Skip to main content

Windows Firewall rules

If subscribers fail to list during auto discovery after they are configured to do so, this may be due to Windows Firewall not allowing the instance server to remotely access or manage the target system. You can edit the Windows Firewall rules under Start > Control Panel > Windows Firewall > Advanced settings. Verify that the following Firewall inbound rules are enabled and configured for the network profile used on the Windows Server:

For general listing of users, groups, attributes, subscribers, etc:

  • File and Printer Sharing (SMB-In)

For local service subscribers:

  • All Remote Service Management built-in rules (also required by iis subscribers)

  • Alternately, have custom rules with the following configurations:

    1. Port: TCP:135 (aka "RPC Endpoint Mapper")

      Listener: %SystemRoot%\system32\svchost.exe

      Service: rpcss

    2. Port: TCP:49152-65535 (aka "RPC Dynamic Ports" range)

      Listener: %SystemRoot%\system32\services.exe

      Service: n/a

    3. Port: TCP:445

      Listener: System

      Service: n/a

For iis subscribers:

  • A custom rule with the following configuration:

    • Port: TCP:49152-65535 (aka "RPC Dynamic Ports" range)

      Listener: %SystemRoot%\system32\dllhost.exe

      Service: n/a

For scheduled task subscribers:

  • All Remote Scheduled Tasks Management built-in rules

  • Alternately, have custom rules with the following configurations:

    1. Port: TCP:135 (aka "RPC Endpoint Mapper")

      Listener: %SystemRoot%\system32\svchost.exe

      Service: rpcss

    2. Port: TCP:49152-65535 (aka "RPC Dynamic Ports" range)

      Listener: %SystemRoot%\system32\svchost.exe

      Service: schedule

In this section: