2

Problem

I am trying to use the script from this link below to retrieve windows updates from a remote computer (Server 2012 R2) using the command Get-WUList.

https://gallery.technet.microsoft.com/scriptcenter/2d191bcd-3308-4edd-9de2-88dff796b0bc

However, I am receiving the error:

Exception calling "CreateInstance" with "1" argument(s): "Retrieving the COM class factory for remote component with CLSID {4CB43D7F-7EEE-4906-8698-60DA1C38F2FE} from machine whitebass failed due to the following error: 800706ba whitebass."

What I have tried

I know that the issue is with the firewall because I am able to successfully connect when the firewall is disabled.

Most of the information I found online mentioned enabling firewall rules. However, even after playing with these I was still unable to get it working.

The firewall rules that I enabled are below (for now I only listed what I think is applicable):

  • Windows Management Instrumentation (ASync-In)
  • Windows Management Instrumentation (DCOM-In)
  • Windows Management Instrumentation (WMI-In)
  • Remote Service Management (NP-In)
  • Remote Service Management (RPC-In)
  • Remote Service Management (RPC-EPMAP)
clarity123
  • 117
  • 3
mike9182
  • 121
  • 1
  • 4

2 Answers2

4

A new firewall rule needs to be created to allow the subsequently negotiated dynamic RPC port through.

Ref: martbasi on Jan 13, 2015 at https://i1.gallery.technet.s-msft.com/2d191bcd-3308-4edd-9de2-88dff796b0bc/view/Discussions/6:

Ran into this also ... googling and wiresharking leads me to the conclusion that initial contact with the remote client happens on TCP 135, but then redirects to a High-Rang port that is dynamically selected. As of Win 2008, this is 49152 - 65535."

New inbound firewall rule, custom:

  • program path: %SystemRoot%\System32\dllhost.exe
  • protocol type: TCP
  • local port: RPC Dynamic Ports
  • remote port: all ports.

Configure remaining options as appropriate for your environment and security policy.

chicks
  • 3,639
  • 10
  • 26
  • 36
MandatoryMoniker
  • 41
  • 2
1

You can run PS> enable-WUremoting This will create a new inbound rule called PSWindowsUpdate (RPC Dynamics Ports) which covers all the settings mentioned previously.

a4andrew
  • 11
  • 1