ITT: Resultant Set of Policy, Services view or Remote Disk Management – “RPC Server is Unavailable” (Solved)

Update June 17, 2005:

Progress at least getting the remote disk management to work thought the SP2 firewall.
I am chaning the status to this issue to SOLVED

I can confirm that the solution suggested by Tori in the comments works. the following program exeptions must be added to your firewall policy in order for the Logical Disk Management Service to be accesable through the firewall, dispite having already turned on the options Allow Remote Administration Exception and Allow File and Printer Sharing Exception:

Define Program Exeptions:

(replace localsubnet with whatever access source you wish to grant, see the explain tab for more info )

c:windowssystem32dmadmin.exe:locasubnet:enabled:Logical Disk Manager
c:windowssystem32dmremote.exe:locasubnet:enabled:Logical Disk Manager Remote Access


As for other RPC errors using remote administratior, such as RSoP.. make sure you dont have the option Do Not Allow Exceptions turned on in your firewall domain policy. It easy to turn this setting on under the asumption that the setting would only effect locally logged on users. But it effectively turns off any other local exeptions you have defined in your policy.

——————————————————

Update 23 March 2005:


I have returned to this issue at work, purely by coincidence.
This time, its a very simple classroom setup, same configuration: GPO with settings for the SP2 firewall, firewall enabled, remote admin enabled, file and print sharing enabled.

Curiously, this time, resultant set of policy works oke though the firewall, but remote disk management ( Logical Disk Manager service ) does not. Had another look on google, but nothing new. Didnt find my blog post either, probably havnt used the right keywords often enough.

If I feel up to it, I will dig deeper.

————————————————————

Original post,

Resultant Set of Policy – “RPC Server is Unavailable”

So there seems to be a problem with DCOM or RPC over the Windows XP SP2 firewall.

The problem above also manifests itself when you use MSinfo32.exe to collect info on an external computer. And also appears when you try access the disk manager of the remote pc, via the Computer Management Snap-in.

Discounted all other things, as RSoP and all of the abobe works just fine with the firewall turned off.

Also note, that all the firewall settings are being pushed via Group Policy, and that the policy is not being overidden by anything above it, the application of the correct settings can be observed live on the client.

Now via Group Policy, you can set some settings that are suppose to open up all the management ports you could need within your lan/domain:

Windows Firewall: Allow local program exceptions

This will open up the following ports on the client machines:

TCP Port 135 for (DCOM) (DCE/RCP Endpoint Mapper)
TCP Port 445 for (RPC)

Allows remote administration of this computer using administrative tools such as the Microsoft Management Console (MMC) and Windows Management Instrumentation (WMI). To do this, Windows Firewall opens TCP ports 135 and 445. Services typically use these ports to communicate using remote procedure calls (RPC) and Distributed Component Object Model (DCOM). This policy setting also allows SVCHOST.EXE and LSASS.EXE to receive unsolicited incoming messages and allows hosted services to open additional dynamically-assigned ports, typically in the range of 1024 to 1034.
If you enable this policy setting, Windows Firewall allows the computer to receive the unsolicited incoming messages associated with remote administration. You must specify the IP addresses or subnets from which these incoming messages are allowed.
If you disable or do not configure this policy setting, Windows Firewall does not open TCP port 135 or 445. Also, Windows Firewall prevents SVCHOST.EXE and LSASS.EXE from receiving unsolicited incoming messages, and prevents hosted services from opening additional dynamically-assigned ports. Because disabling this policy setting does not block TCP port 445, it does not conflict with the “Windows Firewall: Allow file and printer sharing exception” policy setting.
Note: Malicious users often attempt to attack networks and computers using RPC and DCOM. We recommend that you contact the manufacturers of your critical programs to determine if they are hosted by SVCHOST.exe or LSASS.exe or if they require RPC and DCOM communication. If they do not, then do not enable this policy setting.
Note: If any policy setting opens TCP port 445, Windows Firewall allows inbound ICMP echo request messages (the message sent by the Ping utility), even if the “Windows Firewall: Allow ICMP exceptions” policy setting would block them. Policy settings that can open TCP port 445 include “Windows Firewall: Allow file and printer sharing exception,” “Windows Firewall: Allow remote administration exception,” and “Windows Firewall: Define port exceptions.

