?
Solved

Sonicwall Firewall blocking MS Activation

Posted on 2011-09-09
7
Medium Priority
?
2,862 Views
Last Modified: 2012-05-12
Hello Experts,

We are having a problem with our new Sonicwall TZ210 Firewall.  It is blocking computers from activating Office 2010 and Windows 7.  The computers try to activate with the correct product key but always end in "communication failure" or "the server responded abnormally".  I have spent several hours on the phone with Sonicwall tech support, most of the time trying to understand what they are saying, to no avail.  I was hoping that there is a Sonicwall expert out there that could tell me what part of the Firewall to edit in order to allow these activations.  Microsoft was very little help as well as they said to activate the software over the phone.  If anyone out there has done that you can understand that its not a solution for 250 computers and two pieces of software per computer.  I reinstalled our old Sonicwall TZ190 and software activates fine, however this needs to work with the new firewall as I don't want to swap out firewalls every time I install new MS software. I greatly appreciate any and all help available.  Thank you.  We have 23 days left before our 30 day activation period expires...
0
Comment
Question by:plainsschools
7 Comments
 
LVL 33

Accepted Solution

by:
digitap earned 2000 total points
ID: 36512030
One of the security services must be blocking it. I'd suggest going to the Log of the sonicwall and trying to activate something. Watch the log to see what's blocking it. You could also disable the security services on the WAN/LAN zones for the duration of the activation as a shotgun approach.
0
 

Author Comment

by:plainsschools
ID: 36512101
@ digitap

That was what I thought too but if I go to the log and filter it only by ip of one machine that I am trying to activate, it never shows anything.  I thought originally that it must be the Intrusion Prevention that was doing it because I think its blocking data incoming rather than outgoing but I disabled Intrusion Prevention all together and it still fails to activate.  Thanks for the info though.
0
 
LVL 4

Expert Comment

by:jason_0573
ID: 36512222
PORT 1688

Key Management Service (KMS)
KMS is a server-client model in which a computer serves as the KMS host. KMS activation requires TCP/IP connectivity. By default, KMS hosts use DNS to publish the KMS service, and client computers connect to the KMS host for activation by using anonymous remote procedure calls (RPCs) through TCP communications PORT 1688, which is the default port number when you enable the firewall on a KMS host. You can use the default settings, which require little or no administrative action, or manually configure KMS hosts and clients based on network configuration and security requirements.

http://technet.microsoft.com/en-us/library/ee624358.aspx 

But, for that many licenses, you should consider using a MAK Proxy Server with MAK licenses.

Information on this:
http://technet.microsoft.com/en-us/library/cc303276.aspx#_MAK_Architecture 
http://technet.microsoft.com/en-au/library/ff793438.aspx
Essentially, you buy the Office MAK Volume licenses, activate the main one on the MAK Proxy server and the client machines activate through the proxy.

Other solutions exist as well.

1. Create Registry Snapshots
2. Create a Golden Windows XP, Vista Biz, or Windows 7 Pro image with Ghost or other 3rd Party imaging software.
 
0
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

 
LVL 33

Expert Comment

by:digitap
ID: 36512279
What are your thoughts on this:

http://support.microsoft.com/kb/934430
0
 
LVL 7

Expert Comment

by:bclongacre
ID: 36512332
Question for you.  If you go under Firewall -> App Rules, do you have Enable App Rules enabled?

If so, if you go to App Control Advanced, check under the category APP-UPDATE, and check the configuration for both Microsoft Windows and Microsoft Genuine Advantage, you will want to ensure that Block is set to disable, and that all other settings are as you require in your environment.

If my memory serves me correctly the TZ 190 did not have the App Rules or Application Control capabilities, however, it is optional with the TZ 210, and depending on which package you purchased, you may very well have access to that functionality.
0
 

Author Comment

by:plainsschools
ID: 36512680
Thank you all for your suggestions.  Ultimately digitap lead me to my solution.  When viewing the log I did not see any of the items being picked up, this was solely due to the fact that not everything was reporting to the log service.  When I blanketed everything to report it showed up.  What was happening was the firewall was treating the microsoft activation as an untrusted certificate.  When I added *.microsoft.com to the whitelist it activated on through fine.  Once again, thank you for all of your help.
0
 
LVL 33

Expert Comment

by:digitap
ID: 36512755
glad i was able to help. certainly, one of the things i had considered was to increase the logging. of course, the logging level is debug by default, but i'm sure what you had to do was select all the categories.

anyway, glad it's working.
0

Featured Post

Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft's Excel has many features that most people will never need nor take advantage of.  Conditional formatting is one feature that you may find a necessity once you start using it.
In this article, I will demonstrate that how to do a PST migration from Exchange Server to Office 365. This method allows importing one single PST, or multiple PST's at once.
Learn how to create and modify your own paragraph styles in Microsoft Word. This can be helpful when wanting to make consistently referenced styles throughout a document or template.
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased riskā€¦
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question