?
Solved

Sonicwall Firewall blocking MS Activation

Posted on 2011-09-09
7
Medium Priority
?
2,559 Views
Last Modified: 2012-05-12
Hello Experts,

We are having a problem with our new Sonicwall TZ210 Firewall.  It is blocking computers from activating Office 2010 and Windows 7.  The computers try to activate with the correct product key but always end in "communication failure" or "the server responded abnormally".  I have spent several hours on the phone with Sonicwall tech support, most of the time trying to understand what they are saying, to no avail.  I was hoping that there is a Sonicwall expert out there that could tell me what part of the Firewall to edit in order to allow these activations.  Microsoft was very little help as well as they said to activate the software over the phone.  If anyone out there has done that you can understand that its not a solution for 250 computers and two pieces of software per computer.  I reinstalled our old Sonicwall TZ190 and software activates fine, however this needs to work with the new firewall as I don't want to swap out firewalls every time I install new MS software. I greatly appreciate any and all help available.  Thank you.  We have 23 days left before our 30 day activation period expires...
0
Comment
Question by:plainsschools
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 33

Accepted Solution

by:
digitap earned 2000 total points
ID: 36512030
One of the security services must be blocking it. I'd suggest going to the Log of the sonicwall and trying to activate something. Watch the log to see what's blocking it. You could also disable the security services on the WAN/LAN zones for the duration of the activation as a shotgun approach.
0
 

Author Comment

by:plainsschools
ID: 36512101
@ digitap

That was what I thought too but if I go to the log and filter it only by ip of one machine that I am trying to activate, it never shows anything.  I thought originally that it must be the Intrusion Prevention that was doing it because I think its blocking data incoming rather than outgoing but I disabled Intrusion Prevention all together and it still fails to activate.  Thanks for the info though.
0
 
LVL 4

Expert Comment

by:jason_0573
ID: 36512222
PORT 1688

Key Management Service (KMS)
KMS is a server-client model in which a computer serves as the KMS host. KMS activation requires TCP/IP connectivity. By default, KMS hosts use DNS to publish the KMS service, and client computers connect to the KMS host for activation by using anonymous remote procedure calls (RPCs) through TCP communications PORT 1688, which is the default port number when you enable the firewall on a KMS host. You can use the default settings, which require little or no administrative action, or manually configure KMS hosts and clients based on network configuration and security requirements.

http://technet.microsoft.com/en-us/library/ee624358.aspx 

But, for that many licenses, you should consider using a MAK Proxy Server with MAK licenses.

Information on this:
http://technet.microsoft.com/en-us/library/cc303276.aspx#_MAK_Architecture 
http://technet.microsoft.com/en-au/library/ff793438.aspx
Essentially, you buy the Office MAK Volume licenses, activate the main one on the MAK Proxy server and the client machines activate through the proxy.

Other solutions exist as well.

1. Create Registry Snapshots
2. Create a Golden Windows XP, Vista Biz, or Windows 7 Pro image with Ghost or other 3rd Party imaging software.
 
0
Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

 
LVL 33

Expert Comment

by:digitap
ID: 36512279
What are your thoughts on this:

http://support.microsoft.com/kb/934430
0
 
LVL 7

Expert Comment

by:bclongacre
ID: 36512332
Question for you.  If you go under Firewall -> App Rules, do you have Enable App Rules enabled?

If so, if you go to App Control Advanced, check under the category APP-UPDATE, and check the configuration for both Microsoft Windows and Microsoft Genuine Advantage, you will want to ensure that Block is set to disable, and that all other settings are as you require in your environment.

If my memory serves me correctly the TZ 190 did not have the App Rules or Application Control capabilities, however, it is optional with the TZ 210, and depending on which package you purchased, you may very well have access to that functionality.
0
 

Author Comment

by:plainsschools
ID: 36512680
Thank you all for your suggestions.  Ultimately digitap lead me to my solution.  When viewing the log I did not see any of the items being picked up, this was solely due to the fact that not everything was reporting to the log service.  When I blanketed everything to report it showed up.  What was happening was the firewall was treating the microsoft activation as an untrusted certificate.  When I added *.microsoft.com to the whitelist it activated on through fine.  Once again, thank you for all of your help.
0
 
LVL 33

Expert Comment

by:digitap
ID: 36512755
glad i was able to help. certainly, one of the things i had considered was to increase the logging. of course, the logging level is debug by default, but i'm sure what you had to do was select all the categories.

anyway, glad it's working.
0

Featured Post

Enroll in August's Course of the Month

August's CompTIA IT Fundamentals course includes 19 hours of basic computer principle modules and prepares you for the certification exam. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Office Picture Manager was included in Office 2003, 2007, and 2010, but not in Office 2013. Users had hopes that it would be in Office 2016/Office 365, but it is not. Fortunately, the same zero-cost technique that works to install it with …
It’s been over a month into 2017, and there is already a sophisticated Gmail phishing email making it rounds. New techniques and tactics, have given hackers a way to authentically impersonate your contacts.How it Works The attack works by targeti…
The viewer will learn how to create a normally distributed random variable in Excel, use a normal distribution to simulate the return on an investment over a period of years, Create a Monte Carlo simulation using a normal random variable, and calcul…
Learn how to create and modify your own paragraph styles in Microsoft Word. This can be helpful when wanting to make consistently referenced styles throughout a document or template.
Suggested Courses
Course of the Month13 days, 13 hours left to enroll

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question