I am seeing a lot of wmi errors in ccm.log. I had the network secuirty guys look into this after I discovered that I couldn't connect to wmi on those computers from my ConfigMgr server. What we found was that the WMI connection is made on a random port anywhere above port 1024. I found the Microsoft KB article http://support.microsoft.com/?kbid=154596on how to configure dynamic port allocation to work with firewalls. I added the registry keys described in the article to my ConfigMgr site server but the traffic is still using random ports. Is there another way to force this traffic to a specific range of ports? If not, how are others handling getting this traffic throught the firewall?

What I do on my Windows XP SP2 system is run the following command: netsh firewall set service remoteadmin enable That opens the port necessary (I honestly don't know which one it is using)

I should have stated more clearly that I am not referring to the Windows firewall. The errors are when connecting to clients across the WAN and our Internet firewall is blocking the traffic needed for client push installation to happen

Oops, then I don't know. Here's all I've seen on our port usage: http://technet.microsoft.com/en-us/library/bb632618.aspx

I guess now whatI need to determine is which swtiches to use when running rpccfg.exe. It appears to me that the application that initiates the comminication determines whether it's an Internet App, Intranet App or default App and that determination then affects the port selection. Please see this page: http://msdn2.microsoft.com/en-us/library/aa373602(VS.85).aspx My options are to use: pccfg.exe -pe 5000-6000 or pccfg.exe -pi 5000-6000 and do I use: -d 0 or -d 1

All that the RPC Config tool does is automatically set those reg keys that are supposed to force the traffic to use certain ports but it isn't working. Here's a screen shot of the registry entries but the traffic is not using those ports at all. http://i272.photobucket.com/albums/jj163/jmarcum01/RPC.jpg

Here's a screen shot of what the network guys are seeing on the firewall. http://i272.photobucket.com/albums/jj163/jmarcum01/blocked_rpc.jpg

I trued using the rpc config tool to limit the ports but that failed. I ended up opening ports 1025-5000. Not really the answer I was looking for but I guess it will work.

You can force WMI to use set ports. Reference the article here: Setting a fixed port for WMI: http://msdn.microsoft.com/en-us/library/bb219447%28VS.85%29.aspx Cheers! Richard Schwartz Lead Engineer | Rackspace Hosting www.rackspace.com