Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Group Policy Results Wizard and Windows Firewall

Status
Not open for further replies.

disturbedone

Vendor
Sep 28, 2006
781
AU
I have a W2K8R2 domain with XPSP3 clients. A GPO enables the Windows Firewall.

Trying to run Group Policy Results Wizard against any WinXPSP3 computer gives the error:

Failed to connect to ip.ip.ip.ip due to the error listed below. Ensure that the Windows Management Instrumentation (WMI) service is enabled on the target computer, and consult the event log of the target computer for further details.
Details:
The RPC server is unavailable

1. WMI service is started
2. Group Policy for Windows Firewall has 'Allow remote administration exception' enabled for the subnet I'm coming from
3. Turning off Windows Firewall allows the GPResults to work
4. Using t4eportping I can "ping" TCP135 (RPC)
5. 'netsh firewall show state' says Remote Admin Mode is enabled and lists 135/445 as open on all interfaces
6. 'netsh firewall show port opening' lists 445 but not 135 which is odd

It all appears it is configured as it should and port 135 appears to be open. Disabling the firewall makes it seem like it's not TCP135 that is what is required.

Any ideas? What exceptions need to be in the firewall to allow GPRW to work?
 
Found it. It's the tiniest of typos!

The GPO that applies enables the firewall also had the following settings which don't work:
Computer Configuration/Policies/Administrative Templates/Network/Network Connections/Windows Firewall/Domain Profile/Windows Firewall:Allow remote administrative exception/Enabled
Computer Configuration/Policies/Administrative Templates/Network/Network Connections/Windows Firewall/Domain Profile/Windows Firewall:Allow remote administrative exception/10.100.0.0/16, 10.11.0.0/16


The following settings do work:
Computer Configuration/Policies/Administrative Templates/Network/Network Connections/Windows Firewall/Domain Profile/Windows Firewall:Allow remote administrative exception/Enabled
Computer Configuration/Policies/Administrative Templates/Network/Network Connections/Windows Firewall/Domain Profile/Windows Firewall:Allow remote administrative exception/10.100.0.0/16,10.11.0.0/16


Spot the problem? It's the tiny little single space in the comma separated IP address list!! There cannot be a space after the comma.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top