Possible bug in x64 Remote Management firewall rule

Similar Messages

• Possible Bug on Analytic Workspace Manager 11.1.0.7B

  Gentlemen,
  Perhaps I am doing something wrong, but for some reason when I enable the Materialized View option for an Average Cube, the Query on the MV gets set to SUM instead of AVG. I have disabled and re-enabled the materialized view on the cube several times and yet it always comes back as:
  SELECT
  T1.DAY_ID TIME_DIM,
  T1.CHANNEL_ID DVC_LOC_DIM,
  SUM(TO_NUMBER(T1.FLOAT_VAL) )  AVG_VAL
  FROM
  Tabelname T1
  GROUP BY
  (T1.DAY_ID, T1.CHANNEL_ID)
  Thanks.
  Mariano J. Padilla

  There seems to be an additional problem with a Cube built to aggregate the averages. I have a cube with the following:
  Time dimension Day>Week>Month>Quarter>Year
  Location Dim Signal ID>Device Instance>Device type>Subsystem>System
  I have successfully built SUM, MIN, and MAX cubes with the above dimensions along with previous period calculated measures; however, when I select Average and compare the daily average for a signal from the simple "Select Avg(float_val), Sgnl_id, trunc(datefield, 'DD') as day_ID from TABLE group by SGNL_ID, trunc(datefield, 'DD')" query, the average numbers do not match. They are very much different, not just by a few rounding errors. The numbers differ as follows:
  Cube Average for one sgnl is 1.94 per day
  Average from query for one signal is 0.000143948.
  As you can see it is very much different. Perhaps I misunderstand the function of Average on the Cube or I have my Cube designed incorrectly?
  Thanks for your replies.
  Mariano

• RV042 - restrict remote managent

  Hi there,
  is it possible to protect the remote management with a firewall rule if it is enabled?
  I enabled the remote management with port 888, but i cannot restrict the access from external hosts.
  Thanks a lot for every help.
  Chris

  Hi Christian, thank you for using our forum, I already answered your question in this link https://supportforums.cisco.com/thread/2246602.
  I hope you find this answer useful,
  Thank you!
  Luis Arias.
  Cisco Network Support Engineer.

• RV042 - protect remote managent

  Hi there,
  is it possible to protect the remote management with a firewall rule if it is enabled? I changed the port to 888 and set a rule to deny all traffic to this port, but i can login to the router from external.
  Thanks a lot for your help.
  Chris

  Hi Christian, thank you for using our forum, my name is Luis I am part of the Small business Support community. When remote management is enabled, you can use a web browser to access the configuration utility from anywhere on the Internet. In a web browser, enter http://:port, or enter https://:port if you have enabled the HTTPS feature. The highlight part is the important section that I want to clarify, If you want to restrict the access from WAN to your router you must disable the HTTPS feature in order to do that. Also if you disable the HTTPS feature, then users cannot connect by using QuickVPN.
  Please go to Firewall > General and disable HTTPS option, then try to access your router remotely again.
  I hope you find this answer useful
  Greetings,
  Luis Arias.
  Cisco Network Support Engineer.

• Remote Management Config on NetInstall

  Hello.
  Is it possible to configure the Remote Management of a system when creating the Netinstall image? Say for example I install 100+ systems, I don't want to hook each one of these into a screen and manually configure Remote Management.
  Any advice or pointers on things to read up on would be great.
  Thanks.

  Hello.
  Is it possible to configure the Remote Management of a system when creating the Netinstall image? Say for example I install 100+ systems, I don't want to hook each one of these into a screen and manually configure Remote Management.
  Any advice or pointers on things to read up on would be great.
  Thanks.

• Odd firewall issue, remote management works on 1 server, not the other

  I've enabled port forwarding, made sure I mapped address to mac ports in the DHCP client settings (to ensure a "static" address), and choose the correct IP address for port forwarding. Then, I enable remote management on my snow leopard laptop then connect remotely (from outside lan) and it works. To the reverse, my 10.5.8 OS X server set up with the same items (although the menus are slightly different given each are diff versions), change port forwarding IP addresses on router, and try outside the lan from the client to connect to the server. Failed. Of course, remote management works fine on the LAN in both directions, only fails from snow leopard client to 10.5.8 server when not on same lan.
  So, to illustrate:
  10.5.8 (client) ---> internet --> router --> snow leopard laptop (server) WORKS!!
  snow leopard laptop (client) --> internet --> router --> 10.5.8 (server) FAILS!!!
  client --> LAN --> server (in either direction) WORKS!!
  Message was edited by: julebuggy

