Solved

Windows Firewall, trouble opening ports

Posted on 2014-04-18
18
548 Views
Last Modified: 2014-06-03
I have Backup software accessing to a remote computer. set up is like this.

Computer A:
windows 2003
backup software
ip address: 10.0.0.10

Computer B:
Windows 8.1
ip address: 10.0.0.20

Now the backup software was not able to connect to computer B. After enough testing, it was firewall issue on computer B. If I turned off firewall for Domain profile, the software on A is able to connect to B.

Now after I tried to make same windows firewall inbound rules in B like other computers in network which A doesn't have problem connecting to, I didn't find any difference of inbound rules. Weird... So what I did is, I created a manual rule 'Connection from Computer A', then allow all programs, services, any port, any protocol, then add Computer A's IP address to 'Remote IP' and selected 'Any Local IP' in Computer B. This should allow all connections from Computer A to B. But this didn't work.
There's no any block rules on Computer B, all rules are for allow, so there is no overwrapped rules.

I specifically have to turn off windows firewall for Domain profile in order to make the software from computer A to B. What am I doing wrong?
0
Comment
Question by:crcsupport
  • 10
  • 4
  • 4
18 Comments
 
LVL 4

Accepted Solution

by:
wsawalhi earned 250 total points
Comment Utility
Accessing Shared Files Using Windows 8's File Sharing System

By default, Windows 8 has file sharing turned off, which means your Windows 8 PC doesn't actively check the network for shared resources. That's why you have to manually enter the Computer A IP address or network name every time you want to access shared files. But you can automate that process by turning file sharing on.

    Open the File Explorer and right-click the Network item in the sidebar. In the pop-up menu, select Properties.

    In the Network and Sharing Center window that opens, click the Change Advanced Sharing Settings item. In the Advanced Sharing Settings window, you'll see a list of network profiles that include Private, Guest or Public, HomeGroup, and All Networks. The Private network profile is probably already open and displaying available sharing options. If it isn't, you can open the profile by clicking the chevron to the right of the name.

    Within the Private network profile, be sure the following are selected:

            Turn on Network Discovery.
            Turn on File and Printer Sharing.

    Click the Save Changes button.

    Return to the Network places.

    Your Computer A should now be automatically listed as one of the network locations you can access. If you don't see it, try clicking the reload button to the right of the URL field.

Your Windows 8 PC should now be able to access the folders on your Mac that you've marked for sharing.
0
 
LVL 1

Author Comment

by:crcsupport
Comment Utility
Fire sharings are all turned on for private, public, domain.
0
 
LVL 4

Expert Comment

by:wsawalhi
Comment Utility
Do you have any other firewall software running on the Windows 8 Machine?
0
 
LVL 1

Author Comment

by:crcsupport
Comment Utility
Antivirus turned off. no extra firewall.
I created inbound rule to open wide everything between Computer B and A, still same;
'Any Local IP' 'Any Remote IP', Any port, any protocol, all programs and services.

I specifically have to turn off windows firewall on domain profile to make the connection works. So it's this Windows firewall on domain profile causing this problem.

There's no 'block' rule inbound, tried to make the inbound rules exactly same as other computers which don't have problem being accessed by computer A. No luck.

Something of Windows firewall is blocking, but don't know what it is.
0
 
LVL 1

Author Comment

by:crcsupport
Comment Utility
I had this weird problem before, but couldn't get answer. It was not the same software, but different softwares.
0
 
LVL 4

Expert Comment

by:wsawalhi
Comment Utility
Can the machines ping each other?
0
 
LVL 4

Assisted Solution

by:wsawalhi
wsawalhi earned 250 total points
Comment Utility
CHeck this out

Windows cannot access shared folder – How to fix it in Windows 8

http://4sysops.com/archives/windows-cannot-access-shared-folder-how-to-fix-it-in-windows-8/
0
 
LVL 1

Author Comment

by:crcsupport
Comment Utility
Yes, since I created inbound rules opening wide all, ping is not a problem.
0
 
LVL 1

Author Comment

by:crcsupport
Comment Utility
I read it, my network is correctly set up and file sharing is on the domain. I don't think it's file sharing problem on domain profile. When I turn off Windows Firewall on Domain profile, there's no problem. So it's firewall issue, I think.

