Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Group Policy Results Wizard and Windows Firewall

Status
Not open for further replies.
disturbedone

disturbedone

Vendor
Sep 28, 2006
781
0
0
AU
I have a W2K8R2 domain with XPSP3 clients. A GPO enables the Windows Firewall.

Trying to run Group Policy Results Wizard against any WinXPSP3 computer gives the error:

Failed to connect to ip.ip.ip.ip due to the error listed below. Ensure that the Windows Management Instrumentation (WMI) service is enabled on the target computer, and consult the event log of the target computer for further details.
Details:
The RPC server is unavailable

1. WMI service is started
2. Group Policy for Windows Firewall has 'Allow remote administration exception' enabled for the subnet I'm coming from
3. Turning off Windows Firewall allows the GPResults to work
4. Using t4eportping I can "ping" TCP135 (RPC)
5. 'netsh firewall show state' says Remote Admin Mode is enabled and lists 135/445 as open on all interfaces
6. 'netsh firewall show port opening' lists 445 but not 135 which is odd

It all appears it is configured as it should and port 135 appears to be open. Disabling the firewall makes it seem like it's not TCP135 that is what is required.

Any ideas? What exceptions need to be in the firewall to allow GPRW to work?
 
Sort by date Sort by votes
Found it. It's the tiniest of typos!

The GPO that applies enables the firewall also had the following settings which don't work:
Computer Configuration/Policies/Administrative Templates/Network/Network Connections/Windows Firewall/Domain Profile/Windows Firewall:Allow remote administrative exception/Enabled
Computer Configuration/Policies/Administrative Templates/Network/Network Connections/Windows Firewall/Domain Profile/Windows Firewall:Allow remote administrative exception/10.100.0.0/16, 10.11.0.0/16

The following settings do work:
Computer Configuration/Policies/Administrative Templates/Network/Network Connections/Windows Firewall/Domain Profile/Windows Firewall:Allow remote administrative exception/Enabled
Computer Configuration/Policies/Administrative Templates/Network/Network Connections/Windows Firewall/Domain Profile/Windows Firewall:Allow remote administrative exception/10.100.0.0/16,10.11.0.0/16

Spot the problem? It's the tiny little single space in the comma separated IP address list!! There cannot be a space after the comma.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
116
Aquiles Vidal
Aquiles Vidal
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
141
suncit
suncit
antonio_dsanchez
  • Locked
  • Question
post-installation WSUS windows server 2016
Replies
0
Views
92
antonio_dsanchez
antonio_dsanchez
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
129
gbaughma
gbaughma
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
141
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top