  I've enabled port forwarding, made sure I mapped address to mac ports in the DHCP client settings (to ensure a "static" address), and choose the correct IP address for port forwarding. Then, I enable remote management on my snow leopard laptop then connect remotely (from outside lan) and it works. To the reverse, my 10.5.8 OS X server set up with the same items (although the menus are slightly different given each are diff versions), change port forwarding IP addresses on router, and try outside the lan from the client to connect to the server. Failed. Of course, remote management works fine on the LAN in both directions, only fails from snow leopard client to 10.5.8 server when not on same lan.
  So, to illustrate:
  10.5.8 (client) ---> internet --> router --> snow leopard laptop (server) WORKS!!
  snow leopard laptop (client) --> internet --> router --> 10.5.8 (server) FAILS!!!
  client --> LAN --> server (in either direction) WORKS!!
  Message was edited by: julebuggy

• Guide to remote manage Hyper-V servers and VM's in workgroups or standalone

  This guide is based on the following 3 products:
  Windows server 2012 (core)
  Windows 8
  Hyper-V server v3 / Hyper-V server 2012
  The following guide will enable you to:
  1: remotely manage your Hyper-V Virtual Machines with Hyper-V manager
  2: remotely manage your Hyper-V servers' firewall with a MMC snap-in.
  3: remotely manage your Hyper-V server (2012) with server manager
  ! This should also work for Core installations of server 2012, but I haven't tried.
  This guide is purely focussed on servers in a WORKGROUP, or as a stand alone.
  I CAN NOT tell you what you need to do to get it working in a domain.
  * You can run these commands straight from the console (Physically at the machine) or through RDP.
  * You will need to be logged on as an administrator.
  * Commands are listed in somewhat random order; I do however advise to follow the steps as listed.
  * Commands with ? in front of them are only ment to be helpfull for troubleshooting,
  * and to identify settings and changes made.
  * Commands and instructions with ! in front of them are mandatory.
  - server: means the server core or hyper-v server (non gui)
  - client: means the machine you want to use for remote administration.
  - Some commands are spread over 2 lines; be sure to copy the full syntax.
  > To enable the Hyper-V manager to connect to your server, you need to perform the following 2 actions: (Assuming you have already installed the feature)
  1:
  ! Client: Locate the C:\Windows\System32\Drivers\etc\hosts file.
  ! right-click --> properties --> security
  ! click --> edit --> add --> YOURUSERNAME or Administrator --> OK
  ! then select this new user, and tick the "modify"-box under the "allow"-section.
  ! apply the change, and close.
  ! doubleclick the file, and open with notepad
  ! add the ip-address and name of your server (no // or other crap needed)
  ! Save the file
  # I recommend putting a shortcut to this file on the desktop.
  # If you change the ip-address of your server (e.g. move the server from staging to a live environment)
  # you might forget to do so in the hosts file.
  # Hyper-V manager, MMC, RSAT, and Server-manager all rely on the hosts-file to resolve the name.
  # some of these might connect to their respective service on an i.p.-level, but some don't.
  # This is the main reason you need to modify this file.
  ! USE AN ELEVATED CMD/POWERSHELL PROMPT TO CONTINUE !
  # the next config needs to be done on windows 8.
  # It seems that it's already preconfigured under server 2012
  2:
  ! Client: dcomcnfg
  ! open component services --> computers
  ! right-click -> my computer -> properties
  ! select "COM SECURITY" tab
  ! under "ACCESS PERMISSIONS" select "edit limits"
  ! select "ANONYMOUS LOGON", and tick "remote access" under ALLOW
  # Without this adjustment, you can't connect to your Hyper-V server
  # with the Hyper-V manager if you're not in a domain.
  > And if you haven't done so already... make sure you have enabled remote management number 4 on the Hyper-V server console.
  > Next, is to get the MMC firewall snap-in working.
     The reason for this, is to have a GUI available to configure it.
     If you're happy without it, you may skip this and use a shell instead to do so.
  ? server: netsh advfirewall show currentprofile
  # shows the current profile (public/domain/private) and its settings
  # depending on your needs, you should set the right profile to fit your needs.
  # You can easily do this when the MMC snap-in is done. (after you've followed these steps)
  ! server: netsh advfirewall set currentprofile settings remotemanagement enable
  # enables remote management of the firewall on an application level 
  # (In other words: allows the firewall to be remotely managed)
  ! server: netsh advfirewall firewall set rule group="Windows Firewall Remote Management" new enable=yes
  # allows remote management of the firewall, through the required firewall ports with TCP protocol.
  # 4 rules will be updated to allow access: public & Domain, dynamic and endpoint-mapper.
  # You can disable/add/change the rule from the MMC snap-in after finishing this guide.
  # e.g. set the firewall through the MMC-GUI to only allow specific ip-addresses etc.
  ? server: netsh advfirewall firewall show rule all
  # Shows a list of available rules, and their current state.
  # when run from cmd, the list exceeds the maximum length for review.
  # (from cmd,type:) start powershell, and run the command from there.
  ! Client: cmdkey /add:YOURSERVERNAME /user:USERNAMEONTHESERVER /pass:THEPASSWORDOFTHATUSER
  # I recommend you to use a username with enough privileges for management
  # All capital letters need to be replaced with your input
  # CMD answers "credential added successfully" when you're done
  ! Client: locate MMC, and run it as an admin.
  # In windows 8/2012, go to search and type MMC. Right-click the icon, 
  # and choose run as admin on the bar below.
  ! Client: application MMC: select "file" --> Add/remove snap-in 
  ! --> (left pane) scroll down to "windows firewall" --> select and click "add"
  ! select "another computer"
  ! type the name of the server you want to manage (NO workgroup/ or //, just same name as you typed for cmdkey)
  * Part 2 is done.
  # Have a look by doubleclicking the firewall icon in the left pane.
  # It looks and works the same as the GUI version that you are familiar with.
  ! Next is the Server Manager.
  # Follow the steps listed to get your server listed and manageable in the server manager.
  ! Client: Open the created Firewall snap-in for your server.
  ! Find the 3 "Remote Event Log Management" entries in the list of INBOUND rules, and enable them.
  ! Open powershell --> in cmd windows, type: start powershell
  ! run the following line in powershell
  ! Client: in C:\Windows\system32> set-item WSMAN:\localhost\client\trustedhosts -value YOURSERVERNAME -concatenate
  # WinRM Security Configuration.
  # This command modifies the TrustedHosts list for the WinRM client. The computers in the TrustedHosts list might not be
  # authenticated. The client might send credential information to these computers. Are you sure that you want to modify
  # this list?
  # [Y] Yes  [N] No  [S] Suspend  [?] Help (default is "Y"): y
  # I recommend to choose yes; unless you like to pull some more hairs...
  ! server: winrm qc
  # WinRM service is already running on this machine.
  # WinRM is not set up to allow remote access to this machine for management.
  # The following changes must be made:
  # Configure LocalAccountTokenFilterPolicy to grant administrative rights remotely
  # to local users.
  # Make the changes? y / n
  !  select yes
  ! Client: open the server 2012 server manager
  ! click manage -> add server
  ! select the DNS tab, and type the name of your server
  Done.
  You can now manage your remote server through the familiar computer management GUI.
  ! Right-click your remote server, and select "Computer Management"
  A few side notes:
  ? The Performance tab seems to list the local machine's performance, in stead of the remote servers'
  ? If you want Windows server backup, you need to right-click the server in the server manager, and select "add roles and features.
  ? it will then become available under the "computer management" of the remote server.
  If you liked this guide you may thank my employer, Mr. Chris W.
  for giving me the time to work it all out.
  Cheers!

