Windows XP or Windows Server 2003 firewall prevents remote installation

Article:TECH100790  |  Created: 2004-01-08  |  Updated: 2006-01-04  |  Article URL http://www.symantec.com/docs/TECH100790
Article Type
Technical Solution

Product(s)

Issue



You have Windows XP or Windows Server 2003 with the Windows Firewall enabled. When you try to install Symantec AntiVirus Corporate Edition or Symantec Client Security, the installation fails.



Solution



Follow the directions for your version of Symantec Client Security or Symantec AntiVirus.

Symantec Client Security 3.x and Symantec AntiVirus 10.x
Remote installation tools such as ClientRemote Install and AV Server Rollout use TCP port 139 and a random TCP port between 1024 and 5000 on the targeted computers. Windows Firewall is enabled by default in both Windows XP Service Pack 2 and Windows Server 2003. The firewall blocks incoming traffic to these ports, preventing installation. The easiest way to work around this problem is to disable the Windows Firewall before installation.

The following Microsoft documents provide information on how to disable the firewall:
After installation, you can enable Windows Firewall again. If you want to use Symantec System Center to manage clients, you must open TCP port 2967 in Windows Firewall on the clients.

To open port 2967 on the clients
  1. On the Windows taskbar, click Start > Settings > Control Panel.
  2. Double-click Security Center.
  3. Click Windows Firewall.
  4. On the Exceptions tab, click Add Port.
  5. In the Add a Port window, in the Port Number box, type the following:

    2967
  6. Click TCP, and then click OK.
  7. In the Windows Firewall window, click OK.

For a complete list of the ports that are used for communication in Symantec AntiVirus 10.x, read Ports used for communication in Symantec AntiVirus 10.x and Symantec Client Security 3.x.


Symantec Client Security 2.x and Symantec AntiVirus 9.x and earlier

Remote installation tools such as NT Client Install and AV Server Rollout use UDP ports 137 and 138 on the targeted computers. Windows Firewall is enabled by default in both Windows XP Service Pack 2 and Windows Server 2003. The firewall blocks incoming traffic to these ports, preventing installation. If you are installing Symantec AntiVirus client or server and want to use the Windows Firewall, you must open UDP ports 137 and 138 on the target computers before installation. You can close these ports after installation.

To open ports 137 and 138 on target computers
  1. On the Windows XP taskbar, click Start > Settings > Control Panel.
  2. In the Control Panel window, double-click Network Connections.
  3. In the Network Connections window, right-click the active connection, and then click Properties.
  4. On the Advanced tab, under Windows Firewall, click Settings.
  5. In the Windows Firewall window, on the General tab, make sure that "Don't Allow Exceptions" is unchecked; if it is checked, uncheck it.
  6. On the Exceptions tab, check File and Printer Sharing.
  7. Click File and Printer Sharing, and click Edit to confirm that UDP 137 and 138 are checked.
    Scope should be set to Any for both ports. If Scope is not set to Any, then click each port and click Change scope.
  8. Click OK.

If you want to manage Symantec Client Security clients with Symantec System Center and want to use Windows Firewall, you must open port UDP 2967 on the clients.

To open port 2967 on the clients
  1. Display the Windows Firewall window by following steps 1-4 in the previous procedure.
  2. On the Exceptions tab, click Add Port.
  3. In the Add a Port window, in the Port Number box, type the following:

    2967
  4. Click UDP, and then click OK.
  5. In the Windows Firewall window, click OK.

For a complete list of the ports used for communication in Symantec AntiVirus 8.x and 9.x, read the document Ports used for communication in Symantec AntiVirus Corporate Edition 8.x and 9.x.






References
For general information about topics related to Windows XP Service Pack 2, see the article Documents relating to Symantec Client Security and Windows XP Service Pack 2.





Legacy ID



2004070817071248


Article URL http://www.symantec.com/docs/TECH100790


Terms of use for this information are found in Legal Notices