Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

windows 2008 server firewall config for MTS COM+ dll

Posted on 2011-09-05
2
2,014 Views
Last Modified: 2012-05-12
Hi

We are under migration process for our servers from 2003 to 2008 R2.

We have a specific client application connecting to the server 2003 via a COM+ Applications called APPMTS which use a component that launch MTSFileXfer command.
We installed the same on our server 2008 R2 before migrating the application.
The applications works perfectly from the client side if the W2K8 firewall is turned OFF, but does not work when turned ON.
We insist on the fact that the application works perfectly when the W2K8 firewall is turned OFF!

The following vb script summarize the process

'Create an object refering to APPMTS
Set mobjMTS = CreateObject("APPMTS.MTSFileXfer", "10.148.0.42") 'MyServer ip address
msgbox "Set mobjMTS - " & err.description & " - " & err.number

'Send the copy command to copy one file from one shared directory to an other shared one on the same server
mobjMTS.CopyFile "\\MyServer\MainDirectory\MyFile.pdf", "\\MyServer\TempCopyFileDirectory\MyFile.pdf"
msgbox "Copy file - " & err.description & " - " & err.number


When the W2K8 firewall is turned ON herewith the error message we receive at line Set mobjMTS:

script: c:\docandsett\admi\dsektop\testmts.vb
line 1
char 1
Error: The remote server machine does not exist or is unavailable: 'CreateObject'
Code: 800A01CE
Source: Microsoft VBScript runtime error

Our question is: how do we have to configure the W2K8 firewall for our application to work?
We turned on the predifined inbound rules
- COM+ Network Access (DCOM-In)
- COM+ Network Access (DCOM-In)

We also added an inbound rule for our registered dll %systemroot%/APPMTS.dll: all profile, allow, any local address, any remote address, any protocol, any local port, any remote port, any allowed computers, any allowed users (we think it is full open for that dll)

Still it is not working.
We have no more clue, except turning off W2K8 firewall (but shame on us if we get to that point)

Any valuable help will be highly appreciated.

Regards
0
Comment
Question by:CAMTEC_SPRL
2 Comments
 
LVL 3

Accepted Solution

by:
Crower earned 125 total points
ID: 36493929
As part of that default configuration, DCOM connections to the Windows 2008 server are blocked. However, there are various scenarios where it would be advantageous to allow DCOM connections to that server. Try this to allow DCOM traffic:


On the Windows 2008 server that you wish to allow DCOM connections to:

Open the Windows Firewall with Advanced Security application from Administrative Tools
Right click on the Inbound Rules node in the tree view and select New Rule from the context menu
When the New Inbound Rule Wizard opens, select the Rule Type page
Select Custom and click the Next button
On the Program page, select All Programs and click Customize
On the resulting Customize Service Settings dialogue, make sure that Apply to all programs and services is selected and click the OK button
Back on the Program page, click the Next button
On the Protocol and Ports page, select TCP for the Protocol Type
Select Dynamic RPC for the Local Port (DCOM uses the Dynamic RPC ports)
Select All Ports for the Remote Port and click the Next button
On the Scope page, select Any IP Address for the Local IP Address
Enter the IP Address (recommended if only one machine is going to connect via DCOM), subnet or IP Address range (recommended if you have a number of machines that will connect via DCOM) of the machine(s) to allow access from for the "Remote IP Address" (or select Any IP Address - recommended if you don't care which machines connect via DCOM) and click the Next button
On the Action page, select Allow the connection and click the Next button
On the Profile page, select only the Domain option and click the Next button
On the Name page, name your rule and click the Finish button
If the rule shows as disabled, enable it
0
 

Author Comment

by:CAMTEC_SPRL
ID: 36497027
Hi Crower
Thanks for your reply

As per your proposal I addded the rule.
To summarized the RULE i setup:
OPEN RPC Dynamic Port, TCP,  for DOMAIN, all Remote PORT, Remote IP = 10.148.0.1/15 (our Domain IP range)

I also disable the two predifined rules that I had turned ON for test previously
- COM+ Network Access (DCOM-In)
- COM+ Remote Administrator (DCOM-In)

and it works - with only this addded rule
Thanks you!!!

Any advice to setup more restrictively the rule? and any comment on the predifined rules COM+ thet Microsoft propose?

I accept your answer as the solution
Regards
Phm
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Need to disable SSL Cipher 7 143
Windows Password recovery 7 52
Unable to print after system state restore 32 36
Remote Desktop Support Tools Like "Go to MY PC", etc 10 50
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question