Solved

Sonicwall Firewall blocking MS Activation

Posted on 2011-09-09
7
2,107 Views
Last Modified: 2012-05-12
Hello Experts,

We are having a problem with our new Sonicwall TZ210 Firewall.  It is blocking computers from activating Office 2010 and Windows 7.  The computers try to activate with the correct product key but always end in "communication failure" or "the server responded abnormally".  I have spent several hours on the phone with Sonicwall tech support, most of the time trying to understand what they are saying, to no avail.  I was hoping that there is a Sonicwall expert out there that could tell me what part of the Firewall to edit in order to allow these activations.  Microsoft was very little help as well as they said to activate the software over the phone.  If anyone out there has done that you can understand that its not a solution for 250 computers and two pieces of software per computer.  I reinstalled our old Sonicwall TZ190 and software activates fine, however this needs to work with the new firewall as I don't want to swap out firewalls every time I install new MS software. I greatly appreciate any and all help available.  Thank you.  We have 23 days left before our 30 day activation period expires...
0
Comment
Question by:plainsschools
7 Comments
 
LVL 33

Accepted Solution

by:
digitap earned 500 total points
Comment Utility
One of the security services must be blocking it. I'd suggest going to the Log of the sonicwall and trying to activate something. Watch the log to see what's blocking it. You could also disable the security services on the WAN/LAN zones for the duration of the activation as a shotgun approach.
0
 

Author Comment

by:plainsschools
Comment Utility
@ digitap

That was what I thought too but if I go to the log and filter it only by ip of one machine that I am trying to activate, it never shows anything.  I thought originally that it must be the Intrusion Prevention that was doing it because I think its blocking data incoming rather than outgoing but I disabled Intrusion Prevention all together and it still fails to activate.  Thanks for the info though.
0
 
LVL 4

Expert Comment

by:jason_0573
Comment Utility
PORT 1688

Key Management Service (KMS)
KMS is a server-client model in which a computer serves as the KMS host. KMS activation requires TCP/IP connectivity. By default, KMS hosts use DNS to publish the KMS service, and client computers connect to the KMS host for activation by using anonymous remote procedure calls (RPCs) through TCP communications PORT 1688, which is the default port number when you enable the firewall on a KMS host. You can use the default settings, which require little or no administrative action, or manually configure KMS hosts and clients based on network configuration and security requirements.

http://technet.microsoft.com/en-us/library/ee624358.aspx

But, for that many licenses, you should consider using a MAK Proxy Server with MAK licenses.

Information on this:
http://technet.microsoft.com/en-us/library/cc303276.aspx#_MAK_Architecture
http://technet.microsoft.com/en-au/library/ff793438.aspx
Essentially, you buy the Office MAK Volume licenses, activate the main one on the MAK Proxy server and the client machines activate through the proxy.

Other solutions exist as well.

1. Create Registry Snapshots
2. Create a Golden Windows XP, Vista Biz, or Windows 7 Pro image with Ghost or other 3rd Party imaging software.
 
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 33

Expert Comment

by:digitap
Comment Utility
What are your thoughts on this:

http://support.microsoft.com/kb/934430
0
 
LVL 7

Expert Comment

by:bclongacre
Comment Utility
Question for you.  If you go under Firewall -> App Rules, do you have Enable App Rules enabled?

If so, if you go to App Control Advanced, check under the category APP-UPDATE, and check the configuration for both Microsoft Windows and Microsoft Genuine Advantage, you will want to ensure that Block is set to disable, and that all other settings are as you require in your environment.

If my memory serves me correctly the TZ 190 did not have the App Rules or Application Control capabilities, however, it is optional with the TZ 210, and depending on which package you purchased, you may very well have access to that functionality.
0
 

Author Comment

by:plainsschools
Comment Utility
Thank you all for your suggestions.  Ultimately digitap lead me to my solution.  When viewing the log I did not see any of the items being picked up, this was solely due to the fact that not everything was reporting to the log service.  When I blanketed everything to report it showed up.  What was happening was the firewall was treating the microsoft activation as an untrusted certificate.  When I added *.microsoft.com to the whitelist it activated on through fine.  Once again, thank you for all of your help.
0
 
LVL 33

Expert Comment

by:digitap
Comment Utility
glad i was able to help. certainly, one of the things i had considered was to increase the logging. of course, the logging level is debug by default, but i'm sure what you had to do was select all the categories.

anyway, glad it's working.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
Using Word 2013, I was experiencing some incredible lag when typing.  Here's what worked for me....
The view will learn how to download and install SIMTOOLS and FORMLIST into Excel, how to use SIMTOOLS to generate a Monte Carlo simulation of 30 sales calls, and how to calculate the conditional probability based on the results of the Monte Carlo …
Learn how to make your own table of contents in Microsoft Word using paragraph styles and the automatic table of contents tool. We'll be using the paragraph styles in Word’s Home toolbar to help you create a table of contents. Type out your initial …

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now