  As a little update to the post, I'd like to add that replication, clustering and migration will not work in workgroup environments. Unless someone can provide an additional guide for this, I'd recommend anyone to no even bother to try.
  To manage the standalone hyper-v server in a remote location over the internet, I would recommend the following:
  Install windows 8 pro (x86 uses less resources!) as a vm on the host, and assign 2 network connections to it.
  1 external (shared with host) (be sure you have a dedicated ip-address for it!)
  1 internal connection.
  What I did was this:
  As soon as you've installed the win8 guest, proceed with the guide as described.
  For the 1st step of the guide (hosts-file) use the ip-address you will later assign to the "internal" network switch of the host!
  In my example, I'm using 10.0.0.1 for the host, and 10.0.0.2 for the guest.
  To be clear: I first used the guide on a LAN-environment, and did all the steps from a "real" client to server on the LAN.
  Then, installed the win8 guest on the host using the "real" clients' hyper-v manager over the LAN.
  Next, assigned the 2 network connections to the VM, and configured them as follows:
  external - as you would to be able to make your guest reach the internet.
  internal - I used the following config:
  ip-address: 10.0.0.2
  subnet: 255.255.255.252
  gateway - blank
  dns - Blank
  Now, when you get to the console of the hyper-v server (host) or RDP to it, go to network settings.
  You'll see that the internal card has been added here as well.
  Configure it as follows:
  ip-address: static - 10.0.0.1
  subnet: 255.255.255.252
  gateway - blank
  dns - blank
  You should now be able to ping your guest (win8) on 10.0.0.2 if it's running.
  Don't forget to enable ping response (option 4 on the host) to test connectivity the other way around as well (guest to host)
  When you're done, you'll be able to RDP to the guest OS over the internet, and then connect to the host with server manager, hyper-v manager, and MMC.
  Don't forget to enable each module on the hosts' firewall to make the snap-ins work!
  Remote volume management requires your guest/client firewall INcoming ports to be enabled as well! not just the host.
  Either update the firewall rules from the MMC gui as described in the guide, or use the following commands on the
  hosts' powershell:
  Enable the firewall rules with the command Enable-NetFirewallRule -DisplayGroup "USE_THE_COMMANDS_BELOW" (include the " " in the command)
  Remote Service Management
  Remote Volume Management
  Remote Event Log Management
  Remote Scheduled Tasks Management
  Windows Firewall Remote Management
  Windows Remote Management
  You can get the list with Get-NetFirewallRule -DisplayName *management*
  You can get the list with Get-NetFirewallRule -DisplayName *remote*
  Commands provided with credits to F. verstegen
  Cheers,
  Michael.
  Sigh...

