Solved

windows 2008 server firewall config for MTS COM+ dll

Posted on 2011-09-05
2
1,986 Views
Last Modified: 2012-05-12
Hi

We are under migration process for our servers from 2003 to 2008 R2.

We have a specific client application connecting to the server 2003 via a COM+ Applications called APPMTS which use a component that launch MTSFileXfer command.
We installed the same on our server 2008 R2 before migrating the application.
The applications works perfectly from the client side if the W2K8 firewall is turned OFF, but does not work when turned ON.
We insist on the fact that the application works perfectly when the W2K8 firewall is turned OFF!

The following vb script summarize the process

'Create an object refering to APPMTS
Set mobjMTS = CreateObject("APPMTS.MTSFileXfer", "10.148.0.42") 'MyServer ip address
msgbox "Set mobjMTS - " & err.description & " - " & err.number

'Send the copy command to copy one file from one shared directory to an other shared one on the same server
mobjMTS.CopyFile "\\MyServer\MainDirectory\MyFile.pdf", "\\MyServer\TempCopyFileDirectory\MyFile.pdf"
msgbox "Copy file - " & err.description & " - " & err.number


When the W2K8 firewall is turned ON herewith the error message we receive at line Set mobjMTS:

script: c:\docandsett\admi\dsektop\testmts.vb
line 1
char 1
Error: The remote server machine does not exist or is unavailable: 'CreateObject'
Code: 800A01CE
Source: Microsoft VBScript runtime error

Our question is: how do we have to configure the W2K8 firewall for our application to work?
We turned on the predifined inbound rules
- COM+ Network Access (DCOM-In)
- COM+ Network Access (DCOM-In)

We also added an inbound rule for our registered dll %systemroot%/APPMTS.dll: all profile, allow, any local address, any remote address, any protocol, any local port, any remote port, any allowed computers, any allowed users (we think it is full open for that dll)

Still it is not working.
We have no more clue, except turning off W2K8 firewall (but shame on us if we get to that point)

Any valuable help will be highly appreciated.

Regards
0
Comment
Question by:CAMTEC_SPRL
2 Comments
 
LVL 3

Accepted Solution

by:
Crower earned 125 total points
Comment Utility
As part of that default configuration, DCOM connections to the Windows 2008 server are blocked. However, there are various scenarios where it would be advantageous to allow DCOM connections to that server. Try this to allow DCOM traffic:


On the Windows 2008 server that you wish to allow DCOM connections to:

Open the Windows Firewall with Advanced Security application from Administrative Tools
Right click on the Inbound Rules node in the tree view and select New Rule from the context menu
When the New Inbound Rule Wizard opens, select the Rule Type page
Select Custom and click the Next button
On the Program page, select All Programs and click Customize
On the resulting Customize Service Settings dialogue, make sure that Apply to all programs and services is selected and click the OK button
Back on the Program page, click the Next button
On the Protocol and Ports page, select TCP for the Protocol Type
Select Dynamic RPC for the Local Port (DCOM uses the Dynamic RPC ports)
Select All Ports for the Remote Port and click the Next button
On the Scope page, select Any IP Address for the Local IP Address
Enter the IP Address (recommended if only one machine is going to connect via DCOM), subnet or IP Address range (recommended if you have a number of machines that will connect via DCOM) of the machine(s) to allow access from for the "Remote IP Address" (or select Any IP Address - recommended if you don't care which machines connect via DCOM) and click the Next button
On the Action page, select Allow the connection and click the Next button
On the Profile page, select only the Domain option and click the Next button
On the Name page, name your rule and click the Finish button
If the rule shows as disabled, enable it
0
 

Author Comment

by:CAMTEC_SPRL
Comment Utility
Hi Crower
Thanks for your reply

As per your proposal I addded the rule.
To summarized the RULE i setup:
OPEN RPC Dynamic Port, TCP,  for DOMAIN, all Remote PORT, Remote IP = 10.148.0.1/15 (our Domain IP range)

I also disable the two predifined rules that I had turned ON for test previously
- COM+ Network Access (DCOM-In)
- COM+ Remote Administrator (DCOM-In)

and it works - with only this addded rule
Thanks you!!!

Any advice to setup more restrictively the rule? and any comment on the predifined rules COM+ thet Microsoft propose?

I accept your answer as the solution
Regards
Phm
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Introduction: Sometimes when I receive a call from my users to solve their problems it is very difficult for me to found their computer IP address. Even finding their computer Host to provide remote support can be a problem.  So I resorted to Goo…
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now