Introduction to Troubleshooting Windows Firewall
Updated: March 28, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
If you are using this guide for the first time, review the following sections of this introduction.
When to Use This Guide
You should use this guide when:
You have a problem that you believe is related to Windows Firewall, but you do not know how to resolve it.
You have configured Windows Firewall settings, but Windows Firewall does not behave the way you anticipated.
A program is not working properly and you believe that Windows Firewall is causing the problem.
Do not use this guide to find out how to perform a task, such as enabling Windows Firewall or adding a program or port to the Windows Firewall exceptions list. Information about how to perform tasks and configure settings can be found in Administering Windows Firewall.
This guide assumes a basic understanding of what Windows Firewall is, how it works, and why your organization uses it to enhance network security. You should also have a thorough understanding of how Windows Firewall is deployed and managed in your organization. This includes an understanding of the mechanism your organization uses to configure and manage Windows Firewall settings.
How to Use This Guide
This guide is divided into four sections. Each section addresses a type of problem, ranging from less complex to more complex.
This section provides a list of prerequisites and settings that must be verified before you troubleshoot. Read this section first.
This section provides quick solutions to the most common Windows Firewall problems. Read this section if you have verified your computer settings, but your problem persists.
This section describes how to configure your computer for troubleshooting. Read this section if you cannot find a solution in the Quick Fixes section.
This section provides step-by-step diagnostic procedures and possible solutions that help you identify and fix Windows Firewall problems.
Terminology Used in This Guide
A set of Windows Firewall settings that are applied when a computer is connected to a network that contains the domain controllers for the domain in which its computer account resides. The domain profile is one of two profiles that Windows Firewall uses to apply settings to a computer.
A port, program, or system service that is allowed to receive unsolicited traffic.
A special type of rules store that specifies which ports, programs, or system services are allowed to receive unsolicited traffic. To allow unsolicited incoming traffic through Windows Firewall, you add ports, programs, and system services to the exceptions list.
A Windows Security Alert dialog box that appears when a program that is not listed in the exceptions list attempts to listen for unsolicited traffic on a port. If you have administrative rights on a computer, the notification displays an option to add the program to the exceptions list, and thereby allow the program to receive unsolicited traffic. If you do not have administrative rights on a computer, the notification displays a warning that a program is attempting to listen on a port. A Windows Security Alert dialog box does not appear when a system service attempts to listen for unsolicted incoming traffic; it only appears when a program attempts to listen for unsolicited incoming traffic.
A logical communication endpoint representing a service or an application that listens for and receives IP packets. Ports are specified by a positive 16-bit decimal number and the type of traffic that is expected to pass through the port--either UDP traffic or TCP traffic. Most ports have been predefined and are considered "well-known" for specific services, such as DHCP and DNS. However, some ports are created dynamically by a server and assigned to the services and applications that need to listen for incoming traffic from clients.
A software application that is usually started by a user and runs under the user's account. Programs run only while the user is logged on to a computer and usually consist of one or more executable (.exe) files and one or more dynamic-link library (.dll) files.
|Some system services run within their own .exe file and are started by a user. However, these system services typically run under a priviledged account, such as Local Service, and do not run under the user's account. An example of this is the Telnet service, which runs in Tlntsvr.exe.|
A Windows Firewall setting that you configure for an exception. The scope setting controls which addresses unsolicited traffic is allowed to originate from. By default, the scope of an exception is any address, which includes any computer on the Internet. You can change the scope of an exception to locally reachable addresses or a list of individual Internet Protocol version 4 (IPv4) addresses or IPv4 address ranges.
A software application that is usually not started by a user and runs under a privileged account, such as LocalSystem. System services run even when a user is not logged on to a computer and usually run as a separate process within Svchost.exe.
A set of Windows Firewall settings that are applied when a computer is not connected to a network that contains the domain controllers in which its computer account resides (for example, a public network, such as the Internet). The standard profile is one of two profiles that Windows Firewall uses to apply settings to a computer.