• OIM 11.1.1.5.0 - Remote Manager not working

  Hi everyone,
  I am working with an AD which I installed on a different machine than my OIM and I would like to install Remote Manager with my AD. I followed all the steps which are described in the documentation but when I launch RemoteManager.bat, I have the following in the console :
  D:\Oracle\Middleware\Oracle_IDM1\remote_manager>"D:\Oracle\Middleware\jdk160_24\jre/bin/java" -cp .;.\lib\xlAPI.jar;.\lib\xlVO.jar;.\lib\xlScheduler.jar;.\lib\xlRemoteManager.jar;.\lib\xerces.jar;.\lib\xlDataObjects.jar;.\lib\log4j-1.2.8.jar;.\lib\xlUtils.jar;.\lib\xlLogger.jar;.\lib\xlCrypto.jar;.\lib\iam-platform-utils.jar;.lib\oimclient.jar;.\ext\spring.jar -Dlog4j.configuration=config\log.properties -DXL.HomeDir=D:/Oracle/Middleware/Oracle_IDM1/remote_manager com.thortech.xl.remotemanager.RemoteManager
  19 mars 2012 14:31:02 com.thortech.util.logging.Logger info
  INFO: Class/Method: RMIClientSocketFactory/static: sslEnabled : trueSSLContextAlgorithm : TLSKeyManagerFactory : SunX509KeyStore : D:\Oracle\Middleware\Oracle_IDM1\remote_manager\config\default-keystore.jksKeyStoreType : JKSTrustStore : default-keystore.jks
  19 mars 2012 14:31:02 com.thortech.util.logging.Logger info
  INFO: Class/Method: RMISSLServerSocketFactory/createServerSocket Remote Managerserver socket port is 12346
  19 mars 2012 14:31:02 com.thortech.util.logging.Logger info
  INFO: Class/Method: RMISSLClientSocketFactory/createSocket Remote Manager client socket Host is (+my ip address+) and port is 12346
  I'm not sure this means Remote Manager is working cause I have a problem when I am creating the IT Ressource on OIM : connection refused to host : (+my ip address+). And when I use nmap, I can notice that port 12346 is not open.
  Thanks for your help !
  Thibault

  Hi Thibault,
  Your problem looks like a firewall problem between these servers, because you should be able to do telnet once it is up into both(SSL and NONSSL) ports, default 12346 and 12345.
  What I normally do is:
  DEBUG,20 Mar 2012 09:17:10,170,[XELLERATE.REMOTEMANAGER],Class/Method: RemoteMan
  ager/RemoteManager: Binding Remote Manager to: rmi://TLEONCIO:12346/RManager
  ...DONE
  Allow unsafe renegotiation: false
  Allow legacy hello messages: true
  Is initial handshake: true
  Is secure renegotiation: false
  RMI TCP Connection(3)-OIM-IP, setSoTimeout(7200000) called
  RMI Scheduler(0), called close()
  RMI Scheduler(0), called closeInternal(true)
  RMI Scheduler(0), SEND TLSv1 ALERT: warning, description = close_notify
  Padded plaintext before ENCRYPTION: len = 18
  0000: 01 00 CF D4 CD 02 55 6E CA 00 E5 08 E8 EC 5C 19 ......Un......\.
  0010: 81 4E .N
  RMI Scheduler(0), WRITE: TLSv1 Alert, length = 18
  [Raw read]: length = 5
  [Raw write]: length = 23
  0000: 00001: 5 1035 01 00 120 3 .....
  [Raw read]: length = 18
  0000: EA 35 E7 8F 7F DB C0 01 000C 1 68 2A 24D EA 35 E 71C 8 F0B 7F 8DB0 C
  0 DF 5 A0C 68 2A .54..D. ...h*M....Z
  0010: F4 29 ......5 .)
  RMI TCP Connection(2)-THIAGO_REMOTEMANAGER_IP, READ: TLSv1 Alert, length = 18
  Padded plaintext after DECRYPTION: len = 18
  ....0..h*M0
  000010: 01 : 10C0 0 BCF D 840 DF CD 02 5 A55 6 EF4 29 C
  ..A 00 E5. 08 E8 EC.Z 5C .)1
  9 ......Un......\.
  0010: 81 4E .N
  RMI TCP Connection(2)-THIAGO_REMOTEMANAGER_IP, RECV TLSv1 ALERT: warning, close_notify
  RMI TCP Connection(2)-THIAGO_REMOTEMANAGER_IP, called closeInternal(false)
  RMI TCP Connection(2)-THIAGO_REMOTEMANAGER_IP, SEND TLSv1 ALERT: warning, description = c
  lose_notify
  Padded plaintext before ENCRYPTION: len = 18
  0000: 01 00 E1 43 9E 6C 4E BF 97 10 03 BA 29 1A 01 EA ...C.lN.....)...
  0010: 08 30 .0
  RMI TCP Connection(2)-THIAGO_REMOTEMANAGER_IP, WRITE: TLSv1 Alert, length = 18
  [Raw write]: length = 23
  0000: 15 03 01 00 12 0A F7 B7 14 70 18 A0 2C 05 E3 21 .........p..,..!
  0010: 4E D0 27 26 FE 6E F3 N.'&.n.
  RMI TCP Connection(2)-THIAGO_REMOTEMANAGER_IP, called close()
  RMI TCP Connection(2)-THIAGO_REMOTEMANAGER_IP, called closeInternal(true)
  RMI TCP Connection(2)-THIAGO_REMOTEMANAGER_IP, called close()
  RMI TCP Connection(2)-THIAGO_REMOTEMANAGER_IP, called closeInternal(true)
  I write into Telnet command and into telnet connection I write one command called +'EHLO something'+ to write and check a message from OIM-Server to RM-Server using SSL_port
  -->telnet THIAGO_REMOTEMANAGER_IP 12345
  [oracle@xxxxx~]$ telnet THIAGO_REMOTEMANAGER_IP 12345
  Trying THIAGO_REMOTEMANAGER_IP...
  Connected to THIAGO_REMOTEMANAGER_IP (192.xxx.xxx.xxx).
  Escape character is '^]'.
  EHLO THIAGO
  then you will see something like this:
  [Raw read]: length = 5
  0000: 45 48 4C 4F 20 EHLO ****
  RMI TCP Connection(3)-OIM-IP, receive SSL message
  RMI TCP Connection(3)-OIM-IP, WRITE: TLSv1 true, length = 2
  [Raw write]: length = 7
  0000: 15 03 01 00 02 02 0A .......
  RMI TCP Connection(3)-OIM-IP, called closeSocket()
  RMI TCP Connection(3)-OIM-IP, called close()
  RMI TCP Connection(3)-OIM-IP, called closeInternal(true)
  but as I said, first the telnet should be ok. If not, take a look into your firewall rules and let us know.
  I hope this helps,
  Thiago Leoncio

