Solved

RPC client server access denied on windows xp sp2

Posted on 2004-10-19
3
1,092 Views
Last Modified: 2008-01-09
problem history:
an RPC client program that communicates with an RPC server program over tcpip on port 8000 was running fine before winxp sp2 installation.

after windows xp sp2 I started getting ERROR_ACCESS_DENIED when the client tries to contact the RPC server program.

I had to add registry key RestrictRemoteClients=0 to enable client to communicate with the RPC server program on the local machine.

also I had to turn the windows firewall off to enable remote clients to contact the RPC server program.

question:
Is there a better way for doing this. that is per program instead of compromising the whole system?


note:
the server program registers with
      status = RpcServerRegisterIf(
                                 IndexerInterface_v1_0_s_ifspec,
                                 NULL,
                                 NULL);





0
Comment
Question by:BMaadarani
  • 2
3 Comments
 
LVL 4

Expert Comment

by:tmcguiness
ID: 12349648
I'd configure the firewall to restrict by port instead of just disabling it. Go the advanced tab on the properties window of your network interface, where you enable or disable your firewall. Go ahead and enable it and go to settings. You'll need to add tcp 8000 to allow the access you need, so click add and put in what ever description you want. If you want to restrict it to a particular destination address you can enter it there, if not just leave it blank. In the external port number field enter 8000 and make sure the TCP radio button is checked. That should take care of you.

As far as your RestrictRemoteAccess registry key, you should be able to leave this at the default, unless somebody is going to be initiating sessions from the outside.

Good Luck!
0
 

Author Comment

by:BMaadarani
ID: 12350611

the problem is that nothing works if RestrictRemoteAccess =1, even if the server and client are on the same machine and the firewall is off.

0
 
LVL 4

Accepted Solution

by:
tmcguiness earned 125 total points
ID: 12351601
Sorry, I misunderstood.  

Let me see if I've got the scenario right. You've got a server with an application running on TCP 8000 that you want other machines to access. The workstations aren't really a concern.

If this is right, I wouldn't worry about setting the RestrictRemoteAccess=0 provided you have the box secure.  I'd use the built-in firewall or a different firewall and close down all the ports that you don't absolutely need for incoming traffic leaving port 8000 open.  You can also close ports 1023 and below for outgoing traffic and exclude any you know you will need like http or ftp. Once you've done that, the only way anybody would be able to get in would be through port 8000 TCP. Doing it like this, you are limiting access to your machine to only particular applications that you specify by port. The registry entry is a blanket all or nothing deal that you could use if you really needed to lock down a machine.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
Every computer eventually fails. When that happens, your valuable data is only as safe as your current backup.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
A simple description of email encryption using a secure portal service. This is one of the choices offered by The Email Laundry for email encryption. The other choices are pdf encryption which creates an encrypted pdf of your email and any attachmen…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now