Endpoint Protection Small Business Edition

 View Only

  • 1.  Firewall rule to allow RPC server

    Posted Feb 09, 2015 10:13 PM

    Hi all.

    I have an app that needs to allow WMI on the Endpoint 12 SBE clients.  Also, I typically like to review group policy settings on clients machines -- this requires that the RPC server is availalbe.

    On some of the Symantec clients installed in this configuration I cannot do either -- use the app services or, run RSOP tests.  When I try, I get the following error:

     

    RPC Server is unavailable.

    On networks where I don't use the Symantec Endpoint product I have been able to fix this by enabling what is call WMI (Windows Management Instrumentation)

    I don't see that anywhere as an option on the Symantec Firewall rules custom.

    What is odd to me though on this is that about 1/2 of the clients are working (I can run Resultant set of policy tests and use the app) and 1/2 are not and all have the same Symantec Firewall policy.

    Help appreciated.

     

     

     

     



  • 2.  RE: Firewall rule to allow RPC server

    Posted Feb 09, 2015 10:16 PM
    SEP shouldn't cause problems here. Anything showing in the traffic log? BTW, there is no custom config in the SEP fw for it.


  • 3.  RE: Firewall rule to allow RPC server

    Posted Feb 09, 2015 10:16 PM
    Do you see the rule name which is blocking the connection? Open client interface and check the traffic logs


  • 4.  RE: Firewall rule to allow RPC server

    Posted Feb 09, 2015 10:23 PM

    I reviewed a client log entry and nothing showed.

    Because on some clients I can work these services and on some I can't, it seems like this may not be an EP FW issue.

    But, something is blocking this service because the service shows as running.  That would be the RPC service.

    Brian, by custom I was referring to adding a rule that would allow port 135.  Didn't work but I was able to add that.

    Thanks.



  • 5.  RE: Firewall rule to allow RPC server

    Posted Feb 09, 2015 10:26 PM
    I believe 135 is allowed thru one of the rules already, possibly allow local fine sharing. Either way, traffic log would show what's being blocked.


  • 6.  RE: Firewall rule to allow RPC server

    Posted Feb 09, 2015 10:44 PM

    OK.  Thanks!



  • 7.  RE: Firewall rule to allow RPC server

    Posted Feb 10, 2015 08:02 AM

    welcome



  • 8.  RE: Firewall rule to allow RPC server

    Posted Feb 10, 2015 11:28 PM

    OK, Maybe not a Symantec thing but for sure a firewall thing,

    So, I removed Endpoint on the client, enabled WMI on the windows firewall and boom, all worked.  

    As I understand, when endpoint is installed, it takes over all firewalling.  This is a domain environment.  Odd as heck. Some clients with the EP firewall active work, some don't but if I remove EP and enable the windows firewall on any client that was not working things work.

    This doc suggests that random ports are generated and need to be available for RPC to work.  is it possible that some of the RPC ports on some cleints are open and some are not.  Anyway, an odd issue but this is fact.... if I remove EP and use windows firewall to allow WMI RPC server works.  Everytime.

    Doc....

    http://social.technet.microsoft.com/wiki/contents/articles/4494.windows-server-troubleshooting-the-rpc-server-is-unavailable.aspx

    Thanks



  • 9.  RE: Firewall rule to allow RPC server

    Posted Feb 10, 2015 11:38 PM

    Update.  If I remove SEP and enable WMI on the windows firewall, things work.

    So for sure, on any client having these RPC server is unavailalbe issues, if I remove EP and enable WMI on the windows firewall, stuff works.

    But the nutty thing is, why do SOME EP cleints work?  Random ports needed for RPC services?

    Thanks.  

    Lars