• [Solved] Windows Firewall rule that allows Windows Update

  Can anyone kindly give me a Windows Firewall rule that allows Windows Update? Assume I'm running MMC's "Windows Firewall with Advanced Security" snap-in as Administrator. Note that a "solution" that takes down the outbound firewall is
  not acceptable.
  Thank You.
  ===== Solution =====
  Suppose that, as the default, you've set the outbound firewall to block (see
  To close the outbound firewall, below). In order for Windows Update to check whether an update is available and then to download the update files, you first need an outbound firewall
  allow-rule that allows the Windows Update service to pass through the outbound firewall.
  Prerequisite: Knowledge of the Microsoft Management Console (MMC) and its "Windows Firewall with Advanced Security" plug-in.
  What you will do: You will use the "Windows Firewall with Advanced Security" MMC plug-in to create an outbound firewall rule that
  allows '%SystemRoot%\System32\svchost.exe' (the generic service driver) to pass through the outbound firewall on behalf of 'wuauserv' (the name of the specific service that performs the update).
  Warning: If you don't know what I'm writing about, get help.
  Name: Allow Windows Update (...or any name you prefer - it doesn't matter)
  Group:
  Profile: Public
  Enabled: Yes
  Action: Allow
  Program: %SystemRoot%\System32\svchost.exe
  Local Address: Any
  Remote Address: Any
  Protocol: Any
  Local Port: Any
  Remote Port: Any
  Allowed Computers: Any
  Status: OK
  Service: wuauserv
  Rule Source: Local Setting
  Interface Type: All interface types
  Excepted Computers: None
  Description:
  To open the outbound firewall:
  More accurate wording would be
  Outbound connections are allowed unless explicitly blocked by a rule.
  If you look at the standard rules you will find no block-rules. That means that nothing is blocked, everything is allowed, and the outbound firewall is wide open.
  To close the outbound firewall:
  More accurate wording would be
  Outbound connections are blocked unless explicitly allowed by a rule.
  If you look at the standard rules you will find only allow-rules that have been crafted to allow the vital Windows connections to pass through the outbound firewall. To an informed observer it's obvious that the firewall engineers crafted these
  allow-rules so that users who closed the outbound firewall wouldn't have to write them. But the firewall engineers left out Windows Update.

  Hi mark,
  Thanks for sharing, it will help other users who have similar issue.
  Regards

• RV042 portforwarding overrule firewall rule?

  We have a setup where our e-mail server is hosted in-house.
  Our network is connected through a RV042 gateway.
  Port 25 is forwarded to our internal e-mail server.
  Our smtp service should be limited to receiving incomming connections only from 4 specific ip ranges which I set up in the firewall rules.
  The reason is that all smtp is managed and protected by an external anti-spam/vires provider.
  However it looks like any computer is able to connect to our port 25 and be forwarded to our e-mail server.
  Does portforwarding overrule firewall rules - ie. you can not limit access with the firewall if you decide to port forward?
  Is this a "fixable" situation - or is the RV042 not built for handling this setup?

