list as well.
     

    Mr Whippy

    Portal Member
    June 18, 2019
    21
    0
    44
    Home Country
    United Kingdom United Kingdom

    Mr Whippy

    Portal Member
    June 18, 2019
    21
    0
    44
    Home Country
    United Kingdom United Kingdom

    Ah, thank you.

    Not sure I’ll be going down the remote route given mouse/keyboard are native on a PC.

    I just need to find a nice mouse and keyboard for the final setup.

    Just trying to decide if I want to make a cheap node 304 to test on for now, or go straight for a Streacom fc5 or something.

    Hmmm
     

    mrj

    Portal Pro
    January 27, 2012
    252
    100
    The service for the server however, can’t be turned on/off anywhere can it?
    Not that I know of.

    You can toggle the state of the MP2-Server using the supplied bat file.

    Right mouse button and choose run as admin
    hth mrj

    /Edit
    Maybe I missunderstod you.
    Why not change the MP2-Server to start manually and you are done.
     

    Attachments

    • ToggleMP2ServerOnOff.zip
      178 bytes
    Last edited:

    Mr Whippy

    Portal Member
    June 18, 2019
    21
    0
    44
    Home Country
    United Kingdom United Kingdom
    Yes I'll set it to start manually and then use the server listener to toggle.


    It wasn't really an issue, except that my networking would lock up for about 30s while the MP2 server service starts at first load into win7.

    Even then, it doesn't start properly, and needs stopping/starting for the TV config to load without erroring.


    I think there is a bug in there somewhere around the uPNP/SSPD connections sent from the server (but not working because I've disabled them) that is making it fail to load and/or slowing the loading (30s) of the server service *and* my network connection connecting.

    I need to do more testing, but an explicit block on the SSPD/uPNP might have fixed this.

    Currently now testing a Win10 laptop with the client to see if it connects ok, and then will pare back it's firewall to the bare essentials.


    Just out of curiosity is MP2 still considered a bit beta/WIP? Am I better off using MP1 still for a solid no-fuss system?
     

    Users who are viewing this thread

    Top Bottom