Announcement

Collapse
No announcement yet.

How to open Asynchronous callback WMI client (Unsecapp) and Wmimgmt in a firewall

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to open Asynchronous callback WMI client (Unsecapp) and Wmimgmt in a firewall

    Hello,

    I am having a problem in my network, and microsoft refers me to this article:

    http://support2.microsoft.com/kb/2737560

    Where I read this:

    "...
    examine any third-party software firewalls or endpoint protection software on the existing domain controllers and firewalls between the existing domain conrollers and the domain controllers that are running Windows Server 2012. Make sure that their rules enable the following:
    • TCP/IP - port 135 - RPC/DCOM/WMI endpoint mapper (RpcSs)
    • TCP/IP - all ports - Asynchronous callback WMI client (Unsecapp)
    • TCP/IP - all ports - Windows Management Instrumentation service (Wmimgmt)

    ..."


    But then I know how to allow port 135, but I am confused as to how to set the two others: Unsecapp and Wmimgmt) .


    I have set a rule to let the traffic 135 TCP through the firewall, but I am not sure how to make the other two rules.


    Thanks in advance.
    Last edited by loureed4; 17th November 2014, 12:54.
    -
    Madrid (Spain).

  • #2
    Re: How to open Asynchronous callback WMI client (Unsecapp) and Wmimgmt in a firewall

    Those are predefined Windows Firewall policies.

    Here's what they look like in Windows 8. not sure what it would be in Win 7. No access to a test machine right now:
    Click image for larger version

Name:	FW1.png
Views:	1
Size:	17.7 KB
ID:	466925

    Click image for larger version

Name:	FW2.png
Views:	1
Size:	26.7 KB
ID:	466926
    Regards,
    Jeremy

    Network Consultant/Engineer
    Baltimore - Washington area and beyond
    www.gma-cpa.com

    Comment


    • #3
      Re: How to open Asynchronous callback WMI client (Unsecapp) and Wmimgmt in a firewall

      Thanks JeremyW.

      But I really don't know how to do that in an ISA Server , because aparently the problem may be (according to this article: http://support2.microsoft.com/kb/2737560 ) that the firewalls between the two end pcs are blocking that traffic. ( the firewalls in the end pcs are off )

      Thanks again!
      Last edited by loureed4; 17th November 2014, 12:55.
      -
      Madrid (Spain).

      Comment


      • #4
        Re: How to open Asynchronous callback WMI client (Unsecapp) and Wmimgmt in a firewall

        Just read the article you posted. It's saying, for the particular services, what ports need to be opened. It's kind of ridiculous how they worded it but basically all ports need to be open for it to work.

        So it should read:

        - Allow TCP/IP - port 135 - This allows RPC/DCOM/WMI endpoint mapper (RpcSs) to function properly.
        - Allow TCP/IP - all ports - This allows Asynchronous callback WMI client (Unsecapp) and Windows Management Instrumentation service (Wmimgmt)
        to function properly
        Regards,
        Jeremy

        Network Consultant/Engineer
        Baltimore - Washington area and beyond
        www.gma-cpa.com

        Comment


        • #5
          Re: How to open Asynchronous callback WMI client (Unsecapp) and Wmimgmt in a firewall

          Thanks JeremyW.

          I feeling quite slow.

          I thought that was the traffic to pass through the two ISA Servers I have in my lab, so, I would need a source and a destination, and that is what I dont understand from the article.

          I don't understand either "all ports", I mean, if I open all ports in ISA Server, is that not a huge security hole ?.

          I really don't follow you, I feel dumb.
          -
          Madrid (Spain).

          Comment


          • #6
            Re: How to open Asynchronous callback WMI client (Unsecapp) and Wmimgmt in a firewall

            No worries.

            The rule would be scoped to the two server IP addresses in question. Source is the Windows 2012 server and the destination is the Windows 2003 server.
            Regards,
            Jeremy

            Network Consultant/Engineer
            Baltimore - Washington area and beyond
            www.gma-cpa.com

            Comment


            • #7
              Re: How to open Asynchronous callback WMI client (Unsecapp) and Wmimgmt in a firewall

              Thanks.

              I see, so, it would be all ports between those two pcs and that would allow ALL the traffic and not just "Asynchronous callback wmi client", if I got it right .

              Many thanks!
              -
              Madrid (Spain).

              Comment


              • #8
                Re: How to open Asynchronous callback WMI client (Unsecapp) and Wmimgmt in a firewall

                Correct. You could only limit it to the specific program from the firewall on the computer. Once it's outside the computer you have to just allow the ports that the programs use.

                Some firewalls are application aware. They inspect the traffic to make sure it is legit. There might be some rules that recognize WMI. ISA might have those rules...
                http://techyyblog.blogspot.com/2010/...rough-isa.html

                Unfortunately I am not familiar with ISA.
                Regards,
                Jeremy

                Network Consultant/Engineer
                Baltimore - Washington area and beyond
                www.gma-cpa.com

                Comment


                • #9
                  Re: How to open Asynchronous callback WMI client (Unsecapp) and Wmimgmt in a firewall

                  Thanks a lot JeremyW !! , that was really helpful !
                  -
                  Madrid (Spain).

                  Comment


                  • #10
                    Re: How to open Asynchronous callback WMI client (Unsecapp) and Wmimgmt in a firewall

                    Glad to help.
                    Regards,
                    Jeremy

                    Network Consultant/Engineer
                    Baltimore - Washington area and beyond
                    www.gma-cpa.com

                    Comment

                    Working...
                    X