Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Windows Firewall, trouble opening ports

Posted on 2014-04-18
18
554 Views
Last Modified: 2014-06-03
I have Backup software accessing to a remote computer. set up is like this.

Computer A:
windows 2003
backup software
ip address: 10.0.0.10

Computer B:
Windows 8.1
ip address: 10.0.0.20

Now the backup software was not able to connect to computer B. After enough testing, it was firewall issue on computer B. If I turned off firewall for Domain profile, the software on A is able to connect to B.

Now after I tried to make same windows firewall inbound rules in B like other computers in network which A doesn't have problem connecting to, I didn't find any difference of inbound rules. Weird... So what I did is, I created a manual rule 'Connection from Computer A', then allow all programs, services, any port, any protocol, then add Computer A's IP address to 'Remote IP' and selected 'Any Local IP' in Computer B. This should allow all connections from Computer A to B. But this didn't work.
There's no any block rules on Computer B, all rules are for allow, so there is no overwrapped rules.

I specifically have to turn off windows firewall for Domain profile in order to make the software from computer A to B. What am I doing wrong?
0
Comment
Question by:crcsupport
  • 10
  • 4
  • 4
18 Comments
 
LVL 4

Accepted Solution

by:
wsawalhi earned 250 total points
ID: 40009295
Accessing Shared Files Using Windows 8's File Sharing System

By default, Windows 8 has file sharing turned off, which means your Windows 8 PC doesn't actively check the network for shared resources. That's why you have to manually enter the Computer A IP address or network name every time you want to access shared files. But you can automate that process by turning file sharing on.

    Open the File Explorer and right-click the Network item in the sidebar. In the pop-up menu, select Properties.

    In the Network and Sharing Center window that opens, click the Change Advanced Sharing Settings item. In the Advanced Sharing Settings window, you'll see a list of network profiles that include Private, Guest or Public, HomeGroup, and All Networks. The Private network profile is probably already open and displaying available sharing options. If it isn't, you can open the profile by clicking the chevron to the right of the name.

    Within the Private network profile, be sure the following are selected:

            Turn on Network Discovery.
            Turn on File and Printer Sharing.

    Click the Save Changes button.

    Return to the Network places.

    Your Computer A should now be automatically listed as one of the network locations you can access. If you don't see it, try clicking the reload button to the right of the URL field.

Your Windows 8 PC should now be able to access the folders on your Mac that you've marked for sharing.
0
 
LVL 1

Author Comment

by:crcsupport
ID: 40009351
Fire sharings are all turned on for private, public, domain.
0
 
LVL 4

Expert Comment

by:wsawalhi
ID: 40009357
Do you have any other firewall software running on the Windows 8 Machine?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 1

Author Comment

by:crcsupport
ID: 40009385
Antivirus turned off. no extra firewall.
I created inbound rule to open wide everything between Computer B and A, still same;
'Any Local IP' 'Any Remote IP', Any port, any protocol, all programs and services.

I specifically have to turn off windows firewall on domain profile to make the connection works. So it's this Windows firewall on domain profile causing this problem.

There's no 'block' rule inbound, tried to make the inbound rules exactly same as other computers which don't have problem being accessed by computer A. No luck.

Something of Windows firewall is blocking, but don't know what it is.
0
 
LVL 1

Author Comment

by:crcsupport
ID: 40009388
I had this weird problem before, but couldn't get answer. It was not the same software, but different softwares.
0
 
LVL 4

Expert Comment

by:wsawalhi
ID: 40009433
Can the machines ping each other?
0
 
LVL 4

Assisted Solution

by:wsawalhi
wsawalhi earned 250 total points
ID: 40009447
CHeck this out

Windows cannot access shared folder – How to fix it in Windows 8

http://4sysops.com/archives/windows-cannot-access-shared-folder-how-to-fix-it-in-windows-8/
0
 
LVL 1

Author Comment

by:crcsupport
ID: 40009451
Yes, since I created inbound rules opening wide all, ping is not a problem.
0
 
LVL 1

Author Comment

by:crcsupport
ID: 40009485
I read it, my network is correctly set up and file sharing is on the domain. I don't think it's file sharing problem on domain profile. When I turn off Windows Firewall on Domain profile, there's no problem. So it's firewall issue, I think.

