Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

RPC client server access denied on windows xp sp2

Posted on 2004-10-19
3
Medium Priority
?
1,121 Views
Last Modified: 2008-01-09
problem history:
an RPC client program that communicates with an RPC server program over tcpip on port 8000 was running fine before winxp sp2 installation.

after windows xp sp2 I started getting ERROR_ACCESS_DENIED when the client tries to contact the RPC server program.

I had to add registry key RestrictRemoteClients=0 to enable client to communicate with the RPC server program on the local machine.

also I had to turn the windows firewall off to enable remote clients to contact the RPC server program.

question:
Is there a better way for doing this. that is per program instead of compromising the whole system?


note:
the server program registers with
      status = RpcServerRegisterIf(
                                 IndexerInterface_v1_0_s_ifspec,
                                 NULL,
                                 NULL);





0
Comment
Question by:BMaadarani
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 4

Expert Comment

by:tmcguiness
ID: 12349648
I'd configure the firewall to restrict by port instead of just disabling it. Go the advanced tab on the properties window of your network interface, where you enable or disable your firewall. Go ahead and enable it and go to settings. You'll need to add tcp 8000 to allow the access you need, so click add and put in what ever description you want. If you want to restrict it to a particular destination address you can enter it there, if not just leave it blank. In the external port number field enter 8000 and make sure the TCP radio button is checked. That should take care of you.

As far as your RestrictRemoteAccess registry key, you should be able to leave this at the default, unless somebody is going to be initiating sessions from the outside.

Good Luck!
0
 

Author Comment

by:BMaadarani
ID: 12350611

the problem is that nothing works if RestrictRemoteAccess =1, even if the server and client are on the same machine and the firewall is off.

0
 
LVL 4

Accepted Solution

by:
tmcguiness earned 250 total points
ID: 12351601
Sorry, I misunderstood.  

Let me see if I've got the scenario right. You've got a server with an application running on TCP 8000 that you want other machines to access. The workstations aren't really a concern.

If this is right, I wouldn't worry about setting the RestrictRemoteAccess=0 provided you have the box secure.  I'd use the built-in firewall or a different firewall and close down all the ports that you don't absolutely need for incoming traffic leaving port 8000 open.  You can also close ports 1023 and below for outgoing traffic and exclude any you know you will need like http or ftp. Once you've done that, the only way anybody would be able to get in would be through port 8000 TCP. Doing it like this, you are limiting access to your machine to only particular applications that you specify by port. The registry entry is a blanket all or nothing deal that you could use if you really needed to lock down a machine.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
Let's take a look into the basics of ransomware—how it spreads, how it can hurt us, and why a disaster recovery plan is important.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question