Windows Firewall Service is Enabled on Exchange Server

[This topic is intended to address a specific issue called out by the Exchange Server Analyzer Tool. You should apply it only to systems that have had the Exchange Server Analyzer Tool run against them and are experiencing that specific issue. The Exchange Server Analyzer Tool, available as a free download, remotely collects configuration data from each server in the topology and automatically analyzes the data. The resulting report details important configuration issues, potential problems, and nondefault product settings. By following these recommendations, you can achieve better performance, scalability, reliability, and uptime. For more information about the tool or to download the latest versions, see "Microsoft Exchange Analyzers" at https://go.microsoft.com/fwlink/?linkid=34707.]  

Topic Last Modified: 2005-11-18

The Microsoft® Exchange Server Analyzer Tool queries the Win32_Service Microsoft Windows® Management Instrumentation (WMI) class to determine the value of the Started key for the Windows Firewall service (SharedAccess). A value of True indicates that Windows Firewall service is enabled on this Exchange server.

If the Exchange Server Analyzer determines that the Windows Firewall service is enabled on an Exchange Server computer, a warning is displayed. When the Windows Firewall service is enabled, the following problems may occur:

  • Some components of Exchange Server, such as the Message Tracking Service or remote procedure call (RPC) communication, may stop responding.

  • You may receive an error message that states low available memory.

By default, the Windows Firewall service is stopped when Microsoft Windows Server™ 2003 Service Pack 1 (SP1) is applied. However, the service is automatically set to run if either of the following conditions are true:

  • An administrator manually enables the Windows Firewall service.

  • You enable the Windows Firewall service after you run the Security Configuration Wizard.

To correct this warning

  • Check program exclusions.

  • Check port exclusions.

  • Check firewall exceptions if clients cannot connect to the Exchange server.

  • Manually open ports in the firewall so that Exchange System Manager and Microsoft Exchange Administrator can be run. When you open ports in Windows Firewall service, you increase the chance that other programs may gain access to your computer through those ports. Carefully consider your network security requirements before opening ports in Windows Firewall service.

  • Stop the Windows Firewall service.