I would say you need to check your firewall rules. Just because port 135 is open does not mean it is open to "Public" subnets. Windows Firewall with Advanced Security allows differentiation between Public, Private, and "Domain" address space rules. I would imagine the defaults are set for only inside your domain subnets and not on "public" network (meaning outside the boundaries of the domain). So if you open up wf.msc you should look all the way at the last column to see it is set for what you need. The definitions are, according to Microsoft:
There are three network location types in Windows Firewall with
Advanced Security:
Domain. Windows automatically identifies networks on which it can
authenticate access to the domain controller for the domain to which
the computer is joined in this category. No other networks can be
placed in this category.
Public. Other than domain networks, all networks are initially
categorized as public. Networks that represent direct connections to
the Internet or are in public places, such as airports and coffee
shops should be left public.
Private. A network will only be categorized as private if a user or
application identifies the network as private. Only networks located
behind a NAT device (preferably a hardware firewall) should be
identified as private networks. Users will likely want to identify
home or small business networks as private.
Also, to get a more specific idea regarding WMI firewall exceptions, get familiar with this Microsoft MSDN article. Happy hunting.
