1

I have a custom WMI application. It works wonderfully on a number of servers (windows 2003, 2008). However, some of our servers are behind another firewall. I have followed http://msdn.microsoft.com/en-us/library/windows/desktop/bb219447%28v=vs.85%29.aspx and have the permissions the same as the other 2008 machines. We opened port 24158 and 135.

As you might have guessed it still doesn't connect. I would love any thoughts on this.

Update: these machines are actually not R2. I had stupidly assumed they were, since all of our other servers are. The version is 6.0.6002 to be exact.

Update: from this article http://technet.microsoft.com/en-us/library/cc730673%28WS.10%29.aspx under Administrative Tools > Component Services > leftpane >Component Services> Computers > My Computer > DCOM Config > middle pane > Windows Management and Instrumentation, and then click Properties under endpoits it is correctly configured to use 24158. However no packet is ever sent to or from that port when WMI is enabled.

Update: It may be netbios related, as there is a packet coming from a closed netbbios port that is being flagged in Wireshark. Why does WMI need to use netbios?

user833970
  • 123
  • 4
  • If you're really using RC2, you should install a release version of the OS. I think you actually mean 2008 R2, though. You should update your question either way. – MDMarra Oct 04 '11 at 21:28
  • so on the hopefully r2 server open a elevated command prompt and run the following "wmic os" what response do you get? – tony roth Oct 04 '11 at 22:16
  • 1
    Ignore the "RC2" that was a typo on top of a mistake. What information from wmic os would you like to see. – user833970 Oct 06 '11 at 14:28
  • ok so I suspect wmic os returned appropriate info, thats good so within your custom wmi app what error is being resturned? – tony roth Oct 06 '11 at 17:38
  • System.Runtime.InteropServices.COMException (0x80070776): The object exporter specified was not found. (Exception from HRESULT: 0x80070776) then a stacktrace. – user833970 Oct 06 '11 at 17:52
  • http://msdn.microsoft.com/en-us/library/aa822854(VS.85).aspx That brings up all the layers. The NAT issue mentioned below may be an issue. Confirm you aren't facing that. Additionally, since it's now pretty clear that you're probably dropping the packets at a firewall, lean to finding out how to statically set a destination port, and allow that by firewall policy. To me, this is really a packet tracing activity, not so concerned with the app until you get there. http://msdn.microsoft.com/en-us/library/bb219447(VS.85).aspx (did you also run **winmgmt -standalonehost**) – mbrownnyc Oct 06 '11 at 19:39
  • You may want to create a new specific question like "how do i set static ports to use WMI through firewall?" or similar to help you solve this issue. – Bret Fisher Oct 08 '11 at 13:55

2 Answers2

1

You should try your hand at Network Monitor and install it on the computer you are running the WMI from. You should see it attempt to connect to the remote server so you can first validate it is trying to connect on 24158. You should see connections out and data coming back on those two ports if you have both sides configured correctly.

Bret Fisher
  • 3,963
  • 2
  • 20
  • 25
  • Usually simplest to use the firewall's build-in monitoring to see the traffic, no need to use an additional tool. – Chris Thorpe Oct 04 '11 at 22:51
  • 1
    I checked it out with wire shark and it seams to be allocating to a random port. Somehow. – user833970 Oct 05 '11 at 21:59
  • Yep, that's what the port mapper does (or whatever it's called in windows that creates a new dynamic high port for those type of connections). Sounds like you need to search for another way to force that connect to static ports. – Bret Fisher Oct 06 '11 at 22:57
  • Any thoughts on how to do this? The documentation is very sparse. – user833970 Oct 07 '11 at 14:11
  • hey homey... look at my last comment to you original question... http://msdn.microsoft.com/en-us/library/bb219447(VS.85).aspx – mbrownnyc Oct 07 '11 at 19:33
  • 1
    Trust me. I have done that. – user833970 Oct 10 '11 at 14:38
  • Thanks for confirming. Did you also read [this article](http://msdn.microsoft.com/en-us/library/aa389290(VS.85).aspx)? And [this article](http://msdn.microsoft.com/en-us/library/aa393266(VS.85).aspx)? And [this article](http://msdn.microsoft.com/en-us/library/aa389286(VS.85).aspx)? – mbrownnyc Oct 11 '11 at 14:31
  • yes , no, yes. perhaps I missed something. – user833970 Oct 31 '11 at 17:38
1

Two thoughts:

  1. Is address translation an issue for you? Because that does not work according to Microsoft if this info is version agnostic. I take it to mean it is an issue for all WMI/DCOM versions. I could be wrong.
  2. Are other computers connected? I had thought in the past the static port allocations meant one device per connection. We ran into this issue with DCOM and SCCM incidentally, and I am thinking it might be the same deal. I tried Googling because I could not remember the context, and this is point 2 because it is not exactly well-founded and I cannot prove it with a link. Hopefully a more knowledgeable geek can confirm/deny.
songei2f
  • 1,924
  • 1
  • 20
  • 30