But what I don't understand is, isn't that turning off windows firewall on domain profile is the same as creating rule opening wide as I described above('Any Local IP' 'Any Remote IP', Any port, any protocol, all programs and services. )? What is the difference between turning off specifically and opening all in inbound rule? Are any hidden rules blocking in windows firewall?
0
 
LVL 1

Author Comment

by:crcsupport
ID: 40009489
wait a minute, so the difference might be outbound rule, then? let me check..
0
 
LVL 1

Author Comment

by:crcsupport
ID: 40009510
no luck
0
 

Assisted Solution

by:Maveric360
Maveric360 earned 250 total points
ID: 40009515
Hello,

You should not need to put the ip address into the remote ip addresses since it is an internal address.  Can you check your firewall rule.  I am assuming you used a custom rule.  When you reach the screen where you enter your allowed ip addresses click on cutomize and make sure that the rule is applied to all interfaces.  

You can also try putting in your internal subnet for local ip addresses instead of leaving any ip address option chosen.  Although i would be surprised if this fixed it.
0
 

Expert Comment

by:Maveric360
ID: 40009521
Does your domain have any group policy settings that will over ride your changes?
0
 
LVL 1

Author Comment

by:crcsupport
ID: 40009526
Am I understanding correctly?
Under tab Scope, Local IP is ip address of my NIC and Remote IP is outside IP trying to access my PC.
By the way, setting is 'Any Local IP' 'Any Remote IP', Any port, any protocol, all programs and services, All Interfaces, All Profiles (Private, Domain, Public). Still not the same as turning off firewall on Domain profile. This is driving me crazy
0
 
LVL 1

Author Comment

by:crcsupport
ID: 40009528
I have a group policy setting disabling changing windows firewall settings, but I'm admin, I am not in the filtered group getting affected. I can enable disable change settings whatever
0
 

Expert Comment

by:Maveric360
ID: 40009534
You could try forcing the change by using group policy to allow the connections through.
0
 

Assisted Solution

by:Maveric360
Maveric360 earned 250 total points
ID: 40009535
You can try the group policy change either on the server or the local group policy.  Example:

In windows 2003 server, please setup policy in Computer Configuration/Administrative Templates/Network/Network Connections/Windows Firewall/Domain profile
 
Enabled Allow Remote Desktop exception policy, set incoming messages from localsubnet like 10.0.0.0/24
 Enabled Allow file and printer sharing exception policy, set incoming messages from localsubnet like 10.0.0.0/24
 Enabled Define program exceptions policy, set program exceptions to %Promgramfiles%\NetMetting\conf.exe:10.0.0.0/24:enabled:NetMeeting
0
 
LVL 1

Author Comment

by:crcsupport
ID: 40013001
It looks as something related to RPC(UDP 135), but even when inbound rule is all open, why it matters? RPC seems working fine only when firewall is turned off on domain profile.
Protocol 17 is UDP
Port: 135
===============================
Event ID 5152


The Windows Filtering Platform has blocked a packet.

Application Information:
Process ID:  0
Application Name:
-

Network Information:
Direction:  Outbound
Source Address:
192.168.1.120
Source Port:  0
Destination Address:
192.168.1.11
Destination Port:
0
Protocol:  1

Filter Information:
Filter Run-Time ID:
245836
Layer Name:  ICMP Error
Layer Run-Time ID:
32

The Windows Filtering Platform has blocked a packet.

Application Information:
Process ID:  0
Application Name:
-

Network Information:
Direction:  Inbound
Source Address:
192.168.1.11
Source Port:  35341
Destination Address:
192.168.1.120
Destination Port:
135
Protocol:  17

Filter Information:
Filter Run-Time ID:
245834
Layer Name:  Transport
Layer Run-Time ID:
13
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cannot install .NET FRAMEWORK 4.61 or update KB2919355 on SERVER 2012 r2 27 1,132
integration of incident management and linking to CMDB 1 55
Fortigate Question 5 23
VLAN Question 13 44
A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question