But what I don't understand is, isn't that turning off windows firewall on domain profile is the same as creating rule opening wide as I described above('Any Local IP' 'Any Remote IP', Any port, any protocol, all programs and services. )? What is the difference between turning off specifically and opening all in inbound rule? Are any hidden rules blocking in windows firewall?
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 1

Author Comment

by:crcsupport
Comment Utility
wait a minute, so the difference might be outbound rule, then? let me check..
0
 
LVL 1

Author Comment

by:crcsupport
Comment Utility
no luck
0
 

Assisted Solution

by:Maveric360
Maveric360 earned 250 total points
Comment Utility
Hello,

You should not need to put the ip address into the remote ip addresses since it is an internal address.  Can you check your firewall rule.  I am assuming you used a custom rule.  When you reach the screen where you enter your allowed ip addresses click on cutomize and make sure that the rule is applied to all interfaces.  

You can also try putting in your internal subnet for local ip addresses instead of leaving any ip address option chosen.  Although i would be surprised if this fixed it.
0
 

Expert Comment

by:Maveric360
Comment Utility
Does your domain have any group policy settings that will over ride your changes?
0
 
LVL 1

Author Comment

by:crcsupport
Comment Utility
Am I understanding correctly?
Under tab Scope, Local IP is ip address of my NIC and Remote IP is outside IP trying to access my PC.
By the way, setting is 'Any Local IP' 'Any Remote IP', Any port, any protocol, all programs and services, All Interfaces, All Profiles (Private, Domain, Public). Still not the same as turning off firewall on Domain profile. This is driving me crazy
0
 
LVL 1

Author Comment

by:crcsupport
Comment Utility
I have a group policy setting disabling changing windows firewall settings, but I'm admin, I am not in the filtered group getting affected. I can enable disable change settings whatever
0
 

Expert Comment

by:Maveric360
Comment Utility
You could try forcing the change by using group policy to allow the connections through.
0
 

Assisted Solution

by:Maveric360
Maveric360 earned 250 total points
Comment Utility
You can try the group policy change either on the server or the local group policy.  Example:

In windows 2003 server, please setup policy in Computer Configuration/Administrative Templates/Network/Network Connections/Windows Firewall/Domain profile
 
Enabled Allow Remote Desktop exception policy, set incoming messages from localsubnet like 10.0.0.0/24
 Enabled Allow file and printer sharing exception policy, set incoming messages from localsubnet like 10.0.0.0/24
 Enabled Define program exceptions policy, set program exceptions to %Promgramfiles%\NetMetting\conf.exe:10.0.0.0/24:enabled:NetMeeting
0
 
LVL 1

Author Comment

by:crcsupport
Comment Utility
It looks as something related to RPC(UDP 135), but even when inbound rule is all open, why it matters? RPC seems working fine only when firewall is turned off on domain profile.
Protocol 17 is UDP
Port: 135
===============================
Event ID 5152


The Windows Filtering Platform has blocked a packet.

Application Information:
Process ID:  0
Application Name:
-

Network Information:
Direction:  Outbound
Source Address:
192.168.1.120
Source Port:  0
Destination Address:
192.168.1.11
Destination Port:
0
Protocol:  1

Filter Information:
Filter Run-Time ID:
245836
Layer Name:  ICMP Error
Layer Run-Time ID:
32

The Windows Filtering Platform has blocked a packet.

Application Information:
Process ID:  0
Application Name:
-

Network Information:
Direction:  Inbound
Source Address:
192.168.1.11
Source Port:  35341
Destination Address:
192.168.1.120
Destination Port:
135
Protocol:  17

Filter Information:
Filter Run-Time ID:
245834
Layer Name:  Transport
Layer Run-Time ID:
13
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
Resolve DNS query failed errors for Exchange
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now