  The above link did not really help.
  The default rules seems not to be honored when adding portforwarding.
  We have from IP ranges (from our SMTP anti-spam/anti-virus provider) that should be allowed to access our SMTP server.
  What I did (that did not work) was :
  1. Added port forwarding on WAN1 port 25 to LAN SMTP server port 25
  2. Added 4 rules to allow for the 4 IP ranges to accept connection
  3. Tested from the 4 ip ranges if connection was accepted and mail delivery was possible - checked OK
  4. Tested from outside the 4 ip ranges if connection was accepted and mail delivery was possible... IT WAS POSSIBLE TO CONNECT
  The fix was to add a rule after the 4 smtp accept rules to deny all access to port 25.
  What this indicates to me is that the default deny rule that deny all traffic on WAN1 was not honored on port forwarding.

• Firewall rules getting set automatically

  When my users try to access the firewall tab of the Sharing preference pane, they get the "Other firewall software is running on your computer" error. There is no other firewall software running and i've tried the 'ipfw flush' solution. This works temporarily, but as soon as I restart the computer, this rule keeps popping up when I run 'ipfw list':
  00001 allow udp from any 626 to any dst-port 626
  Is there some software that automatically adds this rule to the firewall? Xsan? Remote Desktop?
  Thanks!
  Jason
  G5s   Mac OS X (10.4.7)  

  It seems to be this entry that's causing the OS X firewall to think there's other firewall software managing settings and won't allow me to manage the firewall through the PreferencePane.
  Is there a way to stop it from being added or a workaround so we can manage firewall settings via the GUI?

• NCF and Netware Remote Manager

  Hi there.
  Is there any issues with Novell client Firewall and Netware Remote
  Manager inside my LAN?
  When I try to access NRM on ports 8008/8009, for some servers I can
  connect but for others I can't.
  If I unload NCF, everything comes back to normal with NRM.
  I have already created rules to allow these ports, but nothing.
  Any ideas?

  Brad Averbeck wrote:
  > Are the servers on the same subnet as you? Do you have that subnet
  > trusted? This is my situation and maybe that's why I don't have a
  > problem with it. You could try trusting the server IP. You get
  > there by clicking on the options button/system tab/settings button
  > for Lan settings. Click on add and type in the IP address.
  >
  > Brad
  >
  >
  > Carlos Almeida Jr. wrote:
  > > Brad Averbeck wrote:
  > >
  > >
  > > > I use NRM all the time and have had no problems. When you look at
  > > > the activity, does it show a block for ports 8008/8009 and a
  > > > reason?
  > > >
  > > > Brad
  > > >
  > > > Carlos Almeida Jr. wrote:
  > > >
  > > > > Hi there.
  > > > >
  > > > > Is there any issues with Novell client Firewall and Netware
  > > > > Remote Manager inside my LAN?
  > > > >
  > > > > When I try to access NRM on ports 8008/8009, for some servers I
  > > > > can connect but for others I can't.
  > > > >
  > > > > If I unload NCF, everything comes back to normal with NRM.
  > > > >
  > > > > I have already created rules to allow these ports, but nothing.
  > > > >
  > > > > Any ideas?
  > >
  > >
  > > Brad,
  > >
  > > There is no block at all, at least I can't find any.
  > >
  > > I've looked at Firewall Log Viewer and there is nothing blocked. As
  > > I said, I can connect to some servers, not to some of them.
  > >
  > > I have created a rule for ports 8008/8009 but it didn't work too.
  Yes, the servers are on the same subnet.
  I have the subnet trusted and I have added the IP of the server
  especifically as trusted, and it is not working yet.

• What Specific Firewall Rules are Needed for the DPM Server?

