Firewall/port block issue

Cause:

This message is shown when a firewall is configured on the remote computer. Such exceptions mostly occur in Windows XP (SP-2), when the default Windows Firewall is enabled.

1. Configuring Windows Firewall

a. Disable the default Firewall in the workstation. To disable the Firewall in Windows XP (SP2)

  1. Select Start->Run
  2. Type Firewall.cpl
  3. Click OK.
  4. In the General tab, click Off.
  5. Click OK.

b. If Firewall cannot be disabled, launch Remote Administration feature for administrators in the remote computer and then scan the workstation. The following command when executed in the target computer can enable this feature:

netsh firewall set service RemoteAdmin

After scanning the computer, if required, the Remote Administration feature can also be disabled. The following command disables this feature:

netsh firewall set service RemoteAdmin disable

c. Instead of executing the command in each and every machine, you can configure the above commands through Policy Editor globally as follows:

  1. From Start -> Run -> gpedit.msc (to open Group policy editor)
  2. Computer Configuration folder.
  3. Open the Administrative Templates folder.
  4. Open the Network folder.
  5. Open the Network Connections folder.
  6. Open the Windows Firewall folder.
  7. If the computer is in the domain, then open the Domain Profile folder; otherwise open the Standard Profile folder.
  8. Click Windows Firewall: Allow remote administration exception. On the Action menu, select Properties.
  9. Click Enable, and then click OK.

2. Configuring 3rd Party Firewall/Security Software

If any 3rd party Firewall/Security Software is running in the target workstation then,

  • Edit the System Registry to restrict random port to specific ports.
  • Open the configured WMI ports in the Firewall/Security software

STEP 1: Script to restrict WMI Ports:

As mentioned above one random port will be chosen by the OS within 2000-6000 for WMI requests.

  1. Download the file “wmi_port_setup.txt”
  2. Copy the file as “wmi_port_setup.vbs” in the target workstation.
  3. Execute the script using Cscript from command prompt as follows:
    DIR_OF_SCRIPT_FILE> CSCRIPT wmi_port_setup.vbs
  4. Restart the Workstation (recommended)

STEP 2: Open ports in the 3rd Party Firewall/Security Software:

Open the Ports: TCP 135, TCP 445, TCP 5000, TCP 5001, TCP 5002 in the firewall

3. WAN/VPN Connection with NAT Box

If the Server workstation and the target Workstation is connected through a WAN/VPN with a NAT box between them,   follow the below procedure:

STEP 1: Configure Firewall

Configure firewall (if any) between the Server and target workstation. To configure the firewall, kindly refer the procedures mentioned above.

STEP 2: Scan the workstation using FQDN

Scan the target workstation using its FQDN (as identified in its own LAN). Modify the DNS/Host file of the Server so that the target workstation is reachable by its FQDN.

Need More Help?

Are you looking for a personalized customer support? Submit your question or Call our Toll Free Number to speak with ServiceDesk Plus MSP Expert who can offer a better solution for your requirements.

Submit a Ticket
Email : sdpmsp@manageengine.com
Toll Free : 1-888-720-9500