Then you also have this one:

Windows Firewall: Allow File and Print Sharing exception

This will open up the following ports on the client machines:

TCP Port 139 (Netbios Session Service)
TCP Port 445 (RPC)
UDP Port 137 (Netbios Name Service)
UDP Port 138 (Netbios Datagram Service)

Allows file and printer sharing. To do this, Windows Firewall opens UDP ports 137 and 138, and TCP ports 139 and 445.
If you enable this policy setting, Windows Firewall opens these ports so that this computer can receive print jobs and requests for access to shared files. You must specify the IP addresses or subnets from which these incoming messages are allowed. In the Windows Firewall component of Control Panel, the “File and Printer Sharing” check box is selected and administrators cannot clear it.
If you disable this policy setting, Windows Firewall blocks these ports, which prevents this computer from sharing files and printers. If an administrator attempts to open any of these ports by adding them to a local port exceptions list, Windows Firewall does not open the port. In the Windows Firewall component of Control Panel, the “File and Printer Sharing” check box is cleared and administrators cannot select it.
If you do not configure this policy setting, Windows Firewall does not open these ports. Therefore, the computer cannot share files or printers unless an administrator uses other policy settings to open the required ports. In the Windows Firewall component of Control Panel, the “File and Printer Sharing” check box is cleared. Administrators can change this check box.
Note: If any policy setting opens TCP port 445, Windows Firewall allows inbound ICMP echo requests (the message sent by the Ping utility), even if the “Windows Firewall: Allow ICMP exceptions” policy setting would block them. Policy settings that can open TCP port 445 include “Windows Firewall: Allow file and printer sharing exception,” “Windows Firewall: Allow remote administration exception,” and “Windows Firewall: Define port exceptions.”

But unfortunatly, this doesnt seem to help.

Now MS KB article 875605 (How to troubleshoot WMI-related issues in Windows XP SP2) also tells me to
– Create a program exeption for uncecapp.exe – Done, no dice
– Explicitly open port 135 – Done, still no dice.
– Edit the DCOM remote launch permissions. – Done, officer, I still dont have any dice.

I really cant think of anything else at this point. I guess I will have to dig into DCOM and pull out the network monitor for this. *sigh*

Consulted sources so far:

http://www.ntcompatible.com/thread28557-1.html – SP2 Windows Firewall programs exceptions list issues… http://support.microsoft.com/kb/q204279/ – Direct Hosting of SMB Over TCP/IP
http://support.microsoft.com/default.aspx?scid=kb;en-us;840634 – You receive an “Access denied” or “The network path was not found” error message when you try to remotely manage a computer that is running Windows XP Service Pack 2
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2maint.mspx#EEAA – Changes to Functionality in Microsoft Windows XP Service Pack 2
http://www.911cd.net/forums/index.php?showtopic=5999&hl=mmc_sp2 – Diskpart And Nu2menu Problem
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/mangxpsp2/mngdepgp.mspx – Managing Windows XP Service Pack 2 Features Using Group Policy

Feedback

# re: ITT: Resultant Set of Policy or Remote Disk Management – “RPC Server is Unavailable” (Unsolved)

left by keeb at 1/31/2005 10:15 PM Remove Comment 21595 Gravatar

Have you resolved this yet?

# re: ITT: Resultant Set of Policy or Remote Disk Management – “RPC Server is Unavailable” (Unsolved)

left by Robert at 1/31/2005 10:30 PM Remove Comment 21597 Gravatar

Unfortunatly not, no. May have a chance to work on it this weekend.. why, you having the same problems?

# re: ITT: Resultant Set of Policy or Remote Disk Management – “RPC Server is Unavailable” (Unsolved)

left by jason at 2/1/2005 4:53 PM Remove Comment 21677 Gravatar

Same problem here. Remote administration opens a number of tools, unfortunatly not winmsd or msinfo32. Also tried addeding these two programs to the Program exceptions, no help.

# re: ITT: Resultant Set of Policy or Remote Disk Management – “RPC Server is Unavailable” (Unsolved)

left by Adrian at 2/8/2005 10:13 AM Remove Comment 22335 Gravatar

I was having the same problems as you guys in a workgroup, but followed the above URL instructions, turned off Wondows Firewall, lit a candle to the Virgin Mary and it worked. MSinfo32, Winmsd etc. worked.

Oh yes. I forgot to mention, I turned of Norton Antivirus 2005 worm protection. On both machines. What is it with Norton? Luckily I have a Router/Firewall.

🙂

Adrian.

# re: ITT: Resultant Set of Policy or Remote Disk Management – “RPC Server is Unavailable” (Unsolved)

left by Morgan at 3/21/2005 3:36 PM Remove Comment 26879 Gravatar

I’ve open TCP 135 and specified program exception unsecapp.exe.
But it only worked when i also Enabled “Allow remote administration exception” for the
servers that ran Group wizard results.

Try: http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2maint.mspx

# re: ITT: Resultant Set of Policy or Remote Disk Management – “RPC Server is Unavailable” (Unsolved)

left by skewld00d at 3/23/2005 1:40 AM Remove Comment 27020 Gravatar

I have the *exact* same problem on a w2k3 machine!!