  Hello,
  We want to confirm which firewall ports need to be opened on the DPM server (not protected servers) for all DPM processes, so that we can set these rules in group policy. Below are what we
  think are the needed rules. Note that we have rules for both new DPM 2012 installs and upgrades from DPM 2010 to 2012, since these use different program paths.
  Rule Name
  Program Path
  Protocol
  Local Port
  DPM 2012 DCOM Port
  Any
  TCP
  135
  DPM 2012 AM Port
  Any
  TCP
  6075
  DPM 2012 RTM Agent Coordinator
  C:\Windows\Microsoft Data Protection Manager\DPM\ProtectionAgents\AC\4.0.1908.0\dpmac.exe
  Any
  Any
  DPM 2012 SP1 Agent Coordinator
  C:\Windows\Microsoft Data Protection Manager\DPM\ProtectionAgents\AC\4.1.3313.0\dpmac.exe
  Any
  Any
  DPM 2012 R2 Agent Coordinator
  C:\Windows\Microsoft Data Protection Manager\DPM\ProtectionAgents\AC\4.2.1205.0\dpmac.exe
  Any
  Any
  DPM 2012 AM Service Host (New Install
  %ProgramFiles%\Microsoft System Center 2012\DPM\DPM\bin\AMSvcHost.exe
  Any
  Any
  DPM 2012 AM Service Host (Upgrade Install)
  %ProgramFiles%\Microsoft DPM\DPM\bin\AMSvcHost.exe
  Any
  Any
  DPM 2012 DPM AM Service (New Install)
  %ProgramFiles%\Microsoft System Center 2012\DPM\DPM\bin\DPMAMService.exe
  Any
  Any
  DPM 2012 DPM AM Service (Upgrade Install)
  %ProgramFiles%\Microsoft DPM\DPM\bin\DPMAMService.exe
  Any
  Any
  DPM 2012 MSDPM (New Install)
  %ProgramFiles%\Microsoft System Center 2012\DPM\DPM\bin\msdpm.exe
  Any
  Any
  DPM 2012 MSDPM (Upgrade Install)
  %ProgramFiles%\Microsoft DPM\DPM\bin\msdpm.exe
  Any
  Any
  DPM 2012 DPMRA (New Install)
  %ProgramFiles%\Microsoft System Center 2012\DPM\DPM\bin\DPMRA.exe
  Any
  Any
  DPM 2012 DPMRA (Upgrade Install)
  %ProgramFiles%\Microsoft DPM\DPM\bin\DPMRA.exe
  Any
  Any
  Questions:
  Are any of these rules not needed?
  We know the Agent Coordinator rules are needed on protected servers. Are they also needed on the DPM server (including if we use secondary DPM servers)?
  The DPM Configuring Firewalls TechNet page says DCOM uses TCP 135 and the RPC Dynamic ports. Does that mean we also need a rule that opens all TCP RPC Dynamic ports for
  any program? Or is this not necessary since we have rules for msdpm.exe and dpmra.exe? Reference:
  http://technet.microsoft.com/en-us/library/hh757794
  What other rules may be missing, if any?
  Note that we do not include rules for ports 53 (DNS), 88 (Kerberos), 389 (LDAP), 137-139 & 445 (NetBIOS) because we already open these ports in other group policy objects.
  Also, the below forums post says two exceptions for SQL Server are needed on the DPM server to allow the Remote Administrator console to work. Is there any documentation in the DPM TechNet site on these rules?
  http://social.technet.microsoft.com/Forums/en-US/aa88fd00-6836-46d3-8a93-edb487109118/dpm-2012-remote-administration?forum=dataprotectionmanager
  Thanks,
  -Taylorbox

  Does anyone have any comments on this post? We would especially appreciate some input from Microsoft reps to help us ensure we're setting up the correct firewall rules.
  Thanks,
  -Taylorbox

• Rv220w- content filtering ignoring firewall rules

  Hello,
  I face a strange bahavior with my rv220w router : I set up access rules to deny all outbound trafic for a particular IP range. It seems to work fine .... but when I enable content filtering, HTTP  access on port 80 works again (and other ports are denied). It seems that activating content filtering makes the router ignore firewall rule. Bug ? Or did I miss someting ?
  Thanks in advance for your help.

  Hello,
  I've opened case # 621056469. The support engineer told me that he'll try to reproduce the problem on his side, and contact me back for remote testing on my own router. If the issue is already known, does it have some kind of ref number so that I can inform him ? Is a fix already planned for  a future firmware release ?
  Thanks for your help.

• 1456: The remote management agent is unable

  Hi
  I have :
  Server NW6.5 Sp5
  Zenworks desktop 6.5 SP2
  Client NT4 SP6 - Client novell 4.90 SP2
  W2000 SP4 - Client novell 4.91 SP2 - Agent Zen SP2
  WXP SP2 - Client novell 4.91 SP2 - Agent Zen SP2
  The problem is that I can't connet with "remote management" some PC with XP;
  The error in log file is:
  #(464)# 10.16.27 02/16/06 Normal : Loading :
  C:\Programmi\Novell\ZENworks\WMSchApi.dll
  #(464)# 10.16.27 02/16/06 Critical : Workstation NOT yet authenticated...
  #(464)# 10.16.27 02/16/06 Critical : ZENNDSUtil: initializeContext()
  failed...
  #(464)# 10.16.27 02/16/06 Normal : Reading workstation DN and tree name...
  #(464)# 10.16.27 02/16/06 Normal : workstation DN -
  PC01-WINXP-00:0B:CD:F8:F2:44., treename - TREE_GROUP
  #(464)# 10.16.27 02/16/06 Normal : Loading :
  C:\Programmi\Novell\ZENworks\WMSchApi.dll
  #(464)# 10.16.27 02/16/06 Critical : Workstation NOT yet authenticated...
  #(464)# 10.16.27 02/16/06 Critical : ZENNDSUtil: initializeContext()
  failed...
  #(464)# 10.16.27 02/16/06 Normal : Neither policy settings active. All
  operations disabled.
  #(464)# 10.16.27 02/16/06 Normal : ZENNDSUtil: Finished reading policies
  #(464)# 10.16.27 02/16/06 Normal : ZENNDSUtil: Unloaded modules...
  #(464)# 10.16.27 02/16/06 Normal : UnLoadZenAutilLibrary :Successfully
  unloaded ZenAutil.dll
  #(464)# 10.17.48 02/16/06 Normal : RMSessionFinished - Begin
  If I check if the ogject workstation is authenticated on NDS, I not find the
  connection.
  I can connect only with che workstation that are list in connection.
  Why some workstation connect to NDS ?
  Thanks for help.
  Gianluigi

