Solved

What firewall ports shall I open for Powershell to perform remote query?

Posted on 2015-02-04
6
1,396 Views
Last Modified: 2015-02-13
Hi Experts,
I have server that sit behind firewall at DMZ.  What ports shall I open to in order for such cmdlets to make query to DMZ servers remotely.  

I have already opened the following range of ports, but still failed, any idea what ports are still missing?
TCP port: 80,139,443,445,5985,5986
UDP port: 137,138
Ephemeral ports: (TCP 1024-4999,49152-65535)

Some others cmdlets that's failing such as get-WebAppPoolState, Restart-computer etc.
*W3SVC service does exist in target sever, just in case some of you may doubt if service exist.

PS C:\> get-service -name W3SVC -computername DMZServer
get-service : Cannot find any service with service name 'W3SVC'.
At line:1 char:1
+ get-service -name W3SVC -computername DMZServer
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (W3SVC:String) [Get-Service], ServiceCommandException
    + FullyQualifiedErrorId : NoServiceFoundForGivenName,Microsoft.PowerShell.Commands.GetServiceCommand

Thanks.

Regards,
Kung Hui
0
Comment
Question by:kunghui80
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 19

Expert Comment

by:helpfinder
ID: 40590488
try ports TCP/5985 = HTTP and TCP/5986 = HTTPS

based on technet article
0
 
LVL 40

Assisted Solution

by:footech
footech earned 150 total points
ID: 40590567
If you were using PowerShell Remoting, helpfinder's suggestion would be correct (allowing WS-Man), but you already have those listed.  And in fact, if you were to use PS Remoting your firewall configuration would be much simpler.

However, the remoting that is built into most cmdlets like Get-Service uses DCOM to communicate.  I believe the only other port you need to open is TCP 135, which if I understand correctly, is the RPC Endpoint Mapper, which basically decides which ephemeral port should be used for further communication.
0
 
LVL 14

Assisted Solution

by:frankhelk
frankhelk earned 150 total points
ID: 40590586
If any other tips fail, I would recommend some kind of brute force method - form motives out of Watergate movies: "Follow the Data" ...

Install Wireshark, capture the traffic while doing the required actions with all ports open and analyze the traffic. If it's not allowed to open the firewall for that, you'll possibly have to analyze the failing traffic.

Other attempt: Analyze the firewall's logs for dropped packets from/to the involved machines.
0
Ready to trade in that old firewall?

Whether you need to trade-up to a shiny new Firebox or just ready to upgrade from whatever appliance you're using now, WatchGuard has the right appliance for you! Find your perfect Firebox today with appliance sizing tool!

 
LVL 2

Accepted Solution

by:
kunghui80 earned 0 total points
ID: 40597488
Dear all,
Sorry for late update on this case.  I have find reason for this case.
Firewall has been confirmed open as per port listed above.

However, I'm attempting to PSRemoting between different domain.  Thus the following steps need to be performed.
In a mixed domain environement, I have added the following:-
1. New-Itemproperty -name LocalAccountTokenFilterPolicy -path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -propertyType DWord -value 1

2. Subsequently, I have to set trusted hosts on both client & server to make it work.
Set-item wsman:localhost\client\trustedhosts -value RM-Client1,RM-Client2

Thanks.

Regards,
Kung Hui
0
 
LVL 2

Author Comment

by:kunghui80
ID: 40597496
To close this request.
0
 
LVL 2

Author Closing Comment

by:kunghui80
ID: 40607544
I have found this solutions after several attempt for resolve the issue. Nevertheless I also wish to award other comments which leading me to find out more on this.  Thanks much!
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A recent project that involved parsing Tableau Desktop and Server log files to extract reusable user queries for use in other systems. I chose to use PowerShell to gather the data, and SharePoint to present it...
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
Suggested Courses

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question