The firewall rules have been uber-quadruple checked, and I even have a nearly identical machine where it works!

I need a system (registry + file) diff I guess.

# re: ITT: Resultant Set of Policy or Remote Disk Management – “RPC Server is Unavailable” (Unsolved)

left by skewld00d at 3/23/2005 3:06 AM Remove Comment 27032 Gravatar

Try this….

1) Disable firewall
2) Test
3) Reenable firewall.
— If it worked, keep going —
4) Open up port 1025/TCP (this is some RPC port)
5) Works for me!

# re: ITT: Resultant Set of Policy or Remote Disk Management – “RPC Server is Unavailable” (Unsolved)

left by Tori at 3/25/2005 9:41 PM Remove Comment 27285 Gravatar

I was working with Microsoft on this issue, and we just got it to work by adding an exception for Dmadmin.exe. The following appear to be the required exceptions:

Dmadmin.exe
Dmremote.exe
File and Printer Sharing
mmc.exe
Port 135

Many thanks to Sean at Microsoft support!!

# re: ITT: Resultant Set of Policy or Remote Disk Management – “RPC Server is Unavailable” (Unsolved)

left by James at 4/15/2005 12:05 AM Remove Comment 33981 Gravatar

For some reason, my DCOM was turned off after trying to resolve this problem for a while now.

In administrative tools -> component services

Expand the component services , open computers, and then click on my computer. The last icon on the task bar is “configure your computer”. click it and hit the default properties tab. right there, DCOM was not enabled for whatever reason. This was sometime after installing SP2. I install many test applications too so it could have been one of them. I also explicitly gave myself remote launch permissions under COM security even though Im an admin.

if you search for WMI and SP2 at the MS knowledge, they go over some other things you can do as well.

# RPC Server is Unavailable in windows 2000

left by vipul at 6/6/2005 8:29 AM Remove Comment 42244 Gravatar

I m facing “RPC Server is Unavailable” Error in windows 2000. I just want to know the solution of this error. I had done all prescribed steps written in msdn from microsoft in order to solve this problem. But still problem persists. Plz anyone give me solution as soon as possible.
Vipul

# re: ITT: Resultant Set of Policy, Services view or Remote Disk Management – “RPC Server is Unavailable” (Solved)

left by ThanX it helped me a lot .. at 10/7/2005 3:02 PM Remove Comment 56328 Gravatar

I could not find the answer anywere else …
you misspelled “locasubnet” in your comment it should mean “localsubnet”

“c:windowssystem32dmadmin.exe:locasubnet:enabled:Logical Disk Manager
c:windowssystem32dmremote.exe:locasubnet:enabled:Logical Disk Manager Remote Access”

# re: ITT: Resultant Set of Policy, Services view or Remote Disk Management – “RPC Server is Unavailable” (Solved)

left by Roger at 2/8/2006 6:31 PM Remove Comment 68722 Gravatar

As posted 4/15/2005 12:05 AM by James … Enabling COM worked like a charm for me. Don’t forget to restart the console.

# re: ITT: Resultant Set of Policy, Services view or Remote Disk Management – “RPC Server is Unavailable” (Solved)

left by halfmoon at 5/10/2006 1:26 AM Remove Comment 77749 Gravatar

DiskSpace Explorer is a professional tool, powerful, intuitive and easy to use, that runs under all Windows platforms (Windows 95, Windows 98, Windows Me, Windows NT, Windows 2000, Windows XP etc.) and allows the network professional to manage the server hard disk space and make intelligent allocation decisions for its capacity… yet it is simple enough for the average computer user at home on non-networked computers to allocate and manage hard drive space the way professionals do.

http://www.yaodownload.com/utilites/network/diskspace-explorer/

# re: ITT: Resultant Set of Policy, Services view or Remote Disk Management – “RPC Server is Unavailable” (Solved)

left by Brad at 5/25/2007 1:00 PM Remove Comment 123823 Gravatar

None of the program exception policies worked for me, so I finally enabled logging in the firewall group policy and found that connection attempts to port 2878 were being blocked when I attempted to connect with remote disk management. Opening that port corrected the problem.

These are the policies I added:

Windows Firewall: Define port exceptions
2878:TCP:localsubnet:enabled:Remote Disk Management

Windows Firewall: Allow local port exceptions
Enabled

# re: ITT: Resultant Set of Policy, Services view or Remote Disk Management – “RPC Server is Unavailable” (Solved)

left by can at 11/20/2007 3:23 PM Remove Comment 148836 Gravatar

thanks best regards..

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.