This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Need to Enable RemoteAdmin Locally Despite Already Enabled

marshall-o
Engaged Sweeper II

‎04-04-2018 04:34 PM

The issue is that I'm getting "RPC Unavailable" errors on some (a majority) of our computers. According to this article, this is caused by a firewall issue, specifically Remote Admin not being enabled and/or TCP port 135 being blocked.

In the article, it recommends running the following commands:

call netsh firewall set service RemoteAdmin enable
call netsh firewall add portopening protocol=tcp port=135 name=DCOM_TCP135

Upon doing so, it resolves the issue. Great. So then this article explains how to configure the firewall through group policy.

I did that on another computer that wasn't working, gpupdate /force, reboot... It's still not working.

This is where it gets weird, because when I run the connection tester, it says that the tcp port is properly open but WMI still won't connect. In the article, it says that running the following command will tell you if Remote Admin is enabled:

netsh firewall show state

Upon running that command, I clearly see Remote Admin Mode = Enable.

However, what I determined was that running the following command causes it to start working correctly anyway:

call netsh firewall set service RemoteAdmin enable

At this point, I am considering replacing the supposedly correctly configured GPO with a GPO that just pushes a batch file with the proper commands, but I kinda hate the idea of doing that.

Has anyone run into this issue before or have any suggestions or thoughts?
Labels:
2 REPLIES 2
marshall-o
Engaged Sweeper II

‎04-04-2018 08:34 PM

I think the interesting thing is, at least to me, that the GPO DOES in fact apply, however it still does not work until you manually run the command:

call netsh firewall set service RemoteAdmin enable

After which point it DOES work.

However, before manually running the above command, RemoteAdmin reports as enabled and the TCP port is open, so it is very strange indeed!

Perhaps it has something to do with the fact that netsh firewall is deprecated. I have no idea.

I "resolved" this issue by running the two commands as a batch file via GPO. It is far less elegant, but it seems to work. I just wanted all of this info here in the unlikely case that anyone else runs into this and may search for it in the future.
0 Kudos
Esben_D
Lansweeper Employee
Lansweeper Employee

‎04-04-2018 07:28 PM

In most cases, the group policy should work. The group policy should provide Lansweeper with access to the asset. I'm not sure why the GPO isn't being applied but in cases where it does not you can also try running this vbscript (right click, Save link as...). It will change the required DCOM and Windows firewall settings.
0 Kudos

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now