Solved

Firewall & RRAS in SBS2003 SP1

Posted on 2006-10-20
12
906 Views
Last Modified: 2008-01-09
Hi guys

I'm tearing my hair out with this one, can you help, please?
We are running a single server under SBS2003 SP1 with XP Pro SP2 clients.

I have updated our AVG antivirus network edition to the latest version and remotely installed updates to all clients, but cannot do so to the server on which the AVG RemoteAdmin software resides, whereas it would do so with the last major update of 7.1.

Grisoft TechSupport are pointing to the firewall as a problem.

Windows firewall exceptions are set in group policies and include provision for the remote agent, however the firewall is disabled in SBS2003 so the policy has no effect.  
Trying to open the firewall on the server produces the error, "Windows Firewall cannot run because another program or service is running that might use the network address translation component (Ipnat.sys)"

The reason for it being disabled appears to be an incompatibility between the firewall and RRAS but I cannot find out how (or if I can) create exceptions in RRAS to allow the software to work.

Is it possible?  If so, how, please?

Thanks, in advance
0
Comment
Question by:morse57
  • 5
  • 4
  • 2
12 Comments
 
LVL 2

Expert Comment

by:funky2yc340
ID: 17774477
Have you tried stopping the RRAS server before you run the update?  This would at least tell you if RRAS was actually blocking the update and/or whehter to look somewhere else for the problem.

To stop the RRAS server:
1.  Enter RRAS manager, right-click on server, choose Stop.
0
 
LVL 2

Author Comment

by:morse57
ID: 17786999
Hmmmm

Seems that RRAS wasn't the problem - AVG still won't install with it turned off.  I've unistalled the old version and installed the new one manually, instead of via the Admin console & hooked it up to the Admin centre.  Everything appears to be working OK.

The query remains, though: can I make exceptions for ports/programs as one can in windows firewall?

Cheers
0
 
LVL 2

Expert Comment

by:funky2yc340
ID: 17787487
You can make exceptions in RRAS.  If you right-click on any of your connections, in RRAS Manager, select properties.  Go to the Advanced tab and select Add to configure additonal attributes.  Select MS-Quarantined-IP Filter.  Here you can add inbound and outbound ports to allow.

You may also need to add the MS-Quarantined-Timeout attribute, if it's not already enabled.

Hope this helps.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17800331
If the software is running on the SBS, then there is no reason at all that either RRAS or ANY firewall would interfere with it's operation locally.  The only issue would be if it needs to go out to the Internet for an update.

Can you please be more specific as to the problem you are encountering?  You state that you "cannot install the update" on the server.  What specific error are you getting?

Jeff
TechSoEasy
0
 
LVL 2

Author Comment

by:morse57
ID: 17801584
Hi Jeff

I was getting 3 errors in total.

Event Type:      Error
Event Source:      AVG7
Event Category:      Error
Event ID:      100
Date:            20/10/2006
Time:            18:09:18
User:            *******
Computer:      OUR SERVER
Description:
2006-10-20 17:09:18,875 OUR SERVER [008108:005484] ERROR 000 AVG7.STool.Com Exit: GetNewerInstallPackageFileName - failed - no instal file

Event Type:      Error
Event Source:      AVG7
Event Category:      Error
Event ID:      100
Date:            20/10/2006
Time:            18:09:19
User:            *******
Computer:      OUR SERVER
Description:
2006-10-20 17:09:19,093 OUR SERVER [008108:005484] ERROR 000 AVG7.STool.Scan GetInstallUser: InstallUser can't be obtained

Event Type:      Error
Event Source:      AVG7
Event Category:      Error
Event ID:      100
Date:            20/10/2006
Time:            18:29:38
User:            ********
Computer:      OUR SERVER
Description:
2006-10-20 17:29:38,859 OUR SERVER [007652:008004] ERROR 000 AVG7.CC.plugins.avgcckrn.CRemoteCommunicationPluginController getting state failed with error: Error 0x80004003

The errors appear, prima facie, to indicate that the setup is misconfigured but this is not the case; the admin centre had been used to successfully distribute the package to the network pcs but stubbornly refused to put it on the server itself.

AVG blamed the firewall, I told them it wasn't running because of RRAS and that seemed to stump their TS people.  

Thanks for moving the question, I thought I'd put it in SBS topic area, clearly not. Sorry.

Cheers
Steve
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17828100
I just want to double check that you modified all of these replacing the real name of your server with "our server".  The reason I need to check is that if your server name really did have a space in it's name that could be the rason that AVG won't install.

Jeff
TechSoEasy
0
 
LVL 2

Author Comment

by:morse57
ID: 17850832
Sorry, I didn't get an email about your response.

That's right - should have read our-server, no spaces as in the real name.

Cheers
Steve
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17851403
I think I may have found something to help you out here:  http://snipurl.com/10yb2

Jeff
TechSoEasy
0
 
LVL 2

Author Comment

by:morse57
ID: 17856523
Thanks, Jeff, however I have had this same communication from Grisoft.  I had set the relevant ports via group policy previously for the earlier version of AVG, I've checked and they are as they should be and there hasn't been any problem rolling out the software to clients or subsequent communications.

The difference on the server is that it is using RRAS, not running the windows firewall, so isn't affected by the GP settings (AFAIK), hence the origin of my question about RRAS.  Turning off RRAS has not defeated the problem.

Cheers
Steve
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 500 total points
ID: 17856646
Okay, sorry, I was on some other tangent for some reason... you can configure an open port in RRAS the same way you would in the Windows Firewall or on a Router's interface.  

Open the Server Management Console > Advanced Management > Computer Management (Local) > Services and Applications > Routing and Remote Access > IP Routing > NAT/Basic Firewall.  

Then right click on the Network Connection > Properties > Services and Ports.  Here you can add any service you like.  You should always use 127.0.0.1 for the IP address unless this service is being hosted on another computer in the LAN.

Jeff
TechSoEasy
0
 
LVL 2

Author Comment

by:morse57
ID: 17867059
Thanks, once again, Jeff.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

The problem of the system drive in SBS 2003 getting full continues to be an issue, even though SBS 2008 and SBS 2011 are both in the market place.  There are several solutions to this, including adding additional drive space or using third party uti…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now