Re: using wmi trough the firewalls

From: Peter Falz (pf.ms.news_at_asp-solutions.de)
Date: 01/11/05 

Date: Tue, 11 Jan 2005 18:39:47 +0100

Hi Sergio

maybe the needed ports are blocked.

that's a part of a posting in this NG of NG-User "Dharani Babu S":

--- Snip Begin
In fact there is a lot to learn when it comes to across
subnet connections .
first we opened all firewall restrictions between two very diffrent IPs and
then the RPC port 135 and 445 ( though vulnerable) were opened . Then we
tested from machine A with wmimgmt.msc it worked ...so its all working now
...too releived that its working .
--- Snip End

Also Torgeir has posted something for this theme:
--- Snip Begin
WMI uses DCOM for remoting, that uses TCP ports 135 and 445 as well as
dynamically-assigned ports above 1024.

Some links for you:
Using Distributed COM with Firewalls
http://msdn.microsoft.com/library/en-us/dndcom/html/msdn_dcomfirewall.asp?frame=true
HOWTO: Configure RPC Dynamic Port Allocation to Work with Firewall
http://support.microsoft.com/default.aspx?scid=kb;en-us;154596
http://groups.google.com/groups?selm=uN5cdsfjDHA.1884%40TK2MSFTNGP09.phx.gbl
--- Snip End

A tip: sometimes it is good to search at first for existing posts, which can help you.

HTH
Peter

"Sergio" <aaa> schrieb im Newsbeitrag news:O6lsAx$9EHA.1392@tk2msftngp13.phx.gbl...
> Hi everybody!
>
> I want to connect to wmi interface of some server of my WAN.
>
> This servers stand on an private network behind a cisco-pix firewall.
>
> I can reach it with an pubblic Ip Address, so I'm able to connect to it in
> every way (telnet, Terminal client, Management Console, etc).but i can't
> connect in any way with wmi.
> If I try to connect with the WMI control Console, I got this error :
> Failed to connect to \\myserver.mysubdomain.mydomain.com because "Win32: A
> security package specific error occurred."
>
> Same problem if I try a stupid script like these from my remote pc:
>
> strComputer = "\\myserver.mysubdomain.mydomain.com"
> Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
> Set colItems = objWMIService.ExecQuery("Select * from Win32_Process",,48)
> For Each objItem in colItems
> Wscript.Echo "Caption: " & objItem.Caption & " - CommandLine: " &
> objItem.CommandLine
> Next
>
> I get this error : \temp_script.vbs(3, 1) (null): 0x80041021
>
> but if I exeute it localy ( on the remote server with the my user ) it works
> fine.
>
> You must know it :
>
> . The servers are subdomains' members
> . I have the grant of Enterprise administrator
>
>
>
> I need help, I hope will can give me it!
>
> Sergio M.
>
>
>

Relevant Pages

  • Re: WMI and XP SP2 remote connection problem !!
    ... The firewall will block administrative ports unless policy has set them to ... Remote management ports and RPC are required for WMI. ...
    (microsoft.public.win32.programmer.wmi)
  • RE: Company Firewalls IP Address
    ... the Attacker's ISP (Internet Service Provider) location! ... It seems to me that our firewall should ... It's the ports that are open on your IP address that are the real ...
    (Security-Basics)
  • Re: Trouble accessing Outlook Web Access from behind firewall
    ... When starting the firewall I also set ... > rejected and dropped packets are logged, however I see nothing in my log ... > # Higher ports needed to accept incoming/outgoing calls ...
    (comp.security.firewalls)
  • Re: iptables configuration
    ... >> that if a 'virus/trojan' initiated a connection to the net, the firewall ... >> would not protect the LAN. ... The LAN is NATed with private IPs to one public IP. ... the ports that are used by services running on linux. ...
    (comp.os.linux.security)
  • Re: Norton Personal Firewall 2003
    ... |> First thing I would do is put the GRC test site into the Exclusions ... | ports they will not get the same result being in my blocklist, ... the firewall checks unsolicited inbound communications attempts. ...
    (comp.security.firewalls)