I ve two systems one is windows 7 Enterprise in which my application is installed and I've Windows server 2008 R Sp1 machine where database is intsllaed.
Getting below error when accessing database ommunication with the underlying transaction manager has failed. The MSDTC transaction manager was unable to pull the transaction from the source transaction manager due to communication problems. Possible causes are: a firewall is present and it doesn't have an exception for the MSDTC process, the two machines cannot find each other by their NetBIOS names, or the support for network transactions is not enabled for one of the two transaction managers.
I've already enabled the required MSDTC and inbound and out bound requests and set no authentication.
Both the systems are in the same domain.
From windows server 2008 R2 machine I'm able to ping by name to windows 7 and vice-versa is not happening.
Tried pining Windows server 2008 R2 Machine from domain controller machine and failed.
Some where read that for Trasactions between the two servers MSDTC should be set up and to test these setting DTCPing tool is avaialble.got failed when running
DTCPing tool when trying to ping from Windows server 2007 machine to windows server 2008 R2 as its not able to find it by netbios name
I had the same problem win my win10 machine. Check the following steps:
Services => Distributed Transaction Coordinator is running
Component Services => Local DTC => Properties => check if Inbound and Outbound is allowed. I have the following settings:
Component Services => My Computer => Properties => Default Protocol => TCP/IP The port range 5000-5100 is configured.
Windows Firewall => Allow an app or feature through Windows Firewall => Distributed Transaction Coordinator
if the threee checkboxes are not set you can do this with the following commands
netsh advfirewall firewall set rule name="Distributed Transaction Coordinator (TCP-In)" new enable=yes profile="domain,private,public"
netsh advfirewall firewall set rule name="Distributed Transaction Coordinator (TCP-Out)" new enable=yes profile="domain,private,public"
netsh advfirewall firewall set rule name="Distributed Transaction Coordinator (RPC)" new enable=yes profile="domain,private,public"
netsh advfirewall firewall set rule name="Distributed Transaction Coordinator (RPC-EPMAP)" new enable=yes profile="domain,private,public"
netsh advfirewall firewall set rule name="Distributed Transaction Coordinator (TCP-In)" new enable=yes profile="domain,private,public"
netsh advfirewall firewall set rule name="Distributed Transaction Coordinator (TCP-Out)" new enable=yes profile="domain,private,public"
netsh advfirewall firewall set rule name="Distributed Transaction Coordinator (RPC)" new enable=yes profile="domain,private,public"
netsh advfirewall firewall set rule name="Distributed Transaction Coordinator (RPC-EPMAP)" new enable=yes profile="domain,private,public"
Related
I run PsExec on VirtualMachine01 which connects and perform an action on VirtualMachine02 both hosted in Azure.
That's the command:
PsExec.exe \\VirtualMachine02.publicaddres.com IISReset /restart
In order to allow a traffic through Azure I started with the fastest and the most insecure config. These are the rules I added on Azure in Networking panel:
VirtualMachine01: allow all outbound traffic from any port any protocol
VirutalMachine02: allow all inbound traffic from any port any protocol
How can I set up port rules specifically to the command I run?
I read that PsExec dynamically allocates ports but in Azure there's no way to add firewall rule like Windows Remote Management or Windows COM+ Remote Administration like you could set up directly in Windows.
You need to add the port 135,445 and dynamic port 49152-65535 to the inbound rule of the NSG attached with Virtual Machine02.
I have a Linux VM on azure, which I can access using SSH without any issues. I needed access to another port(lets say 7077) from outside, and here is what i have done so far, but unable to establish connectivity
Created an inbound rule from the networking settings, it created the rule on the Network security Group attached to the network interface.
Added a new Network Security Group, attached it to the Subnet
If I do a netcat request on port 22, i get a successful connectivity, but for the port 7077 I get connection refused.
Also with IP flow verification passes for the port
Any pointer would be helpful.
You need to allow that same port in the firewall settings of the VM. The OS itself is what is refusing the connection suggesting you have not setup any firewall rules to allow that port.
Try adding a allow rule in the firewall settings and see if you can reach that port.
https://www.digitalocean.com/community/tutorials/how-to-list-and-delete-iptables-firewall-rules
http://www.thegeekstuff.com/2011/02/iptables-add-rule/
Ubuntu 17.04
https://help.ubuntu.com/lts/serverguide/firewall.html
I provisioned a Windows Server 2012 vm in Azure. When I try to connect to it via FileZilla FTP client I get a Could not connect to server error.
Here's what I have tried so far:
Added inbound rule for FTP (TCP/21) in the Azure portal
In IIS, configured FTP Firewall Support. Set Data Channel Port Range to 7000-7002, External IP Address of Firewall to my vm's public IP, added 7000, 7001 and 7002 to inbound rules, did a net start/stop ftpsvc
The step I'm missing in your description, is enabling "FTP server" rules in Windows firewall.
They are created during IIS server installation, but are disabled by default. You have to enable them.
Quoting my guide to Installing a Secure FTP Server on Windows using IIS:
An internal Windows firewall is automatically configured with rules for the ports 21, 990 and 1024-65535, when IIS FTP server is installed.
The rules are not enabled initially though. To enable or change the rules, go to Control Panel > System and Security > Windows Firewall > Advanced Settings > Inbound Rules and locate three “FTP server” rules. If the rules are not enabled, click on Actions > Enable Rule.
If you do not have them, for whatever reason, you have to create them manually. For port 21 and the data ports (in your case 7000-7002).
I want to block all inbound traffic to a Windows 2008 R2 server and allow only configured ports (with allow rules).
I've created a rule to block all inbound ports and it works, but it has priority over the allow rules.
How can I achieve that?
Windows firewall has the ability to set a "default action" of inbound connections to "Block" or "Allow."
For your desired configuration, you want to change the default inbound action to "Block" and then add your "Allow" rules.
WARNING: these changes take affect immediately. If you are connecting remotely, and you do not have the needed allow rules in place, you may lose your ability to connect remotely to this machine.
You can change the default inbound action to "Block" in 2008R2 by running the following command:
netsh advfirewall set currentprofile firewallpolicy blockinbound,allowoutbound
Alternately, this can also be set in the "Windows Firewall with Advanced Security" snap-in (run wf.msc from cmd.exe), select "Windows Firewall Properties", choose the correct profile tab, and change "Inbound Connections" to "Block"
NOTE: in the above snap-in instructions, I'm assuming that you understand how to detect which profile (domain, public, or private) is associated with your network. You can open the network and sharing center if you are unsure.
I'm using Windows Azure virtual machines. What I did was I have added some new TCP port to inbound and outbound rules in the firewall. After that I can't get the Remote Desktop connection from my PC. But I got Remote Desktop connection from another virtual machine by using the local IP address.
My DNS is :xxxx.cloudapp.net:3389.
This is the issue I'm facing. What I actually want is to give provision to new ports inbound and outbound rules in windows Azure virtual machines. Any help would be grateful.
Not exactly a programming question but anyway:
Nmap scan report for mjsindia.cloudapp.net (13.66.56.229)
PORT STATE SERVICE
3389/tcp filtered ms-wbt-server
Make sure you have 3389/TCP open inbound on both the Network Security Group or ACL in the Azure Portal and Windows Firewall (on the VM, for all Firewall profiles - Private/Public/Domain).