3

situation:

running PsExec takes 20 seconds with windows firewall and 1 second with it disabled.

Exceptions added to firewall:

opened ports 135 and 445 (both tcp) as per http://jamesrayanderson.blogspot.co.uk/2010/04/psexec-and-ports.html

"allow app through firewall" choose "Remote Service Management"

ensure network is set to private

without these two it wont connect at all. Target machine running windows 10

during the 20 second wait it sits saying "Starting PsEXESVC on "

ok so a little wiresharking shows us that we need to also open another port which is being requested.

first time I ran this it was 49669 second time it was 49670

no idea why nor what range it will accept, any ideas?

is there a definitive list of what ports PSEXEC needs to have opened? failure to move to a different port introducing delay with windows firewall enabled on windows 10 (all inbound "Remote..." firewall rules are enabled )

Community
  • 1
GreyCloud
  • 141
  • 1
  • 1
  • 5

4 Answers4

6

Apparently this is an issue with the Group Policy client when enabling "Remote Service Management".

The fix is to run the following command:

netsh advfirewall firewall set rule name="Remote Service Management (RPC)" profile=domain new enable=yes

I did this in bulk, remotely, using PsExec (which ran slowly) as follows, given the affected workstations, one computer name per line, in workstations.txt:

for /f %i in (workstations.txt) do @start /B psexec \\%i netsh advfirewall firewall set rule name="Remote Service Management (RPC)" profile=domain new enable=yes

Doing psexec @workstations.txt (instead of using a for loop) would still run the commands in serial, slowly, with the 20-ish second delay. With a reasonable number of workstations, the above command will start them all in parallel. There are of course other methods to running commands remotely, but this worked well for me.

Source: https://harryjohnston.wordpress.com/2009/12/18/delays-when-connecting-to-windows-7-clients-for-remote-administration/

Jeff McJunkin
  • 1,342
  • 1
  • 8
  • 16
  • Thanks Jeff, great to hear someone else encountered the same challenge, I don't have an opportunity to test this at the moment but will try in future – GreyCloud Sep 28 '16 at 20:34
  • On windows server 2016 i have to enable two rules: `Remote Service Management (RPC)` and `Remote Service Management (RPC-EPMAP)` – anilech Jul 05 '17 at 08:44
  • After enabling 3 Remote Service Management rules, should also allow ports in AWS security group inbound rules, since the port is random, my rule is ports(1 - 65535) 10.0.0.0/16. – Teddy Jan 12 '22 at 01:39
2

PSExec uses RPC, which uses a randomly allocated port; for modern Windows, that is in the 49152+ range.

IF you're using Windows Firewall, there's a built-in "Remote Service Management" rule that will allow those dynamic ports. There's also some registry tweaks to customize it, if you feel the need to.

Mark Brackett
  • 1,117
  • 6
  • 13
  • whats strange is that I have this rule enabled but still have the delay – GreyCloud Jan 25 '16 at 08:56
  • for the fun of it I've enabled all inbound windows firewall rules in a group starting "Remote..." this has cut the delay to 15 seconds for the first command, subsequent commands are instant for around one minute then the delay is encountered again – GreyCloud Jan 25 '16 at 08:58
  • Apparently (according to https://harryjohnston.wordpress.com/2009/12/18/delays-when-connecting-to-windows-7-clients-for-remote-administration/), the "Remote Service Management" built-in rule has an issue when deployed through Group Policy that it doesn't apply to services.exe. My answer below has the workaround, which is the run the command once locally. I'm sure you could make a custom rule to apply via Group Policy instead. – Jeff McJunkin Sep 28 '16 at 13:34
  • I also noticed the same thing as GreyCloud. The delay is cut to 15 seconds on the first command, subsequent commands are very fast until the delay is encountered again after a minute or so. This only happens when firewall is enabled, file sharing is enabled, firewall exception for RPC is added for my IP address or general RPC exception is added. This is on Windows 10 system. When firewall is completely turned off, this does not happen. Does anybody see the same issue? Is there a fix? – Nitrous Mar 21 '18 at 14:17
0

In Windows Firewall Remote Service Management is already predefined. Enable the 3 rules for PRIVATE and there is no delay.

Henrik
  • 1
0

There must be three rules enabled:

Remote Service Management (NP-In)
Remote Service Management (RPC)
Remote Service Management (RPC-EPMAP)

More info here: https://serverfault.com/a/1100581/965884

Daniel K
  • 633
  • 1
  • 4
  • 15
Cramaboule
  • 1