Solved

RPC client server access denied on windows xp sp2

Posted on 2004-10-19
3
1,101 Views
Last Modified: 2008-01-09
problem history:
an RPC client program that communicates with an RPC server program over tcpip on port 8000 was running fine before winxp sp2 installation.

after windows xp sp2 I started getting ERROR_ACCESS_DENIED when the client tries to contact the RPC server program.

I had to add registry key RestrictRemoteClients=0 to enable client to communicate with the RPC server program on the local machine.

also I had to turn the windows firewall off to enable remote clients to contact the RPC server program.

question:
Is there a better way for doing this. that is per program instead of compromising the whole system?


note:
the server program registers with
      status = RpcServerRegisterIf(
                                 IndexerInterface_v1_0_s_ifspec,
                                 NULL,
                                 NULL);





0
Comment
Question by:BMaadarani
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 4

Expert Comment

by:tmcguiness
ID: 12349648
I'd configure the firewall to restrict by port instead of just disabling it. Go the advanced tab on the properties window of your network interface, where you enable or disable your firewall. Go ahead and enable it and go to settings. You'll need to add tcp 8000 to allow the access you need, so click add and put in what ever description you want. If you want to restrict it to a particular destination address you can enter it there, if not just leave it blank. In the external port number field enter 8000 and make sure the TCP radio button is checked. That should take care of you.

As far as your RestrictRemoteAccess registry key, you should be able to leave this at the default, unless somebody is going to be initiating sessions from the outside.

Good Luck!
0
 

Author Comment

by:BMaadarani
ID: 12350611

the problem is that nothing works if RestrictRemoteAccess =1, even if the server and client are on the same machine and the firewall is off.

0
 
LVL 4

Accepted Solution

by:
tmcguiness earned 125 total points
ID: 12351601
Sorry, I misunderstood.  

Let me see if I've got the scenario right. You've got a server with an application running on TCP 8000 that you want other machines to access. The workstations aren't really a concern.

If this is right, I wouldn't worry about setting the RestrictRemoteAccess=0 provided you have the box secure.  I'd use the built-in firewall or a different firewall and close down all the ports that you don't absolutely need for incoming traffic leaving port 8000 open.  You can also close ports 1023 and below for outgoing traffic and exclude any you know you will need like http or ftp. Once you've done that, the only way anybody would be able to get in would be through port 8000 TCP. Doing it like this, you are limiting access to your machine to only particular applications that you specify by port. The registry entry is a blanket all or nothing deal that you could use if you really needed to lock down a machine.
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Rogue RDP Connections 5 107
Barracuda WAF Training? 2 69
Active Directory Cleanup Report 2 48
Wanna Cry - Does SMB need to be disabled on VPN tunnels? 2 49
OnPage: Incident management and secure messaging on your smartphone
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question