windows 2008 server firewall config for MTS COM+ dll

Hi

We are under migration process for our servers from 2003 to 2008 R2.

We have a specific client application connecting to the server 2003 via a COM+ Applications called APPMTS which use a component that launch MTSFileXfer command.
We installed the same on our server 2008 R2 before migrating the application.
The applications works perfectly from the client side if the W2K8 firewall is turned OFF, but does not work when turned ON.
We insist on the fact that the application works perfectly when the W2K8 firewall is turned OFF!

The following vb script summarize the process

'Create an object refering to APPMTS
Set mobjMTS = CreateObject("APPMTS.MTSFileXfer", "10.148.0.42") 'MyServer ip address
msgbox "Set mobjMTS - " & err.description & " - " & err.number

'Send the copy command to copy one file from one shared directory to an other shared one on the same server
mobjMTS.CopyFile "\\MyServer\MainDirectory\MyFile.pdf", "\\MyServer\TempCopyFileDirectory\MyFile.pdf"
msgbox "Copy file - " & err.description & " - " & err.number


When the W2K8 firewall is turned ON herewith the error message we receive at line Set mobjMTS:

script: c:\docandsett\admi\dsektop\testmts.vb
line 1
char 1
Error: The remote server machine does not exist or is unavailable: 'CreateObject'
Code: 800A01CE
Source: Microsoft VBScript runtime error

Our question is: how do we have to configure the W2K8 firewall for our application to work?
We turned on the predifined inbound rules
- COM+ Network Access (DCOM-In)
- COM+ Network Access (DCOM-In)

We also added an inbound rule for our registered dll %systemroot%/APPMTS.dll: all profile, allow, any local address, any remote address, any protocol, any local port, any remote port, any allowed computers, any allowed users (we think it is full open for that dll)

Still it is not working.
We have no more clue, except turning off W2K8 firewall (but shame on us if we get to that point)

Any valuable help will be highly appreciated.

Regards
CAMTEC_SPRLAsked:
Who is Participating?
 
CrowerConnect With a Mentor Commented:
As part of that default configuration, DCOM connections to the Windows 2008 server are blocked. However, there are various scenarios where it would be advantageous to allow DCOM connections to that server. Try this to allow DCOM traffic:


On the Windows 2008 server that you wish to allow DCOM connections to:

Open the Windows Firewall with Advanced Security application from Administrative Tools
Right click on the Inbound Rules node in the tree view and select New Rule from the context menu
When the New Inbound Rule Wizard opens, select the Rule Type page
Select Custom and click the Next button
On the Program page, select All Programs and click Customize
On the resulting Customize Service Settings dialogue, make sure that Apply to all programs and services is selected and click the OK button
Back on the Program page, click the Next button
On the Protocol and Ports page, select TCP for the Protocol Type
Select Dynamic RPC for the Local Port (DCOM uses the Dynamic RPC ports)
Select All Ports for the Remote Port and click the Next button
On the Scope page, select Any IP Address for the Local IP Address
Enter the IP Address (recommended if only one machine is going to connect via DCOM), subnet or IP Address range (recommended if you have a number of machines that will connect via DCOM) of the machine(s) to allow access from for the "Remote IP Address" (or select Any IP Address - recommended if you don't care which machines connect via DCOM) and click the Next button
On the Action page, select Allow the connection and click the Next button
On the Profile page, select only the Domain option and click the Next button
On the Name page, name your rule and click the Finish button
If the rule shows as disabled, enable it
0
 
CAMTEC_SPRLAuthor Commented:
Hi Crower
Thanks for your reply

As per your proposal I addded the rule.
To summarized the RULE i setup:
OPEN RPC Dynamic Port, TCP,  for DOMAIN, all Remote PORT, Remote IP = 10.148.0.1/15 (our Domain IP range)

I also disable the two predifined rules that I had turned ON for test previously
- COM+ Network Access (DCOM-In)
- COM+ Remote Administrator (DCOM-In)

and it works - with only this addded rule
Thanks you!!!

Any advice to setup more restrictively the rule? and any comment on the predifined rules COM+ thet Microsoft propose?

I accept your answer as the solution
Regards
Phm
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.