- Bohack - https://www.bohack.com -

Windows 2008 Firewall and Remote Administration

Windows Advanced Firewall and Security is an excellent “feature add” to the Windows Operating System. In Windows XP Service Pack 2 the Firewall was introduced and was only able to block inbound and was just annoying outbound. In Windows Vista and Windows Server 2008 it was revamped to be bidirectional and included IPSEC and Connection Rules. Windows 7 also inherited the revamped and improved firewall as well as Windows Server 2008 R2.

Strictly speaking of the Windows 2008 / R2 operating system; the firewall is on by default and until you add a role, it is blocking everything inbound. By default it does not block any outbound traffic, but can be configured to do so. Since the server blocks everything inbound by default including PING, people often turn off the firewall in hopes to gain some control. This is not something you want to do, the firewall helps to lower your surface area of attack. In production environments I have network DVRs, domain controllers and file servers with the firewall on and all are working fine.

However if you try to connect to the server remotely with you computer management tools like event viewer, device manager, services or local users and groups: you’ll receive and error stating the RPC service is unavailable. One such error I received was “Event Viewer cannot connect to computer ‘server’. The Error reported is: The RPC server is unavailable.” Even after a role is configured the RPC server is blocking inbound requests to management interfaces in the Windows Server 2008 OS; this is normal and expected behavior. The inbound requests are to something called an end-point mapper, which is run within an svchost process.

Event Viewer cannot connect to computer 'server'. The Error reported is: The RPC server is unavailable.

To fix the problem:

1.       Open “Windows Firewall with Advanced Security” from the run/search box.

2.       Click on “Inbound Rules” in the tree.

3.       In the results panel find “Remote Administration (RPC)”, right click on it and select “Enable Rule”.