Solved

RPC client server access denied on windows xp sp2

Posted on 2004-10-19
3
1,094 Views
Last Modified: 2008-01-09
problem history:
an RPC client program that communicates with an RPC server program over tcpip on port 8000 was running fine before winxp sp2 installation.

after windows xp sp2 I started getting ERROR_ACCESS_DENIED when the client tries to contact the RPC server program.

I had to add registry key RestrictRemoteClients=0 to enable client to communicate with the RPC server program on the local machine.

also I had to turn the windows firewall off to enable remote clients to contact the RPC server program.

question:
Is there a better way for doing this. that is per program instead of compromising the whole system?


note:
the server program registers with
      status = RpcServerRegisterIf(
                                 IndexerInterface_v1_0_s_ifspec,
                                 NULL,
                                 NULL);





0
Comment
Question by:BMaadarani
  • 2
3 Comments
 
LVL 4

Expert Comment

by:tmcguiness
ID: 12349648
I'd configure the firewall to restrict by port instead of just disabling it. Go the advanced tab on the properties window of your network interface, where you enable or disable your firewall. Go ahead and enable it and go to settings. You'll need to add tcp 8000 to allow the access you need, so click add and put in what ever description you want. If you want to restrict it to a particular destination address you can enter it there, if not just leave it blank. In the external port number field enter 8000 and make sure the TCP radio button is checked. That should take care of you.

As far as your RestrictRemoteAccess registry key, you should be able to leave this at the default, unless somebody is going to be initiating sessions from the outside.

Good Luck!
0
 

Author Comment

by:BMaadarani
ID: 12350611

the problem is that nothing works if RestrictRemoteAccess =1, even if the server and client are on the same machine and the firewall is off.

0
 
LVL 4

Accepted Solution

by:
tmcguiness earned 125 total points
ID: 12351601
Sorry, I misunderstood.  

Let me see if I've got the scenario right. You've got a server with an application running on TCP 8000 that you want other machines to access. The workstations aren't really a concern.

If this is right, I wouldn't worry about setting the RestrictRemoteAccess=0 provided you have the box secure.  I'd use the built-in firewall or a different firewall and close down all the ports that you don't absolutely need for incoming traffic leaving port 8000 open.  You can also close ports 1023 and below for outgoing traffic and exclude any you know you will need like http or ftp. Once you've done that, the only way anybody would be able to get in would be through port 8000 TCP. Doing it like this, you are limiting access to your machine to only particular applications that you specify by port. The registry entry is a blanket all or nothing deal that you could use if you really needed to lock down a machine.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
is there an export feature for easy reading in task scheduler 9 108
Changing Antivirus for Corporatre Network 11 69
Risks of using Camtasia Studio 9 108
exchange, email gateway 2 50
It’s the first day of March, the weather is starting to warm up and the excitement of the upcoming St. Patrick’s Day holiday can be felt throughout the world.
Many businesses neglect disaster recovery and treat it as an after-thought. I can tell you first hand that data will be lost, hard drives die, servers will be hacked, and careless (or malicious) employees can ruin your data.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question