Cannot open port 135 TCP through group policy
I have a list of ports that I needed to open on all of our workstations through group policy. Below are my entries:
135:TCP:*:enabled:135TCP
135:UDP:*:enabled:135UDP
137:TCP:*:enabled:137TCP
137:UDP:*:enabled:137UDP
80:TCP:*:enabled:80TCP
5800:TCP:*:enabled:5800TCP
16992:TCP:*:enabled:16992TCP
9100:TCP:*:enabled:9100TCP
5060:TCP:*:enabled:5060TCP
1278:TCP:*:enabled:1278TCP
1278:UDP:*:enabled:1278UDP
4168:TCP:*:enabled:4168TCP
9256:TCP:*:enabled:9256TCP
When I check in network properties, for some reason, 135 TCP does not get added. All of them get added just fine except for that one. When I search the list on each workstation, 135 TCP is not even listed. When I try to add it manually, it errors out saying
that it's already in the list. But I checked each entry and it's not there!
Also, when I execute the command "netsh firewall show portopening" it only shows a few ports open on the domain profile:
80 TCP
50016 TCP
3389 TCP
So in reality, it appears that the only port in the group policy list that gets applied is TCP 80 (even though most of the other ones are listed in network properties)
As part of further troubleshooting, in group policy I took out all of the ports I added and did a GPUPDATE on a target machine to remove the entries within network properties. Then I added one of the ports back within group policy (135 TCP) and did a gpupdate
again. Now it showed TCP 135 listed, but when I execute "netsh firewall show portopening", it still does not show 135 listed.
Any ideas?
We're running Windows Server 2008 Standard SP2
August 4th, 2011 11:30am
Even more bizarre, after clearing all the firewall ports I added, I used the command below to add 135TCP:
netsh firewall add portopening protocol=TCP port=135 name="135TCP" profile=all
Now when I do the "netsh firewall show portopening" command, it shows it listed just fine. But then when I go to network properties, it does not show it listed. If I use the netsh command to add the rest of the ports I want, it lists them fine in both command
line and network properties.
Also, I tried applying the ports one by one through group policy. I started with TCP 135 and it added it just fine. But by the time i finished, TCP 135 is no longer present and I am unable to add it manually because it says it already exists.
Free Windows Admin Tool Kit Click here and download it now
August 4th, 2011 12:27pm
Hi,
Thanks for posting here.
What’s the OS running on your clients ?
Try adding firewall port exception by performing “netsh advfirewall” instead “netsh firewall” with following the introductions in the KB article
below and see if this issue will persist :
How to use the "netsh advfirewall firewall" context instead of the "netsh firewall" context to control Windows Firewall behavior in Windows Server 2008 and in Windows
Vista
http://support.microsoft.com/kb/947709
Thanks
Tiger Li
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
August 8th, 2011 10:38pm