Remote Administration Tools Fail

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Typically, you encounter this problem when you try to connect to a remote server with an administration tool, such as a Microsoft Management Console (MMC) snap-in.

Cause

Remote administration tools often fail because the server you are trying to manage blocks the unsolicited incoming traffic from the remote administration tool. To remotely manage a server with a remote administration tool, you must configure Windows Firewall on the remote server to allow unsolicited traffic from the remote administration tool.

Solution

You can solve this problem by configuring Windows Firewall settings on the remote server you are trying to administer. Usually, you need to add a port, program, or service to the Windows Firewall exceptions list on the server you are trying to manage. To determine which Windows Firewall settings you need to configure on the remote server, see "Windows Firewall Settings" in the Windows ServerĀ 2003 Tools and Settings documentation. Windows Firewall Settings provides information about the specific Windows Firewall settings you need to configure to use every remote administration tool that is available on Windows ServerĀ 2003.

If you cannot find your remote administration tool in Windows Firewall Settings, or the settings do not fix your problem, try enabling the File and Printer Sharing exception on the remote server.

To enable the File and Printer Sharing exception

  1. Open Windows Firewall, and then click the Exceptions tab.

  2. Select the File and Printer Sharing check box, and click Edit.

  3. In the Edit a Service dialog box, click Change Scope.

  4. In the Change Scope dialog box, do one of the following:

    Click Any computer (including those on the Internet) if you want this exception to apply to all computers.

    Click Custom list if you want this exception to apply to specific Internet Protocol version 4 (IPv4) addresses or IPv4 address ranges.

If you still cannot use your remote administration tool to administer a remote server, try enabling the Windows Firewall: Allow remote administration exception policy setting on the remote server.

To enable the Allow remote administration exception policy setting

  1. Open the Group Policy Object Editor snap-in to edit the Group Policy object (GPO) that is used to manage Windows Firewall settings in your organization.

  2. Open Computer Configuration, open Administrative Templates, open Network, open Network Connections, open Windows Firewall, and then click either Domain Profile or Standard Profile.

  3. In the details pane, double-click Windows Firewall: Allow remote administration exception, and then click Enabled.

Important

You should enable the Windows Firewall: Allow remote administration exception policy setting only if your remote administrative tools require RPC or DCOM. Malicious users often attempt to attack networks and computers using RPC and DCOM. It is recommended that you contact the manufacturer of your remote administration tool to determine if it requires RPC and DCOM communication. If it does not, do not enable the Windows Firewall: Allow remote administration exception policy setting.