  Try deleting the workstation object and reboot the workstation (sometimes
  a 2nd reboot is required).
  > Hi
  >
  > Another information, if I use only the agent with out client novell, I
  have
  > no problem because the workstation is connect to NDS.
  > If I want use client novell and Middle Tier is possible set Middle Tier
  how
  > default connection for remote manager ?
  >
  > Thank
  >
  > Gianluigi
  >
  > "Gianluigi Cortinovis" <[email protected]> ha scritto nel messaggio
  > news:[email protected]...
  > > No, I have disable windows firewall.
  > >
  > > Gianluigi
  > >
  > > "craig wilson" <[email protected]> ha scritto nel messaggio
  > > news:[email protected]...
  > >> Windows Firewall perhaps?
  > >>
  > >> --
  > >> Craig Wilson
  > >> Novell Product Support Forum Sysop
  > >> Master CNE, MCSE 2003, CCNA
  > >>
  > >> Editor - http://www.ithowto.com
  > >>
  > >> (Seeking Full-Time Expert? Drop me a note :> )
  > >>
  > >>
  > >> "Gianluigi Cortinovis" <[email protected]> wrote in message
  > >> news:[email protected]...
  > >>> Hi
  > >>>
  > >>> I have :
  > >>> Server NW6.5 Sp5
  > >>> Zenworks desktop 6.5 SP2
  > >>>
  > >>> Client NT4 SP6 - Client novell 4.90 SP2
  > >>> W2000 SP4 - Client novell 4.91 SP2 - Agent Zen SP2
  > >>> WXP SP2 - Client novell 4.91 SP2 - Agent Zen SP2
  > >>>
  > >>>
  > >>> The problem is that I can't connet with "remote management" some PC
  with
  > >>> XP;
  > >>> The error in log file is:
  > >>>
  > >>> #(464)# 10.16.27 02/16/06 Normal : Loading :
  > >>> C:\Programmi\Novell\ZENworks\WMSchApi.dll
  > >>> #(464)# 10.16.27 02/16/06 Critical : Workstation NOT yet
  > >>> authenticated...
  > >>> #(464)# 10.16.27 02/16/06 Critical : ZENNDSUtil: initializeContext
  > >>> failed...
  > >>> #(464)# 10.16.27 02/16/06 Normal : Reading workstation DN and tree
  > >>> name...
  > >>> #(464)# 10.16.27 02/16/06 Normal : workstation DN -
  > >>> PC01-WINXP-00:0B:CD:F8:F2:44., treename - TREE_GROUP
  > >>> #(464)# 10.16.27 02/16/06 Normal : Loading :
  > >>> C:\Programmi\Novell\ZENworks\WMSchApi.dll
  > >>> *******************************************
  > >>> #(464)# 10.16.27 02/16/06 Critical : Workstation NOT yet
  > >>> authenticated...
  > >>> #(464)# 10.16.27 02/16/06 Critical : ZENNDSUtil: initializeContext
  > >>> failed...
  > >>> *******************************************
  > >>> #(464)# 10.16.27 02/16/06 Normal : Neither policy settings active.
  All
  > >>> operations disabled.
  > >>> #(464)# 10.16.27 02/16/06 Normal : ZENNDSUtil: Finished reading
  policies
  > >>> #(464)# 10.16.27 02/16/06 Normal : ZENNDSUtil: Unloaded modules...
  > >>> #(464)# 10.16.27 02/16/06 Normal :
  UnLoadZenAutilLibrary :Successfully
  > >>> unloaded ZenAutil.dll
  > >>> #(464)# 10.17.48 02/16/06 Normal : RMSessionFinished - Begin
  > >>>
  > >>>
  > >>> If I check if the ogject workstation is authenticated on NDS, I not
  find
  > >>> the connection.
  > >>>
  > >>> I can connect only with che workstation that are list in connection.
  > >>>
  > >>> Why some workstation connect to NDS ?
  > >>>
  > >>> Thanks for help.
  > >>>
  > >>> Gianluigi
  > >>>
  > >>>
  > >>
  > >>
  > >
  > >
  >
  >