Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Group Policy Results Wizard - RPC server unavailable

Status
Not open for further replies.

disturbedone

Vendor
Sep 28, 2006
781
AU
Trying to run Group Policy Results Wizard against any WinXPSP3 computer gives the error:

Failed to connect to ip.ip.ip.ip due to the error listed below. Ensure that the Windows Management Instrumentation (WMI) service is enabled on the target computer, and consult the event log of the target computer for further details.
Details:
The RPC server is unavailable

1. WMI service is started
2. Group Policy for Windows Firewall has 'Allow remote administration exception' enabled for the subnet I'm coming from
3. Turning off Windows Firewall allows the GPResults to work
4. Using t4eportping I can "ping" TCP135 (RPC)
5. 'netsh firewall show state' says Remote Admin Mode is enabled and lists 135/445 as open on all interfaces
6. 'netsh firewall show port opening' lists 445 but not 135 which is odd

It all appears it is configured as it should and port 135 appears to be open. Disabling the firewall makes it seem like it's not TCP135 that is what is required.

Any ideas?
 
See if WMI filtering is active, if so turn it off unless you really need it...

also check the GPO Security Filtering Settings, to see if there is possibly an issue there...

you may want to post this in the Server Forums instead...

e.g. forum1674 or forum931


Ben
"If it works don't fix it! If it doesn't use a sledgehammer..."
How to ask a question, when posting them to a professional forum.
Only ask questions with yes/no answers if you want "yes" or "no"
 
Nope. No WMI filtering on the firewall GPO.

GPO Security Filtering only has the default 'Authenticated Users'

I have posted in the Server 2008 forum already.
 
Found it. It's the tiniest of typos!

The GPO that applies enables the firewall also had the following settings which don't work:
Computer Configuration/Policies/Administrative Templates/Network/Network Connections/Windows Firewall/Domain Profile/Windows Firewall:Allow remote administrative exception/Enabled
Computer Configuration/Policies/Administrative Templates/Network/Network Connections/Windows Firewall/Domain Profile/Windows Firewall:Allow remote administrative exception/10.100.0.0/16, 10.11.0.0/16


The following settings do work:
Computer Configuration/Policies/Administrative Templates/Network/Network Connections/Windows Firewall/Domain Profile/Windows Firewall:Allow remote administrative exception/Enabled
Computer Configuration/Policies/Administrative Templates/Network/Network Connections/Windows Firewall/Domain Profile/Windows Firewall:Allow remote administrative exception/10.100.0.0/16,10.11.0.0/16


Spot the problem? It's the tiny little single space in the comma separated IP address list!! There cannot be a space after the comma.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top