Solved

RPC client server access denied on windows xp sp2

Posted on 2004-10-19
3
1,093 Views
Last Modified: 2008-01-09
problem history:
an RPC client program that communicates with an RPC server program over tcpip on port 8000 was running fine before winxp sp2 installation.

after windows xp sp2 I started getting ERROR_ACCESS_DENIED when the client tries to contact the RPC server program.

I had to add registry key RestrictRemoteClients=0 to enable client to communicate with the RPC server program on the local machine.

also I had to turn the windows firewall off to enable remote clients to contact the RPC server program.

question:
Is there a better way for doing this. that is per program instead of compromising the whole system?


note:
the server program registers with
      status = RpcServerRegisterIf(
                                 IndexerInterface_v1_0_s_ifspec,
                                 NULL,
                                 NULL);





0
Comment
Question by:BMaadarani
  • 2
3 Comments
 
LVL 4

Expert Comment

by:tmcguiness
ID: 12349648
I'd configure the firewall to restrict by port instead of just disabling it. Go the advanced tab on the properties window of your network interface, where you enable or disable your firewall. Go ahead and enable it and go to settings. You'll need to add tcp 8000 to allow the access you need, so click add and put in what ever description you want. If you want to restrict it to a particular destination address you can enter it there, if not just leave it blank. In the external port number field enter 8000 and make sure the TCP radio button is checked. That should take care of you.

As far as your RestrictRemoteAccess registry key, you should be able to leave this at the default, unless somebody is going to be initiating sessions from the outside.

Good Luck!
0
 

Author Comment

by:BMaadarani
ID: 12350611

the problem is that nothing works if RestrictRemoteAccess =1, even if the server and client are on the same machine and the firewall is off.

0
 
LVL 4

Accepted Solution

by:
tmcguiness earned 125 total points
ID: 12351601
Sorry, I misunderstood.  

Let me see if I've got the scenario right. You've got a server with an application running on TCP 8000 that you want other machines to access. The workstations aren't really a concern.

If this is right, I wouldn't worry about setting the RestrictRemoteAccess=0 provided you have the box secure.  I'd use the built-in firewall or a different firewall and close down all the ports that you don't absolutely need for incoming traffic leaving port 8000 open.  You can also close ports 1023 and below for outgoing traffic and exclude any you know you will need like http or ftp. Once you've done that, the only way anybody would be able to get in would be through port 8000 TCP. Doing it like this, you are limiting access to your machine to only particular applications that you specify by port. The registry entry is a blanket all or nothing deal that you could use if you really needed to lock down a machine.
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Adoption of Microsoft’s Enterprise Mobility and Security solution and Office 365 will re-order the File Sync and Share market Microsoft has stated that its Enterprise Mobility + Security (EMS) is the fastest growing product in the history of the …
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question